# Flog Txt Version 1 # Analyzer Version: 2024.3.1 # Analyzer Build Date: Jun 10 2024 06:30:57 # Log Creation Date: 01.08.2024 15:30:17.570 Process: id = "1" image_name = "kawaii-unicorn.exe" filename = "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe" page_root = "0x170b6000" os_pid = "0x1518" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0xa88" cmd_line = "\"C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe\" " cur_dir = "C:\\Users\\OqXZRaykm\\Desktop\\" os_username = "PXTHFFRYO7\\OqXZRaykm" bitness = "32" os_groups = "PXTHFFRYO7\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001df9c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 136 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 137 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 138 start_va = 0x40000 end_va = 0x5cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 139 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 140 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 141 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 142 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 143 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 144 start_va = 0x400000 end_va = 0x474fff monitored = 1 entry_point = 0x4013d4 region_type = mapped_file name = "kawaii-unicorn.exe" filename = "\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe") Region: id = 145 start_va = 0x77df0000 end_va = 0x77f91fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 146 start_va = 0x7ffa0000 end_va = 0x7ffa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffa0000" filename = "" Region: id = 147 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 148 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 149 start_va = 0x7fff0000 end_va = 0xffffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 150 start_va = 0x7ff8805b0000 end_va = 0x7ff8807a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 303 start_va = 0x7ff90000 end_va = 0x7ff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff90000" filename = "" Region: id = 304 start_va = 0x7ff70000 end_va = 0x7ff80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff70000" filename = "" Region: id = 305 start_va = 0x480000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 306 start_va = 0x7ff87eee0000 end_va = 0x7ff87ef38fff monitored = 0 entry_point = 0x7ff87eef8ff0 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 307 start_va = 0x7ff87f5e0000 end_va = 0x7ff87f662fff monitored = 0 entry_point = 0x7ff87f5efb00 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 308 start_va = 0x77de0000 end_va = 0x77de9fff monitored = 0 entry_point = 0x77de12e0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 309 start_va = 0x7ff60000 end_va = 0x7ff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff60000" filename = "" Region: id = 310 start_va = 0x7ff50000 end_va = 0x7ff58fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff50000" filename = "" Region: id = 311 start_va = 0x560000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 312 start_va = 0x77990000 end_va = 0x77a7ffff monitored = 0 entry_point = 0x779af5a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 313 start_va = 0x75e20000 end_va = 0x76032fff monitored = 0 entry_point = 0x75f34030 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 314 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 315 start_va = 0x7fe50000 end_va = 0x7ff4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fe50000" filename = "" Region: id = 316 start_va = 0x480000 end_va = 0x548fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 317 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 318 start_va = 0x75c30000 end_va = 0x75ccefff monitored = 0 entry_point = 0x75c685c0 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 319 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 320 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 321 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 322 start_va = 0x6a0000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 323 start_va = 0x7a0000 end_va = 0x8f2fff monitored = 1 entry_point = 0x7a1af8 region_type = mapped_file name = "msvbvm60.dll" filename = "\\Windows\\SysWOW64\\msvbvm60.dll" (normalized: "c:\\windows\\syswow64\\msvbvm60.dll") Region: id = 324 start_va = 0x77be0000 end_va = 0x77d73fff monitored = 0 entry_point = 0x77c19860 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 325 start_va = 0x77390000 end_va = 0x773a7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\SysWOW64\\win32u.dll" (normalized: "c:\\windows\\syswow64\\win32u.dll") Region: id = 326 start_va = 0x77050000 end_va = 0x77072fff monitored = 0 entry_point = 0x770573c0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 327 start_va = 0x75cd0000 end_va = 0x75daafff monitored = 0 entry_point = 0x75d2fc10 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\SysWOW64\\gdi32full.dll" (normalized: "c:\\windows\\syswow64\\gdi32full.dll") Region: id = 328 start_va = 0x77310000 end_va = 0x7738afff monitored = 0 entry_point = 0x77327800 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\SysWOW64\\msvcp_win.dll" (normalized: "c:\\windows\\syswow64\\msvcp_win.dll") Region: id = 329 start_va = 0x77100000 end_va = 0x7721ffff monitored = 0 entry_point = 0x7712b170 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\SysWOW64\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll") Region: id = 330 start_va = 0x76670000 end_va = 0x766e8fff monitored = 0 entry_point = 0x76681a00 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 331 start_va = 0x77220000 end_va = 0x772defff monitored = 0 entry_point = 0x77255ac0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 332 start_va = 0x77080000 end_va = 0x770f4fff monitored = 0 entry_point = 0x7709f710 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 333 start_va = 0x773b0000 end_va = 0x77469fff monitored = 0 entry_point = 0x773ea2c0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 334 start_va = 0x76340000 end_va = 0x76422fff monitored = 0 entry_point = 0x7636c600 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 335 start_va = 0x76040000 end_va = 0x762bffff monitored = 0 entry_point = 0x7617a960 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 336 start_va = 0x76890000 end_va = 0x7692afff monitored = 0 entry_point = 0x768c5a20 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 337 start_va = 0x30000 end_va = 0x37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 338 start_va = 0x560000 end_va = 0x582fff monitored = 0 entry_point = 0x564410 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 339 start_va = 0x5a0000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 340 start_va = 0x900000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 341 start_va = 0x772e0000 end_va = 0x77304fff monitored = 0 entry_point = 0x772e4410 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 342 start_va = 0xb00000 end_va = 0xc80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b00000" filename = "" Region: id = 343 start_va = 0xc90000 end_va = 0x2090fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c90000" filename = "" Region: id = 344 start_va = 0x20a0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 345 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 346 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 347 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 348 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 349 start_va = 0x21b0000 end_va = 0x25affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021b0000" filename = "" Region: id = 350 start_va = 0x25b0000 end_va = 0x28e7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 351 start_va = 0x20a0000 end_va = 0x20a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 352 start_va = 0x21a0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 353 start_va = 0x20b0000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020b0000" filename = "" Region: id = 354 start_va = 0x759a0000 end_va = 0x759aefff monitored = 0 entry_point = 0x759a4830 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 355 start_va = 0x762e0000 end_va = 0x7633bfff monitored = 0 entry_point = 0x76310900 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 356 start_va = 0x74f30000 end_va = 0x74fa3fff monitored = 0 entry_point = 0x74f67550 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 357 start_va = 0x20b0000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020b0000" filename = "" Region: id = 358 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 359 start_va = 0x28f0000 end_va = 0x2acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028f0000" filename = "" Region: id = 360 start_va = 0x20b0000 end_va = 0x20bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020b0000" filename = "" Region: id = 361 start_va = 0x2130000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 362 start_va = 0x717c0000 end_va = 0x71847fff monitored = 0 entry_point = 0x717db9a0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 363 start_va = 0x20c0000 end_va = 0x20c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 364 start_va = 0x77470000 end_va = 0x77541fff monitored = 0 entry_point = 0x774bd9d0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 365 start_va = 0x20d0000 end_va = 0x20d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020d0000" filename = "" Region: id = 366 start_va = 0x20e0000 end_va = 0x20e3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 367 start_va = 0x28f0000 end_va = 0x29effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028f0000" filename = "" Region: id = 368 start_va = 0x2ac0000 end_va = 0x2acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ac0000" filename = "" Region: id = 369 start_va = 0x71580000 end_va = 0x71595fff monitored = 0 entry_point = 0x71590a40 region_type = mapped_file name = "asycfilt.dll" filename = "\\Windows\\SysWOW64\\asycfilt.dll" (normalized: "c:\\windows\\syswow64\\asycfilt.dll") Region: id = 370 start_va = 0x2ad0000 end_va = 0x2c8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ad0000" filename = "" Region: id = 371 start_va = 0x20f0000 end_va = 0x20f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020f0000" filename = "" Region: id = 372 start_va = 0x2c90000 end_va = 0x2d71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c90000" filename = "" Region: id = 373 start_va = 0x20f0000 end_va = 0x20f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020f0000" filename = "" Region: id = 374 start_va = 0x2100000 end_va = 0x2103fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 375 start_va = 0x29f0000 end_va = 0x2a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029f0000" filename = "" Region: id = 376 start_va = 0x2d80000 end_va = 0x2f72fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d80000" filename = "" Region: id = 377 start_va = 0x2110000 end_va = 0x2110fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002110000" filename = "" Region: id = 378 start_va = 0x6fa60000 end_va = 0x6fb18fff monitored = 0 entry_point = 0x6fa9fcd0 region_type = mapped_file name = "textinputframework.dll" filename = "\\Windows\\SysWOW64\\TextInputFramework.dll" (normalized: "c:\\windows\\syswow64\\textinputframework.dll") Region: id = 379 start_va = 0x6f740000 end_va = 0x6f9bdfff monitored = 0 entry_point = 0x6f79e8f0 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\SysWOW64\\CoreUIComponents.dll" (normalized: "c:\\windows\\syswow64\\coreuicomponents.dll") Region: id = 380 start_va = 0x6f9c0000 end_va = 0x6fa5afff monitored = 0 entry_point = 0x6fa20d90 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\SysWOW64\\CoreMessaging.dll" (normalized: "c:\\windows\\syswow64\\coremessaging.dll") Region: id = 381 start_va = 0x75db0000 end_va = 0x75e12fff monitored = 0 entry_point = 0x75db4b40 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 382 start_va = 0x77b30000 end_va = 0x77bb6fff monitored = 0 entry_point = 0x77b72d70 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 383 start_va = 0x6f710000 end_va = 0x6f738fff monitored = 0 entry_point = 0x6f717e90 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 384 start_va = 0x71d90000 end_va = 0x71e6cfff monitored = 0 entry_point = 0x71e07530 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 385 start_va = 0x2110000 end_va = 0x2113fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 386 start_va = 0x2f80000 end_va = 0x41dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 387 start_va = 0x70870000 end_va = 0x70904fff monitored = 0 entry_point = 0x708ffe80 region_type = mapped_file name = "textshaping.dll" filename = "\\Windows\\SysWOW64\\TextShaping.dll" (normalized: "c:\\windows\\syswow64\\textshaping.dll") Region: id = 388 start_va = 0x41e0000 end_va = 0x46d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000041e0000" filename = "" Region: id = 389 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 508 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 695 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 1232 start_va = 0x2160000 end_va = 0x219ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 1233 start_va = 0x2a70000 end_va = 0x2aaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a70000" filename = "" Region: id = 1234 start_va = 0x41e0000 end_va = 0x42dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041e0000" filename = "" Region: id = 1235 start_va = 0x42e0000 end_va = 0x43dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042e0000" filename = "" Region: id = 1236 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 2211 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 3735 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 5339 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 7020 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 8602 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 1 os_tid = 0x177c [0106.561] GetVersion () returned 0x23f00206 [0106.562] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77990000 [0106.562] GetProcAddress (hModule=0x77990000, lpProcName="IsTNT") returned 0x0 [0106.562] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x590000 [0106.562] VirtualAlloc (lpAddress=0x0, dwSize=0x400000, flAllocationType=0x2000, flProtect=0x4) returned 0x21b0000 [0106.562] VirtualAlloc (lpAddress=0x21b0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x21b0000 [0106.565] GetCurrentThreadId () returned 0x177c [0106.565] GetCommandLineA () returned="\"C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe\" " [0106.565] GetEnvironmentStringsW () returned 0x5bb478* [0106.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1566, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1566 [0106.565] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x620) returned 0x5905b8 [0106.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1566, lpMultiByteStr=0x5905b8, cbMultiByte=1566, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1566 [0106.565] FreeEnvironmentStringsW (penv=0x5bb478) returned 1 [0106.565] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x480) returned 0x590be0 [0106.566] GetStartupInfoA (in: lpStartupInfo=0x19f8a0 | out: lpStartupInfo=0x19f8a0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0106.566] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0106.566] GetFileType (hFile=0x0) returned 0x0 [0106.566] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0106.566] GetFileType (hFile=0x0) returned 0x0 [0106.566] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0106.566] GetFileType (hFile=0x0) returned 0x0 [0106.566] SetHandleCount (uNumber=0x20) returned 0x20 [0106.566] GetACP () returned 0x4e4 [0106.566] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f8c8 | out: lpCPInfo=0x19f8c8) returned 1 [0106.566] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8ac528, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0106.570] HeapFree (in: hHeap=0x590000, dwFlags=0x0, lpMem=0x5905b8 | out: hHeap=0x590000) returned 1 [0106.570] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x77990000 [0106.570] GetProcAddress (hModule=0x77990000, lpProcName="IsProcessorFeaturePresent") returned 0x779b0ad0 [0106.570] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0106.570] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x8, Size=0x800) returned 0x591068 [0106.570] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x170 [0106.571] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x174 [0106.571] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0106.571] GetModuleFileNameA (in: hModule=0x7a0000, lpFilename=0x8ae6c8, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL" (normalized: "c:\\windows\\syswow64\\msvbvm60.dll")) returned 0x20 [0106.571] GetVersion () returned 0x23f00206 [0106.571] lstrcmpiW (lpString1="A", lpString2="B") returned -1 [0106.609] GetUserDefaultLCID () returned 0x409 [0106.609] CompareStringW (Locale=0x409, dwCmpFlags=0x30001, lpString1="A", cchCount1=-1, lpString2="B", cchCount2=-1) returned 1 [0106.610] GetSystemMetrics (nIndex=5) returned 1 [0106.610] GetSystemMetrics (nIndex=6) returned 1 [0106.610] GetSystemMetrics (nIndex=11) returned 32 [0106.610] GetSystemMetrics (nIndex=12) returned 32 [0106.610] GetSystemMetrics (nIndex=34) returned 136 [0106.610] GetSystemMetrics (nIndex=35) returned 39 [0106.610] GetSystemMetrics (nIndex=0) returned 1440 [0106.610] GetSystemMetrics (nIndex=1) returned 900 [0106.610] GetSystemMetrics (nIndex=32) returned 8 [0106.610] GetSystemMetrics (nIndex=33) returned 8 [0106.610] GetSystemMetrics (nIndex=42) returned 0 [0106.610] GetStockObject (i=15) returned 0x88000b [0106.610] GetStockObject (i=7) returned 0xb00017 [0106.610] GetStockObject (i=6) returned 0xb00018 [0106.611] GetStockObject (i=8) returned 0xb00016 [0106.611] GetStockObject (i=4) returned 0x900011 [0106.611] GetStockObject (i=2) returned 0x900012 [0106.611] GetStockObject (i=0) returned 0x900010 [0106.611] GetStockObject (i=5) returned 0x900015 [0106.611] GetStockObject (i=13) returned 0x58a00b4 [0106.611] GetDC (hWnd=0x0) returned 0x3b010920 [0106.611] GetTextExtentPointA (in: hdc=0x3b010920, lpString="0", c=1, lpsz=0x19f8c4 | out: lpsz=0x19f8c4) returned 1 [0106.615] GetDeviceCaps (hdc=0x3b010920, index=14) returned 1 [0106.615] GetDeviceCaps (hdc=0x3b010920, index=12) returned 32 [0106.615] GetDeviceCaps (hdc=0x3b010920, index=88) returned 96 [0106.616] GetDeviceCaps (hdc=0x3b010920, index=90) returned 96 [0106.616] GetDeviceCaps (hdc=0x3b010920, index=38) returned 32409 [0106.616] ReleaseDC (hWnd=0x0, hDC=0x3b010920) returned 1 [0106.616] HeapCreate (flOptions=0x0, dwInitialSize=0x0, dwMaximumSize=0x0) returned 0x2150000 [0106.616] CoGetMalloc (in: dwMemContext=0x1, ppMalloc=0x8ae7d0 | out: ppMalloc=0x8ae7d0*=0x7627fec4) returned 0x0 [0106.617] GetCurrentThreadId () returned 0x177c [0106.617] GetStartupInfoA (in: lpStartupInfo=0x19ff08 | out: lpStartupInfo=0x19ff08*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0106.617] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x104) returned 0x21505b8 [0106.618] GetCurrentThreadId () returned 0x177c [0106.618] GetCurrentThreadId () returned 0x177c [0106.618] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xec8) returned 0x21506c8 [0106.832] GetCommandLineA () returned="\"C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe\" " [0106.832] lstrlenA (lpString="") returned 0 [0106.832] lstrcpyA (in: lpString1=0x19fe94, lpString2="" | out: lpString1="") returned="" [0106.832] SetErrorMode (uMode=0x8001) returned 0x0 [0106.832] GetModuleFileNameA (in: hModule=0x7a0000, lpFilename=0x19fb50, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL" (normalized: "c:\\windows\\syswow64\\msvbvm60.dll")) returned 0x20 [0106.832] GetUserDefaultLCID () returned 0x409 [0106.832] GetUserDefaultLCID () returned 0x409 [0106.832] LoadStringA (in: hInstance=0x7a0000, uID=0x7d1, lpBuffer=0x19fc54, cchBufferMax=8 | out: lpBuffer="409") returned 0x3 [0106.832] GetSystemDefaultLCID () returned 0x409 [0106.833] GetUserDefaultLCID () returned 0x409 [0106.833] GetLocaleInfoA (in: Locale=0x400, LCType=0xe, lpLCData=0x19fc5e, cchData=2 | out: lpLCData=".") returned 2 [0106.833] GetStockObject (i=13) returned 0x58a00b4 [0106.833] GetObjectA (in: h=0x58a00b4, c=60, pv=0x19fc24 | out: pv=0x19fc24) returned 60 [0106.833] GetLocaleInfoA (in: Locale=0x409, LCType=0x80000003, lpLCData=0x19fc20, cchData=4 | out: lpLCData="ENU") returned 4 [0106.833] lstrcpyA (in: lpString1=0x19fc50, lpString2="EN" | out: lpString1="EN") returned="EN" [0106.833] lstrlenA (lpString="{xx}") returned 4 [0106.833] lstrlenA (lpString="VB98.CHM") returned 8 [0106.833] lstrcpyA (in: lpString1=0x8aeae8, lpString2="VB98.CHM" | out: lpString1="VB98.CHM") returned="VB98.CHM" [0106.833] GetLocaleInfoA (in: Locale=0x409, LCType=0x80000003, lpLCData=0x19fc20, cchData=4 | out: lpLCData="ENU") returned 4 [0106.833] lstrcpyA (in: lpString1=0x19fc50, lpString2="EN" | out: lpString1="EN") returned="EN" [0106.833] lstrlenA (lpString="{xx}") returned 4 [0106.833] lstrlenA (lpString="VBENLR98.CHM") returned 12 [0106.833] lstrcpyA (in: lpString1=0x8aebf0, lpString2="VBENLR98.CHM" | out: lpString1="VBENLR98.CHM") returned="VBENLR98.CHM" [0106.833] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19fd78, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0106.833] GetModuleFileNameA (in: hModule=0x7a0000, lpFilename=0x19fc74, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL" (normalized: "c:\\windows\\syswow64\\msvbvm60.dll")) returned 0x20 [0106.834] lstrcpynA (in: lpString1=0x19fb58, lpString2="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL", iMaxLength=260 | out: lpString1="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL") returned="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL" [0106.834] lstrlenA (lpString="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL") returned 32 [0106.834] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x21) returned 0x2151598 [0106.834] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x21) returned 0x21515c8 [0106.834] lstrcpyA (in: lpString1=0x2151598, lpString2="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL" | out: lpString1="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL") returned="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL" [0106.834] LCMapStringA (in: Locale=0x409, dwMapFlags=0x200, lpSrcStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", cchSrc=-1, lpDestStr=0x19fb38, cchDest=260 | out: lpDestStr="C:\\USERS\\OQXZRAYKM\\DESKTOP\\KAWAII-UNICORN.EXE") returned 46 [0106.836] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x19fc3c, dwRevision=0x1 | out: pSecurityDescriptor=0x19fc3c) returned 1 [0106.836] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x19fc3c, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x19fc3c) returned 1 [0106.836] CreateSemaphoreA (lpSemaphoreAttributes=0x19fc50, lInitialCount=0, lMaximumCount=2147483647, lpName="C:?USERS?OQXZRAYKM?DESKTOP?KAWAII-UNICORN.EXE") returned 0x17c [0106.836] GetLastError () returned 0x0 [0106.836] GetVersionExA (in: lpVersionInformation=0x19fbb4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x19fbb4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0106.837] OleInitialize (pvReserved=0x0) returned 0x0 [0106.931] OaBuildVersion () returned 0x321396 [0106.931] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x76890000 [0106.932] GetLastError () returned 0x0 [0106.932] GetProcAddress (hModule=0x76890000, lpProcName="OleLoadPictureEx") returned 0x76901420 [0106.932] RegisterClipboardFormatA (lpszFormat="Link") returned 0xc150 [0106.932] RegisterClipboardFormatA (lpszFormat="Rich Text Format") returned 0xc06e [0106.932] GetClassInfoA (in: hInstance=0x7a0000, lpClassName="VBFocusRT6", lpWndClass=0x19fc1c | out: lpWndClass=0x19fc1c) returned 0 [0106.932] RegisterClassA (lpWndClass=0x19fc1c) returned 0xc1cd [0106.933] GetClassInfoA (in: hInstance=0x7a0000, lpClassName="VBBubbleRT6", lpWndClass=0x19fc1c | out: lpWndClass=0x19fc1c) returned 0 [0106.933] RegisterClassA (lpWndClass=0x19fc1c) returned 0xc1cb [0106.933] HeapCreate (flOptions=0x0, dwInitialSize=0x400, dwMaximumSize=0x0) returned 0x2ac0000 [0106.934] GetUserDefaultLCID () returned 0x409 [0106.934] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x3a4) returned 0x21515f8 [0106.934] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x3a4) returned 0x21519a8 [0106.934] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xd4) returned 0x2151d58 [0106.934] GetSystemInfo (in: lpSystemInfo=0x19fbdc | out: lpSystemInfo=0x19fbdc*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5507)) [0106.934] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x2000, flProtect=0x4) returned 0x20b0000 [0106.934] VirtualAlloc (lpAddress=0x20b0000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x20b0000 [0106.935] VirtualAlloc (lpAddress=0x20b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x20b0000 [0106.937] VirtualAlloc (lpAddress=0x20b0000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x20b0000 [0106.938] VirtualAlloc (lpAddress=0x20b0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x20b0000 [0106.938] VirtualAlloc (lpAddress=0x20b0000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x20b0000 [0106.938] VirtualAlloc (lpAddress=0x20b0000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x20b0000 [0106.939] VirtualProtect (in: lpAddress=0x20b0000, dwSize=0x6000, flNewProtect=0x20, lpflOldProtect=0x19fc38 | out: lpflOldProtect=0x19fc38*=0x4) returned 1 [0107.004] GetCurrentProcess () returned 0xffffffff [0107.004] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x20b0000, dwSize=0x6000) returned 1 [0107.004] GlobalAddAtomA (lpString="VBDisabled") returned 0xc0bf [0107.005] GetVersion () returned 0x23f00206 [0107.005] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x76890000 [0107.005] GetProcAddress (hModule=0x76890000, lpProcName="DispCallFunc") returned 0x768cc800 [0107.005] GetProcAddress (hModule=0x76890000, lpProcName="LoadTypeLibEx") returned 0x768b0c50 [0107.005] GetProcAddress (hModule=0x76890000, lpProcName="UnRegisterTypeLib") returned 0x768e5c70 [0107.005] GetProcAddress (hModule=0x76890000, lpProcName="CreateTypeLib2") returned 0x768c4e70 [0107.005] GetProcAddress (hModule=0x76890000, lpProcName="VarDateFromUdate") returned 0x768c07b0 [0107.005] GetProcAddress (hModule=0x76890000, lpProcName="VarUdateFromDate") returned 0x768a6e60 [0107.006] GetProcAddress (hModule=0x76890000, lpProcName="GetAltMonthNames") returned 0x768fc880 [0107.006] GetProcAddress (hModule=0x76890000, lpProcName="VarNumFromParseNum") returned 0x768a75e0 [0107.006] GetProcAddress (hModule=0x76890000, lpProcName="VarParseNumFromStr") returned 0x768aed30 [0107.006] GetProcAddress (hModule=0x76890000, lpProcName="VarDecFromR4") returned 0x76901ff0 [0107.006] GetProcAddress (hModule=0x76890000, lpProcName="VarDecFromR8") returned 0x76902250 [0107.006] GetProcAddress (hModule=0x76890000, lpProcName="VarDecFromDate") returned 0x76901e50 [0107.006] GetProcAddress (hModule=0x76890000, lpProcName="VarDecFromI4") returned 0x76901f40 [0107.006] GetProcAddress (hModule=0x76890000, lpProcName="VarDecFromCy") returned 0x76901e10 [0107.006] GetProcAddress (hModule=0x76890000, lpProcName="VarR4FromDec") returned 0x76902870 [0107.006] GetProcAddress (hModule=0x76890000, lpProcName="GetRecordInfoFromTypeInfo") returned 0x76900a10 [0107.007] GetProcAddress (hModule=0x76890000, lpProcName="GetRecordInfoFromGuids") returned 0x76900920 [0107.007] GetProcAddress (hModule=0x76890000, lpProcName="SafeArrayGetRecordInfo") returned 0x76901730 [0107.007] GetProcAddress (hModule=0x76890000, lpProcName="SafeArraySetRecordInfo") returned 0x76901780 [0107.007] GetProcAddress (hModule=0x76890000, lpProcName="SafeArrayGetIID") returned 0x769016f0 [0107.007] GetProcAddress (hModule=0x76890000, lpProcName="SafeArraySetIID") returned 0x768c0e80 [0107.007] GetProcAddress (hModule=0x76890000, lpProcName="SafeArrayCopyData") returned 0x768aa340 [0107.007] GetProcAddress (hModule=0x76890000, lpProcName="SafeArrayAllocDescriptorEx") returned 0x768aa5b0 [0107.007] GetProcAddress (hModule=0x76890000, lpProcName="SafeArrayCreateEx") returned 0x769015d0 [0107.007] GetProcAddress (hModule=0x76890000, lpProcName="VarFormat") returned 0x76904d40 [0107.007] GetProcAddress (hModule=0x76890000, lpProcName="VarFormatDateTime") returned 0x76904eb0 [0107.008] GetProcAddress (hModule=0x76890000, lpProcName="VarFormatNumber") returned 0x76906cd0 [0107.008] GetProcAddress (hModule=0x76890000, lpProcName="VarFormatPercent") returned 0x76906d80 [0107.008] GetProcAddress (hModule=0x76890000, lpProcName="VarFormatCurrency") returned 0x76904e00 [0107.008] GetProcAddress (hModule=0x76890000, lpProcName="VarWeekdayName") returned 0x769070d0 [0107.008] GetProcAddress (hModule=0x76890000, lpProcName="VarMonthName") returned 0x76906e20 [0107.008] GetProcAddress (hModule=0x76890000, lpProcName="VarAdd") returned 0x768ce420 [0107.008] GetProcAddress (hModule=0x76890000, lpProcName="VarAnd") returned 0x768c0a60 [0107.008] GetProcAddress (hModule=0x76890000, lpProcName="VarCat") returned 0x768c0460 [0107.008] GetProcAddress (hModule=0x76890000, lpProcName="VarDiv") returned 0x768f7350 [0107.008] GetProcAddress (hModule=0x76890000, lpProcName="VarEqv") returned 0x768f7cb0 [0107.009] GetProcAddress (hModule=0x76890000, lpProcName="VarIdiv") returned 0x768f7cf0 [0107.009] GetProcAddress (hModule=0x76890000, lpProcName="VarImp") returned 0x768f7e70 [0107.009] GetProcAddress (hModule=0x76890000, lpProcName="VarMod") returned 0x768f7f50 [0107.009] GetProcAddress (hModule=0x76890000, lpProcName="VarMul") returned 0x768cece0 [0107.009] GetProcAddress (hModule=0x76890000, lpProcName="VarOr") returned 0x768f8160 [0107.009] GetProcAddress (hModule=0x76890000, lpProcName="VarPow") returned 0x768f7990 [0107.009] GetProcAddress (hModule=0x76890000, lpProcName="VarSub") returned 0x768cf5b0 [0107.009] GetProcAddress (hModule=0x76890000, lpProcName="VarXor") returned 0x768f8300 [0107.009] GetProcAddress (hModule=0x76890000, lpProcName="VarAbs") returned 0x768f67f0 [0107.009] GetProcAddress (hModule=0x76890000, lpProcName="VarFix") returned 0x768f6aa0 [0107.010] GetProcAddress (hModule=0x76890000, lpProcName="VarInt") returned 0x768f6c50 [0107.010] GetProcAddress (hModule=0x76890000, lpProcName="VarNeg") returned 0x768f6e10 [0107.010] GetProcAddress (hModule=0x76890000, lpProcName="VarNot") returned 0x768f80b0 [0107.010] GetProcAddress (hModule=0x76890000, lpProcName="VarRound") returned 0x768f7040 [0107.010] GetProcAddress (hModule=0x76890000, lpProcName="VarCmp") returned 0x768a4ae0 [0107.010] GetProcAddress (hModule=0x76890000, lpProcName="VarDecAdd") returned 0x768cbfa0 [0107.010] GetProcAddress (hModule=0x76890000, lpProcName="VarDecCmp") returned 0x768cc780 [0107.010] GetProcAddress (hModule=0x76890000, lpProcName="VarBstrCat") returned 0x768a6870 [0107.010] GetProcAddress (hModule=0x76890000, lpProcName="VarCyMulI4") returned 0x768cb9d0 [0107.011] GetProcAddress (hModule=0x76890000, lpProcName="VarBstrCmp") returned 0x768a5040 [0107.011] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76340000 [0107.011] GetProcAddress (hModule=0x76340000, lpProcName="CoCreateInstanceEx") returned 0x761641d0 [0107.011] GetProcAddress (hModule=0x76340000, lpProcName="CLSIDFromProgIDEx") returned 0x761748e0 [0107.011] GetSystemMetrics (nIndex=42) returned 0 [0107.011] CoGetMalloc (in: dwMemContext=0x1, ppMalloc=0x8ae688 | out: ppMalloc=0x8ae688*=0x7627fec4) returned 0x0 [0107.012] IMalloc:Alloc (This=0x7627fec4, cb=0x4) returned 0x5b5a28 [0107.012] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x19f950, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0107.012] lstrcatA (in: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpString2=".cfg" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe.cfg") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe.cfg" [0107.012] SetLastError (dwErrCode=0x0) [0107.012] SearchPathA (in: lpPath=0x0, lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe.cfg", lpExtension=0x0, nBufferLength=0x103, lpBuffer=0x19f84c, lpFilePart=0x19f820 | out: lpBuffer="hù\x19", lpFilePart=0x19f820*="\x8bÿU\x8bì\x83ì\x18SVW\x8b}\x0cÆEÿ") returned 0x0 [0107.012] SetLastError (dwErrCode=0x2) [0107.012] GetLastError () returned 0x2 [0107.012] lstrcmpiA (lpString1="Kawaii-Unicorn", lpString2="MTX") returned -1 [0107.012] lstrcmpiA (lpString1="Kawaii-Unicorn", lpString2="DLLHOST") returned 1 [0107.012] lstrcmpiA (lpString1="Kawaii-Unicorn", lpString2="INETINFO") returned 1 [0107.013] lstrcmpiA (lpString1="Kawaii-Unicorn", lpString2="W3WP") returned -1 [0107.013] lstrcmpiA (lpString1="Kawaii-Unicorn", lpString2="ASPNET_WP") returned 1 [0107.013] lstrcmpiA (lpString1="Kawaii-Unicorn", lpString2="DLLHST3G") returned 1 [0107.013] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x19f944, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0107.013] lstrcmpiA (lpString1="Kawaii-Unicorn", lpString2="IEXPLORE") returned 1 [0107.013] LoadLibraryA (lpLibFileName="SXS.DLL") returned 0x717c0000 [0107.022] GetLastError () returned 0x0 [0107.022] GetProcAddress (hModule=0x717c0000, lpProcName="SxsOleAut32MapIIDOrCLSIDToTypeLibrary") returned 0x7182a250 [0107.022] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="", cbMultiByte=-1, lpWideCharStr=0x19fe90, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0107.023] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x1c) returned 0x2151e38 [0107.023] CoRegisterMessageFilter (in: lpMessageFilter=0x2151e3c, lplpMessageFilter=0x2151e44 | out: lplpMessageFilter=0x2151e44*=0x0) returned 0x0 [0107.023] IUnknown:AddRef (This=0x2151e3c) returned 0x2 [0107.024] GetClassInfoExA (in: hInstance=0x7a0000, lpszClass="ThunderRT6Main", lpwcx=0x19fe60 | out: lpwcx=0x19fe60) returned 0 [0107.024] LoadIconA (hInstance=0x400000, lpIconName=0x1) returned 0x22035f [0107.030] GetModuleHandleA (lpModuleName="USER32") returned 0x77be0000 [0107.030] GetProcAddress (hModule=0x77be0000, lpProcName="GetSystemMetrics") returned 0x77c11aa0 [0107.031] GetProcAddress (hModule=0x77be0000, lpProcName="MonitorFromWindow") returned 0x77c15fb0 [0107.031] GetProcAddress (hModule=0x77be0000, lpProcName="MonitorFromRect") returned 0x77c06270 [0107.031] GetProcAddress (hModule=0x77be0000, lpProcName="MonitorFromPoint") returned 0x77c0db10 [0107.031] GetProcAddress (hModule=0x77be0000, lpProcName="EnumDisplayMonitors") returned 0x77c1e260 [0107.031] GetProcAddress (hModule=0x77be0000, lpProcName="GetMonitorInfoA") returned 0x77c016a0 [0107.031] GetSystemMetrics (nIndex=0) returned 1440 [0107.031] GetSystemMetrics (nIndex=78) returned 1440 [0107.031] GetSystemMetrics (nIndex=1) returned 900 [0107.031] GetSystemMetrics (nIndex=79) returned 900 [0107.031] GetSystemMetrics (nIndex=50) returned 16 [0107.031] GetSystemMetrics (nIndex=49) returned 16 [0107.031] LoadImageA (hInst=0x400000, name=0x1, type=0x1, cx=16, cy=16, fuLoad=0x0) returned 0x4037b [0107.033] RegisterClassExA (param_1=0x19fe60) returned 0xc1dc [0107.033] CreateWindowExA (dwExStyle=0x80, lpClassName="ThunderRT6Main", lpWindowName=0x0, dwStyle=0x80090000, X=-2147483648, Y=-2147483648, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x7a0000, lpParam=0x0) returned 0x3037a [0107.044] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x81, wParam=0x0, lParam=0x19f9d8) returned 0x1 [0107.056] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x83, wParam=0x0, lParam=0x19f9c4) returned 0x0 [0107.056] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x1, wParam=0x0, lParam=0x19f9d8) returned 0x0 [0107.057] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0107.057] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0107.057] MonitorFromWindow (hwnd=0x3037a, dwFlags=0x2) returned 0x10001 [0107.057] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x19fe68 | out: lpmi=0x19fe68) returned 1 [0107.058] SetWindowPos (hWnd=0x3037a, hWndInsertAfter=0x0, X=720, Y=450, cx=0, cy=0, uFlags=0x1d) returned 1 [0107.058] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x46, wParam=0x0, lParam=0x19fe0c) returned 0x0 [0107.059] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x47, wParam=0x0, lParam=0x19fe0c) returned 0x0 [0107.059] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x3, wParam=0x0, lParam=0x1c202d0) returned 0x0 [0107.059] ShowWindow (hWnd=0x3037a, nCmdShow=4) returned 0 [0107.059] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0107.059] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x46, wParam=0x0, lParam=0x19fe1c) returned 0x0 [0107.067] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x47, wParam=0x0, lParam=0x19fe1c) returned 0x0 [0107.067] GetWindowThreadProcessId (in: hWnd=0x3037a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x177c [0107.067] VirtualQuery (in: lpAddress=0x19fe90, lpBuffer=0x19fe74, dwLength=0x1c | out: lpBuffer=0x19fe74*(BaseAddress=0x19f000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0107.067] GetUserDefaultLCID () returned 0x409 [0107.067] IsValidCodePage (CodePage=0x3a4) returned 1 [0107.068] IsValidCodePage (CodePage=0x3b5) returned 1 [0107.068] IsValidCodePage (CodePage=0x3b6) returned 1 [0107.068] IsValidCodePage (CodePage=0x3a8) returned 1 [0107.071] GetUserDefaultLangID () returned 0x409 [0107.071] GetSystemDefaultLangID () returned 0x5b0409 [0107.071] GetSystemMetrics (nIndex=42) returned 0 [0107.071] IMalloc:Alloc (This=0x7627fec4, cb=0xa8) returned 0x5b19f8 [0107.071] IMalloc:GetSize (This=0x7627fec4, pv=0x5b19f8) returned 0xa8 [0107.071] IMalloc:Alloc (This=0x7627fec4, cb=0xc) returned 0x5c4b78 [0107.072] GetCurrentThreadId () returned 0x177c [0107.072] IMalloc:Alloc (This=0x7627fec4, cb=0x3c) returned 0x5b6d48 [0107.072] IMalloc:Alloc (This=0x7627fec4, cb=0x1c) returned 0x5b9ae0 [0107.072] RegOpenKeyA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\VBA\\Monitors", phkResult=0x19fe5c | out: phkResult=0x19fe5c*=0x0) returned 0x2 [0107.072] IMalloc:Alloc (This=0x7627fec4, cb=0x1c) returned 0x5b9b80 [0107.072] GetCurrentThreadId () returned 0x177c [0107.072] SetWindowsHookExA (idHook=-1, lpfn=0x801e09, hmod=0x0, dwThreadId=0x177c) returned 0x90333 [0107.073] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x14) returned 0x2151e60 [0107.073] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x80) returned 0x2151e80 [0107.073] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x10) returned 0x2151f08 [0107.073] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x2c) returned 0x2151f20 [0107.073] GetClassInfoA (in: hInstance=0x7a0000, lpClassName="VBMsoStdCompMgr", lpWndClass=0x19fdb4 | out: lpWndClass=0x19fdb4) returned 0 [0107.073] RegisterClassA (lpWndClass=0x19fdb4) returned 0xc1de [0107.073] CreateWindowExA (dwExStyle=0x0, lpClassName="VBMsoStdCompMgr", lpWindowName=0x0, dwStyle=0x80000000, X=-2147483648, Y=-2147483648, nWidth=-2147483648, nHeight=-2147483648, hWndParent=0x0, hMenu=0x0, hInstance=0x7a0000, lpParam=0x0) returned 0x40372 [0107.074] NtdllDefWindowProc_A (hWnd=0x40372, Msg=0x81, wParam=0x0, lParam=0x19f988) returned 0x1 [0107.074] NtdllDefWindowProc_A (hWnd=0x40372, Msg=0x83, wParam=0x0, lParam=0x19f974) returned 0x0 [0107.074] NtdllDefWindowProc_A (hWnd=0x40372, Msg=0x1, wParam=0x0, lParam=0x19f988) returned 0x0 [0107.075] NtdllDefWindowProc_A (hWnd=0x40372, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0107.075] NtdllDefWindowProc_A (hWnd=0x40372, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0107.081] SetWindowLongA (hWnd=0x40372, nIndex=0, dwNewLong=34938500) returned 0 [0107.081] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x38) returned 0x2151f58 [0107.081] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x18) returned 0x2151f98 [0107.081] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x10) returned 0x2151fb8 [0107.081] RegisterClipboardFormatA (lpszFormat="Object Descriptor") returned 0xc00e [0107.081] RegisterClipboardFormatA (lpszFormat="Link Source Descriptor") returned 0xc00f [0107.081] RegisterClipboardFormatA (lpszFormat="Embed Source") returned 0xc00b [0107.081] RegisterClipboardFormatA (lpszFormat="Embedded Object") returned 0xc00a [0107.081] RegisterClipboardFormatA (lpszFormat="Link Source") returned 0xc00d [0107.081] RegisterClipboardFormatA (lpszFormat="OwnerLink") returned 0xc003 [0107.081] RegisterClipboardFormatA (lpszFormat="FileName") returned 0xc006 [0107.081] CreateCompatibleDC (hdc=0x0) returned 0x5a010690 [0107.081] GetCurrentObject (hdc=0x5a010690, type=0x7) returned 0x85000f [0107.081] CreateWindowExA (dwExStyle=0x0, lpClassName="VBFocusRT6", lpWindowName=0x0, dwStyle=0x40000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x3037a, hMenu=0x0, hInstance=0x7a0000, lpParam=0x0) returned 0x3036e [0107.082] NtdllDefWindowProc_A (hWnd=0x3036e, Msg=0x81, wParam=0x0, lParam=0x19fa18) returned 0x1 [0107.083] NtdllDefWindowProc_A (hWnd=0x3036e, Msg=0x83, wParam=0x0, lParam=0x19fa04) returned 0x0 [0107.083] NtdllDefWindowProc_A (hWnd=0x3036e, Msg=0x1, wParam=0x0, lParam=0x19fa18) returned 0x0 [0107.084] NtdllDefWindowProc_A (hWnd=0x3036e, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0107.084] NtdllDefWindowProc_A (hWnd=0x3036e, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0107.084] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x210, wParam=0x1, lParam=0x3036e) returned 0x0 [0107.084] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x18) returned 0x2151fd0 [0107.084] RtlAllocateHeap (HeapHandle=0x2ac0000, Flags=0x8, Size=0x114) returned 0x2ac05b8 [0107.085] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x5c) returned 0x2151ff0 [0107.085] GetCurrentThreadId () returned 0x177c [0107.085] GetCurrentThreadId () returned 0x177c [0107.085] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x10) returned 0x2152058 [0107.085] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x30) returned 0x2152070 [0107.085] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x434) returned 0x21520a8 [0107.085] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x434) returned 0x21524e8 [0107.085] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x3c) returned 0x2152928 [0107.085] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x2152970 [0107.085] lstrlenA (lpString="VB") returned 2 [0107.085] lstrlenA (lpString="Label") returned 5 [0107.085] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x9) returned 0x2152a90 [0107.085] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x34) returned 0x2152aa8 [0107.085] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xf0) returned 0x2152ae8 [0107.085] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x48) returned 0x2152be0 [0107.085] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1f4) returned 0x2152c30 [0107.085] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x28) returned 0x2152e30 [0107.085] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2152e60 [0107.085] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x28) returned 0x2152e80 [0107.086] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x2152eb0 [0107.086] lstrlenA (lpString="VB") returned 2 [0107.086] lstrlenA (lpString="TextBox") returned 7 [0107.086] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xb) returned 0x2152fd0 [0107.086] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x38) returned 0x2152fe8 [0107.086] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x120) returned 0x2153028 [0107.086] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x60) returned 0x2153150 [0107.086] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x250) returned 0x21531b8 [0107.086] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2153410 [0107.086] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x2153430 [0107.086] lstrlenA (lpString="VB") returned 2 [0107.086] lstrlenA (lpString="Timer") returned 5 [0107.086] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x9) returned 0x2153550 [0107.086] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xc) returned 0x2153568 [0107.086] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x30) returned 0x2153580 [0107.086] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x4) returned 0x21535b8 [0107.086] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x9c) returned 0x21535c8 [0107.086] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2153670 [0107.087] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x2153690 [0107.087] lstrlenA (lpString="VB") returned 2 [0107.087] lstrlenA (lpString="Printer") returned 7 [0107.087] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xb) returned 0x21537b0 [0107.087] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xdc) returned 0x21537c8 [0107.087] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x21538b0 [0107.087] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x21538d0 [0107.087] lstrlenA (lpString="VB") returned 2 [0107.087] lstrlenA (lpString="Form") returned 4 [0107.087] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x8) returned 0x21539f0 [0107.087] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x184) returned 0x2153a00 [0107.087] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x7c) returned 0x2153b90 [0107.087] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2f8) returned 0x2153c18 [0107.087] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2153f18 [0107.087] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x2153f38 [0107.088] lstrlenA (lpString="VB") returned 2 [0107.088] lstrlenA (lpString="Screen") returned 6 [0107.088] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xa) returned 0x2154058 [0107.088] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x2c) returned 0x2154070 [0107.088] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xa0) returned 0x21540a8 [0107.088] RtlReAllocateHeap (Heap=0x2150000, Flags=0x0, Ptr=0x2152e30, Size=0x50) returned 0x2154150 [0107.088] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2152e30 [0107.088] RtlReAllocateHeap (Heap=0x2150000, Flags=0x0, Ptr=0x2152e80, Size=0x50) returned 0x21541a8 [0107.088] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x2154200 [0107.088] lstrlenA (lpString="VB") returned 2 [0107.088] lstrlenA (lpString="Clipboard") returned 9 [0107.088] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xd) returned 0x2152e80 [0107.088] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x1c) returned 0x2154320 [0107.088] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x68) returned 0x2154348 [0107.088] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x21543b8 [0107.088] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x21543d8 [0107.088] lstrlenA (lpString="VB") returned 2 [0107.088] lstrlenA (lpString="MDIForm") returned 7 [0107.088] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xb) returned 0x2152e98 [0107.088] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x184) returned 0x21544f8 [0107.089] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x7c) returned 0x2154688 [0107.089] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2f8) returned 0x2154710 [0107.089] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2154a10 [0107.089] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x2154a30 [0107.089] lstrlenA (lpString="VB") returned 2 [0107.089] lstrlenA (lpString="App") returned 3 [0107.089] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x7) returned 0x2152e50 [0107.089] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x84) returned 0x2154b50 [0107.089] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x148) returned 0x2154be0 [0107.089] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2154d30 [0107.089] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x2154d50 [0107.089] lstrlenA (lpString="VB") returned 2 [0107.089] lstrlenA (lpString="UserControl") returned 11 [0107.089] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x2154e70 [0107.089] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x1e4) returned 0x2154e88 [0107.089] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xb0) returned 0x2155078 [0107.090] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x3a4) returned 0x2155130 [0107.090] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x21554e0 [0107.090] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x2155500 [0107.090] lstrlenA (lpString="VB") returned 2 [0107.090] lstrlenA (lpString="PropertyPage") returned 12 [0107.090] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x10) returned 0x2155620 [0107.090] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x190) returned 0x2155638 [0107.090] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x88) returned 0x21557d0 [0107.090] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x310) returned 0x2155860 [0107.090] RtlReAllocateHeap (Heap=0x2150000, Flags=0x0, Ptr=0x2154150, Size=0x78) returned 0x2155b78 [0107.090] lstrcmpiA (lpString1="VB.MDIForm", lpString2="VB.PropertyPage") returned -1 [0107.090] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2154150 [0107.090] RtlReAllocateHeap (Heap=0x2150000, Flags=0x0, Ptr=0x21541a8, Size=0x78) returned 0x2155bf8 [0107.090] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x2155c78 [0107.090] lstrlenA (lpString="VB") returned 2 [0107.090] lstrlenA (lpString="UserDocument") returned 12 [0107.090] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x10) returned 0x2154170 [0107.091] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x1c8) returned 0x2155d98 [0107.091] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xa8) returned 0x2155f68 [0107.091] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x370) returned 0x2156018 [0107.091] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2154188 [0107.091] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x20) returned 0x21541a8 [0107.091] RtlAllocateHeap (HeapHandle=0x2ac0000, Flags=0x8, Size=0x30) returned 0x2ac06d8 [0107.091] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xa0) returned 0x2156390 [0107.091] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x28) returned 0x21541d0 [0107.091] GetCurrentThreadId () returned 0x177c [0107.091] GetCurrentThreadId () returned 0x177c [0107.091] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x10) returned 0x2156438 [0107.092] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x2156450 [0107.092] lstrlenA (lpString="VB") returned 2 [0107.092] lstrlenA (lpString="PictureBox") returned 10 [0107.092] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xe) returned 0x2156570 [0107.092] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x16c) returned 0x2156588 [0107.092] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x68) returned 0x2156700 [0107.092] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2c8) returned 0x2156770 [0107.092] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2156a40 [0107.092] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x2156a60 [0107.092] lstrlenA (lpString="VB") returned 2 [0107.093] lstrlenA (lpString="Frame") returned 5 [0107.093] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x9) returned 0x2156b80 [0107.093] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x24) returned 0x21504b0 [0107.094] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xb0) returned 0x21504e0 [0107.094] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x34) returned 0x2159ac8 [0107.094] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x184) returned 0x2159b08 [0107.094] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2150598 [0107.094] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x2159c98 [0107.094] lstrlenA (lpString="VB") returned 2 [0107.094] lstrlenA (lpString="CommandButton") returned 13 [0107.094] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x11) returned 0x2159ea0 [0107.094] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x28) returned 0x215a5c0 [0107.094] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xd4) returned 0x215a5f0 [0107.094] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x44) returned 0x215a6d0 [0107.094] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1c8) returned 0x215a720 [0107.094] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2159fc0 [0107.095] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x215a8f0 [0107.095] lstrlenA (lpString="VB") returned 2 [0107.095] lstrlenA (lpString="CheckBox") returned 8 [0107.095] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xc) returned 0x215aa10 [0107.095] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x28) returned 0x215aa28 [0107.095] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xec) returned 0x215aa58 [0107.095] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x48) returned 0x215ab50 [0107.095] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1f8) returned 0x215aba0 [0107.095] RtlReAllocateHeap (Heap=0x2150000, Flags=0x0, Ptr=0x2155b78, Size=0xa0) returned 0x215ada0 [0107.095] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2159e80 [0107.095] RtlReAllocateHeap (Heap=0x2150000, Flags=0x0, Ptr=0x2155bf8, Size=0xa0) returned 0x215ae48 [0107.095] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x215aef0 [0107.096] lstrlenA (lpString="VB") returned 2 [0107.096] lstrlenA (lpString="OptionButton") returned 12 [0107.096] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x10) returned 0x215b0f8 [0107.096] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x28) returned 0x2155b78 [0107.096] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xd4) returned 0x215b218 [0107.096] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x4c) returned 0x2155ba8 [0107.096] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1c8) returned 0x215b2f8 [0107.096] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2159ee0 [0107.096] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x215bab8 [0107.097] lstrlenA (lpString="VB") returned 2 [0107.097] lstrlenA (lpString="ComboBox") returned 8 [0107.097] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xc) returned 0x215b200 [0107.097] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x108) returned 0x215c4d0 [0107.097] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x4c) returned 0x215c870 [0107.097] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x230) returned 0x215cde8 [0107.097] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2159fe0 [0107.097] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x215c1a8 [0107.097] lstrlenA (lpString="VB") returned 2 [0107.097] lstrlenA (lpString="ListBox") returned 7 [0107.097] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xb) returned 0x215b188 [0107.097] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x108) returned 0x215d020 [0107.097] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x54) returned 0x2155c00 [0107.097] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x230) returned 0x215d130 [0107.098] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x215a040 [0107.098] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x215c2d0 [0107.098] lstrlenA (lpString="VB") returned 2 [0107.098] lstrlenA (lpString="HScrollBar") returned 10 [0107.098] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xe) returned 0x215b1a0 [0107.098] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x24) returned 0x215d368 [0107.098] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x90) returned 0x215d398 [0107.098] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x28) returned 0x215d430 [0107.098] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x144) returned 0x215d460 [0107.098] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x215a180 [0107.098] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x215be30 [0107.098] lstrlenA (lpString="VB") returned 2 [0107.098] lstrlenA (lpString="VScrollBar") returned 10 [0107.098] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xe) returned 0x215b1b8 [0107.098] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x24) returned 0x215d5b0 [0107.099] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x90) returned 0x215d5e0 [0107.099] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x28) returned 0x215d678 [0107.099] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x144) returned 0x215d6a8 [0107.099] RtlReAllocateHeap (Heap=0x2150000, Flags=0x0, Ptr=0x215ada0, Size=0xc8) returned 0x215d7f8 [0107.099] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2159e20 [0107.099] RtlReAllocateHeap (Heap=0x2150000, Flags=0x0, Ptr=0x215ae48, Size=0xc8) returned 0x215d8c8 [0107.099] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x215b990 [0107.099] lstrlenA (lpString="VB") returned 2 [0107.099] lstrlenA (lpString="DriveListBox") returned 12 [0107.099] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x10) returned 0x215b1d0 [0107.099] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x28) returned 0x215ada0 [0107.099] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xc0) returned 0x215add0 [0107.099] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x40) returned 0x215ae98 [0107.099] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1a0) returned 0x215d998 [0107.100] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2159f40 [0107.100] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x215bd08 [0107.100] lstrlenA (lpString="VB") returned 2 [0107.100] lstrlenA (lpString="DirListBox") returned 10 [0107.100] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xe) returned 0x215b080 [0107.100] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x28) returned 0x215db40 [0107.100] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xc8) returned 0x215db70 [0107.100] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x50) returned 0x215c8c8 [0107.100] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b0) returned 0x215dc40 [0107.100] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2159ec0 [0107.100] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x215b740 [0107.100] lstrlenA (lpString="VB") returned 2 [0107.101] lstrlenA (lpString="FileListBox") returned 11 [0107.101] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b110 [0107.101] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x28) returned 0x215ddf8 [0107.101] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xec) returned 0x215de28 [0107.101] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x58) returned 0x215df20 [0107.101] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1f8) returned 0x215df80 [0107.101] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2159f00 [0107.101] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x215b868 [0107.101] lstrlenA (lpString="VB") returned 2 [0107.101] lstrlenA (lpString="Menu") returned 4 [0107.101] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x8) returned 0x215aee0 [0107.101] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x38) returned 0x215e180 [0107.101] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x4) returned 0x2155c60 [0107.102] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xb8) returned 0x215e1c0 [0107.102] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2159e60 [0107.102] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x215b618 [0107.102] lstrlenA (lpString="VB") returned 2 [0107.102] lstrlenA (lpString="Shape") returned 5 [0107.102] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x9) returned 0x215b0b0 [0107.102] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x1c) returned 0x215e280 [0107.102] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x68) returned 0x215e2a8 [0107.102] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xfc) returned 0x215e318 [0107.102] RtlReAllocateHeap (Heap=0x2150000, Flags=0x0, Ptr=0x215d7f8, Size=0xf0) returned 0x215e420 [0107.102] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x215a000 [0107.103] RtlReAllocateHeap (Heap=0x2150000, Flags=0x0, Ptr=0x215d8c8, Size=0xf0) returned 0x215e518 [0107.103] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x215b4f0 [0107.103] lstrlenA (lpString="VB") returned 2 [0107.103] lstrlenA (lpString="Line") returned 4 [0107.103] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x8) returned 0x215d7f8 [0107.103] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x18) returned 0x2159f60 [0107.103] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x50) returned 0x215c920 [0107.103] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xd0) returned 0x215d808 [0107.103] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2159de0 [0107.103] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x215bbe0 [0107.103] lstrlenA (lpString="VB") returned 2 [0107.103] lstrlenA (lpString="Image") returned 5 [0107.103] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x9) returned 0x215b140 [0107.104] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x24) returned 0x215d8e0 [0107.104] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x98) returned 0x215e610 [0107.104] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x34) returned 0x215d910 [0107.104] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x154) returned 0x215e6b0 [0107.104] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2159f80 [0107.104] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x215bf58 [0107.104] lstrlenA (lpString="VB") returned 2 [0107.104] lstrlenA (lpString="Data") returned 4 [0107.104] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x8) returned 0x215d950 [0107.104] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xd8) returned 0x215e810 [0107.104] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x3c) returned 0x215e8f0 [0107.104] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1d8) returned 0x215e938 [0107.104] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2159f20 [0107.104] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x114) returned 0x215c080 [0107.104] lstrlenA (lpString="VB") returned 2 [0107.105] lstrlenA (lpString="OLE") returned 3 [0107.105] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x7) returned 0x215d960 [0107.105] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x17c) returned 0x215eb18 [0107.105] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x40) returned 0x215eca0 [0107.105] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2f0) returned 0x215ece8 [0107.105] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2159e40 [0107.105] IMalloc:Alloc (This=0x7627fec4, cb=0x64) returned 0x5b07f0 [0107.105] IMalloc:Alloc (This=0x7627fec4, cb=0xc) returned 0x5c4d28 [0107.105] IMalloc:Alloc (This=0x7627fec4, cb=0x2c) returned 0x5b8a50 [0107.105] IMalloc:GetSize (This=0x7627fec4, pv=0x5b8a50) returned 0x2c [0107.105] IMalloc:Alloc (This=0x7627fec4, cb=0x20) returned 0x5b9cc0 [0107.105] GetCurrentThreadId () returned 0x177c [0107.105] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x54) returned 0x28f0048 [0107.106] GetCurrentThreadId () returned 0x177c [0107.106] IMalloc:Alloc (This=0x7627fec4, cb=0x1c) returned 0x5b9c98 [0107.106] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x104) returned 0x28f00a8 [0107.106] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x6f8) returned 0x28f01b8 [0107.106] VirtualProtect (in: lpAddress=0x20b0000, dwSize=0x6000, flNewProtect=0x4, lpflOldProtect=0x19fde0 | out: lpflOldProtect=0x19fde0*=0x20) returned 1 [0107.106] GetCurrentProcess () returned 0xffffffff [0107.107] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x20b0000, dwSize=0x6000) returned 1 [0107.107] VirtualAlloc (lpAddress=0x20b0000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x20b0000 [0107.125] VirtualAlloc (lpAddress=0x20b0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x20b0000 [0107.126] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xd4) returned 0x28f08b8 [0107.126] VirtualAlloc (lpAddress=0x20b0000, dwSize=0x9000, flAllocationType=0x1000, flProtect=0x4) returned 0x20b0000 [0107.126] VirtualAlloc (lpAddress=0x20b0000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0x20b0000 [0107.126] VirtualProtect (in: lpAddress=0x20b0000, dwSize=0xa000, flNewProtect=0x20, lpflOldProtect=0x19fde0 | out: lpflOldProtect=0x19fde0*=0x4) returned 1 [0107.128] GetCurrentProcess () returned 0xffffffff [0107.128] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x20b0000, dwSize=0xa000) returned 1 [0107.128] GetCurrentThreadId () returned 0x177c [0107.128] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x23ec) returned 0x28f0998 [0107.140] GetCurrentThreadId () returned 0x177c [0107.140] SetWindowTextA (hWnd=0x3037a, lpString="Kawaii-Unicorn") returned 1 [0107.140] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0xc, wParam=0x0, lParam=0x19fd54) returned 0x1 [0107.141] RegOpenKeyA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\VBA\\Monitors", phkResult=0x19fd3c | out: phkResult=0x19fd3c*=0x0) returned 0x2 [0107.141] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0107.141] VirtualQuery (in: lpAddress=0x19f768, lpBuffer=0x19f74c, dwLength=0x1c | out: lpBuffer=0x19f74c*(BaseAddress=0x19f000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0107.142] IMalloc:Alloc (This=0x7627fec4, cb=0x50) returned 0x5b0ce0 [0107.142] IMalloc:GetSize (This=0x7627fec4, pv=0x5b0ce0) returned 0x50 [0107.142] GetCurrentThreadId () returned 0x177c [0107.142] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x104) returned 0x28f2d90 [0107.142] GetCurrentThreadId () returned 0x177c [0107.142] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xc4) returned 0x28f2ea0 [0107.142] GetCurrentThreadId () returned 0x177c [0107.142] GetCurrentThreadId () returned 0x177c [0107.142] GetCurrentThreadId () returned 0x177c [0107.143] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x140) returned 0x28f2f70 [0107.143] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x10) returned 0x215b158 [0107.143] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x434) returned 0x28f30b8 [0107.143] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1ac [0107.143] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x198) returned 0x28f34f8 [0107.143] GetVersionExA (in: lpVersionInformation=0x19fa64*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x19fabc, dwMinorVersion=0x28f2eb0, dwBuildNumber=0x2150000, dwPlatformId=0x3e6, szCSDVersion="^\x03") | out: lpVersionInformation=0x19fa64*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0107.143] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0107.143] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x2159fa0 [0107.143] lstrlenA (lpString="vb6chs.dll") returned 10 [0107.143] lstrlenA (lpString="C:\\Windows\\SYSTEM32\\") returned 20 [0107.143] lstrcpyA (in: lpString1=0x19f9c8, lpString2="C:\\Windows\\SYSTEM32\\" | out: lpString1="C:\\Windows\\SYSTEM32\\") returned="C:\\Windows\\SYSTEM32\\" [0107.143] lstrcatA (in: lpString1="C:\\Windows\\SYSTEM32\\", lpString2="vb6chs.dll" | out: lpString1="C:\\Windows\\SYSTEM32\\vb6chs.dll") returned="C:\\Windows\\SYSTEM32\\vb6chs.dll" [0107.143] LoadLibraryA (lpLibFileName="C:\\Windows\\SYSTEM32\\vb6chs.dll") returned 0x0 [0107.144] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x14) returned 0x215a020 [0107.144] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x80) returned 0x28f3698 [0107.156] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3698 | out: hHeap=0x2150000) returned 1 [0107.157] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="MS Sans Serif", cbMultiByte=-1, lpWideCharStr=0x19fa8c, cchWideChar=14 | out: lpWideCharStr="MS Sans Serif") returned 14 [0107.157] OleCreateFontIndirect () returned 0x0 [0107.207] CFont::SetRatio () returned 0x0 [0107.207] CFont::get_hFont () returned 0x0 [0107.211] CFont::Clone () returned 0x0 [0107.211] CFont::SetRatio () returned 0x0 [0107.211] lstrlenA (lpString="I'm Unicorn") returned 11 [0107.211] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xc) returned 0x215b128 [0107.211] OleTranslateColor () returned 0x0 [0107.213] OleLoadPictureEx () returned 0x0 [0108.042] CPicture::get_Type () returned 0x0 [0108.042] CPicture::QueryInterface () returned 0x0 [0108.042] CPicture::AddRef () returned 0x3 [0108.042] CPicture::Release () returned 0x2 [0108.042] CPicture::Release () returned 0x1 [0108.042] lstrlenA (lpString="Form1") returned 5 [0108.042] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x6) returned 0x215d970 [0108.042] lstrlenA (lpString="ThunderRT6") returned 10 [0108.042] lstrcpyA (in: lpString1=0x19faa0, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0108.042] lstrlenA (lpString="ThunderRT6Form") returned 14 [0108.042] lstrcpynA (in: lpString1=0x19faae, lpString2="DC", iMaxLength=116 | out: lpString1="DC") returned="DC" [0108.042] lstrlenA (lpString="ThunderRT6") returned 10 [0108.042] lstrcpyA (in: lpString1=0x19fa34, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0108.042] GetClassInfoA (in: hInstance=0x7a0000, lpClassName="ThunderRT6Form", lpWndClass=0x19fa60 | out: lpWndClass=0x19fa60) returned 0 [0108.043] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0108.044] RegisterClassA (lpWndClass=0x19fa60) returned 0xc1cf [0108.044] lstrlenA (lpString="ThunderRT6") returned 10 [0108.044] lstrcpyA (in: lpString1=0x19fa34, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0108.044] lstrlenA (lpString="ThunderRT6Form") returned 14 [0108.044] lstrcpynA (in: lpString1=0x19fa42, lpString2="DC", iMaxLength=29 | out: lpString1="DC") returned="DC" [0108.044] RegisterClassA (lpWndClass=0x19fa60) returned 0xc1ec [0108.044] AdjustWindowRectEx (in: lpRect=0x19fb60, dwStyle=0x2000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19fb60) returned 1 [0108.044] CreateWindowExA (dwExStyle=0x0, lpClassName=0xc1ec, lpWindowName="I'm Unicorn", dwStyle=0x2000000, X=0, Y=0, nWidth=748, nHeight=681, hWndParent=0x3037a, hMenu=0x0, hInstance=0x7a0000, lpParam=0x0) returned 0x2036c [0108.175] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x81, wParam=0x0, lParam=0x19f618) returned 0x1 [0108.175] SetWindowLongA (hWnd=0x2036c, nIndex=-16, dwNewLong=33554432) returned 113246208 [0108.179] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x7c, wParam=0xfffffff0, lParam=0x19f1ec) returned 0x0 [0108.180] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x7d, wParam=0xfffffff0, lParam=0x19f1ec) returned 0x0 [0108.183] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x83, wParam=0x0, lParam=0x19f604) returned 0x0 [0108.183] GetSystemMenu (hWnd=0x2036c, bRevert=0) returned 0x0 [0108.184] SetWindowContextHelpId (param_1=0x2036c, param_2=0xffffffff) returned 1 [0108.184] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x1, wParam=0x0, lParam=0x19f618) returned 0x0 [0108.188] GetDC (hWnd=0x2036c) returned 0x75010900 [0108.188] GetTextMetricsA (in: hdc=0x75010900, lptm=0x19fa4c | out: lptm=0x19fa4c) returned 1 [0108.189] SetBkMode (hdc=0x75010900, mode=1) returned 2 [0108.189] OleTranslateColor () returned 0x0 [0108.189] SetBkColor (hdc=0x75010900, color=0x0) returned 0xffffff [0108.189] OleTranslateColor () returned 0x0 [0108.189] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0108.189] OleTranslateColor () returned 0x0 [0108.189] CreatePen (iStyle=0, cWidth=1, color=0x0) returned 0x653008c6 [0108.189] SelectObject (hdc=0x75010900, h=0x653008c6) returned 0xb00017 [0108.189] SelectObject (hdc=0x75010900, h=0x900011) returned 0x900010 [0108.189] ClientToScreen (in: hWnd=0x2036c, lpPoint=0x19fa2c | out: lpPoint=0x19fa2c) returned 1 [0108.189] SetBrushOrgEx (in: hdc=0x75010900, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0108.189] UnrealizeObject (h=0x900015) returned 1 [0108.189] SelectObject (hdc=0x75010900, h=0x900015) returned 0x900011 [0108.189] CFont::QueryInterface () returned 0x0 [0108.189] CFont::FindConnectionPoint () returned 0x0 [0108.189] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x14) returned 0x215a0c0 [0108.189] CNotifyCP::Advise () returned 0x0 [0108.189] CFont::get_hFont () returned 0x0 [0108.189] CFont::AddRefHfont () returned 0x0 [0108.189] SelectObject (hdc=0x75010900, h=0x1a0a06fb) returned 0x58a00b4 [0108.189] GetTextMetricsA (in: hdc=0x75010900, lptm=0x19f840 | out: lptm=0x19f840) returned 1 [0108.189] CFontEventsCP::Release () returned 0x0 [0108.189] Release () returned 0x1 [0108.189] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xdc) returned 0x28f3698 [0108.190] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x215a060 [0108.190] lstrlenA (lpString="ThunderRT6") returned 10 [0108.190] lstrcpyA (in: lpString1=0x19fa70, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0108.190] lstrlenA (lpString="ThunderRT6") returned 10 [0108.190] lstrcpyA (in: lpString1=0x19fa04, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0108.190] GetClassInfoA (in: hInstance=0x7a0000, lpClassName="ThunderRT6Timer", lpWndClass=0x19fa30 | out: lpWndClass=0x19fa30) returned 0 [0108.190] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0108.190] RegisterClassA (lpWndClass=0x19fa30) returned 0xc1ed [0108.190] CreateWindowExA (dwExStyle=0x4, lpClassName=0xc1ed, lpWindowName=0x0, dwStyle=0x44010000, X=656, Y=368, nWidth=0, nHeight=0, hWndParent=0x2036c, hMenu=0x1, hInstance=0x7a0000, lpParam=0x0) returned 0x501c4 [0108.191] SetTimer (hWnd=0x501c4, nIDEvent=0x501c4, uElapse=0x2328, lpTimerFunc=0x0) returned 0x501c4 [0108.191] NtdllDefWindowProc_A (hWnd=0x501c4, Msg=0x81, wParam=0x0, lParam=0x19f5e8) returned 0x1 [0108.192] NtdllDefWindowProc_A (hWnd=0x501c4, Msg=0x83, wParam=0x0, lParam=0x19f5d4) returned 0x0 [0108.192] NtdllDefWindowProc_A (hWnd=0x501c4, Msg=0x1, wParam=0x0, lParam=0x19f5e8) returned 0x0 [0108.193] NtdllDefWindowProc_A (hWnd=0x501c4, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0108.193] NtdllDefWindowProc_A (hWnd=0x501c4, Msg=0x3, wParam=0x0, lParam=0x1700290) returned 0x0 [0108.193] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xf4) returned 0x28f3780 [0108.193] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x215a080 [0108.194] CFont::Clone () returned 0x0 [0108.194] CFont::SetRatio () returned 0x0 [0108.194] lstrlenA (lpString="0") returned 1 [0108.194] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x215d980 [0108.194] lstrlenA (lpString="ThunderRT6") returned 10 [0108.194] lstrcpyA (in: lpString1=0x19fa70, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0108.194] lstrlenA (lpString="ThunderRT6") returned 10 [0108.194] lstrcpyA (in: lpString1=0x19fa04, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0108.194] GetClassInfoA (in: hInstance=0x0, lpClassName="Edit", lpWndClass=0x19fa30 | out: lpWndClass=0x19fa30) returned 1 [0108.194] GetClassInfoA (in: hInstance=0x7a0000, lpClassName="ThunderRT6TextBox", lpWndClass=0x19fa30 | out: lpWndClass=0x19fa30) returned 0 [0108.194] RegisterClassA (lpWndClass=0x19fa30) returned 0xc1ee [0108.195] CreateWindowExA (dwExStyle=0x204, lpClassName=0xc1ee, lpWindowName="0", dwStyle=0x440100e0, X=64, Y=48, nWidth=41, nHeight=19, hWndParent=0x2036c, hMenu=0x2, hInstance=0x7a0000, lpParam=0x0) returned 0x80056 [0108.195] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x81, wParam=0x0, lParam=0x19f5e8) returned 0x1 [0108.197] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x83, wParam=0x0, lParam=0x19f5d4) returned 0x0 [0108.197] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x1, wParam=0x0, lParam=0x19f5e8) returned 0x1 [0108.207] IsWindow (hWnd=0x80056) returned 1 [0108.207] IsWindow (hWnd=0x80056) returned 1 [0108.209] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xcc, wParam=0x0, lParam=0x0) returned 0x1 [0108.210] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x5, wParam=0x0, lParam=0xf0025) returned 0x0 [0108.210] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x3, wParam=0x0, lParam=0x320042) returned 0x0 [0108.210] CFont::QueryInterface () returned 0x0 [0108.210] CFont::FindConnectionPoint () returned 0x0 [0108.210] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x14) returned 0x215a0a0 [0108.210] CNotifyCP::Advise () returned 0x0 [0108.210] CFont::get_hFont () returned 0x0 [0108.210] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x30, wParam=0x1a0a06fb, lParam=0x0) returned 0x1 [0108.211] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd3, wParam=0xffff, lParam=0x0) returned 0x0 [0108.211] CFontEventsCP::Release () returned 0x0 [0108.211] Release () returned 0x1 [0108.211] ShowWindow (hWnd=0x80056, nCmdShow=5) returned 0 [0108.212] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0108.212] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xdc) returned 0x28f3880 [0108.212] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x215a0e0 [0108.212] lstrlenA (lpString="ThunderRT6") returned 10 [0108.212] lstrcpyA (in: lpString1=0x19fa70, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0108.212] CreateWindowExA (dwExStyle=0x4, lpClassName=0xc1ed, lpWindowName=0x0, dwStyle=0x44010000, X=576, Y=136, nWidth=0, nHeight=0, hWndParent=0x2036c, hMenu=0x3, hInstance=0x7a0000, lpParam=0x0) returned 0x9003a [0108.213] SetTimer (hWnd=0x9003a, nIDEvent=0x9003a, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x9003a [0108.213] NtdllDefWindowProc_A (hWnd=0x9003a, Msg=0x81, wParam=0x0, lParam=0x19f5e8) returned 0x1 [0108.213] NtdllDefWindowProc_A (hWnd=0x9003a, Msg=0x83, wParam=0x0, lParam=0x19f5d4) returned 0x0 [0108.214] NtdllDefWindowProc_A (hWnd=0x9003a, Msg=0x1, wParam=0x0, lParam=0x19f5e8) returned 0x0 [0108.214] NtdllDefWindowProc_A (hWnd=0x9003a, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0108.214] NtdllDefWindowProc_A (hWnd=0x9003a, Msg=0x3, wParam=0x0, lParam=0x880240) returned 0x0 [0108.214] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xdc) returned 0x28f3968 [0108.214] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x215a100 [0108.215] CFont::Clone () returned 0x0 [0108.215] CFont::SetRatio () returned 0x0 [0108.215] lstrlenA (lpString="Unicorn") returned 7 [0108.215] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x8) returned 0x28f3a50 [0108.215] CFont::QueryInterface () returned 0x0 [0108.215] CFont::Load () returned 0x0 [0108.215] Release () returned 0x1 [0108.215] CFont::QueryInterface () returned 0x0 [0108.215] CFont::FindConnectionPoint () returned 0x0 [0108.215] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x14) returned 0x215a120 [0108.215] CNotifyCP::Advise () returned 0x0 [0108.215] CFont::get_hFont () returned 0x0 [0108.219] CFontEventsCP::Release () returned 0x0 [0108.219] Release () returned 0x1 [0108.220] GetClientRect (in: hWnd=0x2036c, lpRect=0x19fbe0 | out: lpRect=0x19fbe0) returned 1 [0108.220] MapWindowPoints (in: hWndFrom=0x2036c, hWndTo=0x0, lpPoints=0x19fbe0, cPoints=0x2 | out: lpPoints=0x19fbe0) returned 0 [0108.220] EqualRect (lprc1=0x19fbe0, lprc2=0x19fbc0) returned 1 [0108.220] SetEvent (hEvent=0x1ac) returned 1 [0108.220] CPicture::get_hPal () returned 0x0 [0108.220] CPicture::AddRef () returned 0x2 [0108.220] CPicture::get_Type () returned 0x0 [0108.220] CPicture::get_CurDC () returned 0x0 [0108.220] CPicture::AddRef () returned 0x3 [0108.220] CPicture::Release () returned 0x2 [0108.220] CPicture::get_Type () returned 0x0 [0108.220] CPicture::QueryInterface () returned 0x0 [0108.220] CPicture::FindConnectionPoint () returned 0x0 [0108.220] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x10) returned 0x215b038 [0108.220] CNotifyCP::Advise () returned 0x0 [0108.220] Release () returned 0x2 [0108.220] InvalidateRect (hWnd=0x2036c, lpRect=0x0, bErase=1) returned 1 [0108.220] UpdateWindow (hWnd=0x2036c) returned 1 [0108.220] CPicture::Release () returned 0x1 [0108.220] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xc5, wParam=0x0, lParam=0x0) returned 0x1 [0108.220] GetFocus () returned 0x0 [0108.220] IsIconic (hWnd=0x2036c) returned 0 [0108.220] IsZoomed (hWnd=0x2036c) returned 0 [0108.220] GetClientRect (in: hWnd=0x2036c, lpRect=0x19fbd4 | out: lpRect=0x19fbd4) returned 1 [0108.220] GetWindow (hWnd=0x2036c, uCmd=0x5) returned 0x501c4 [0108.221] GetWindow (hWnd=0x501c4, uCmd=0x2) returned 0x80056 [0108.221] GetParent (hWnd=0x501c4) returned 0x2036c [0108.221] GetWindow (hWnd=0x80056, uCmd=0x2) returned 0x9003a [0108.221] GetParent (hWnd=0x80056) returned 0x2036c [0108.221] GetWindow (hWnd=0x9003a, uCmd=0x2) returned 0x0 [0108.221] GetParent (hWnd=0x9003a) returned 0x2036c [0108.221] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f930 | out: lpRect=0x19f930) returned 1 [0108.221] OleTranslateColor () returned 0x0 [0108.221] OleTranslateColor () returned 0x0 [0108.221] OleTranslateColor () returned 0x0 [0108.221] OleTranslateColor () returned 0x0 [0108.221] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0108.221] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0108.221] CPicture::get_Type () returned 0x0 [0108.221] CPicture::get_Type () returned 0x0 [0108.221] CPicture::get_Width () returned 0x0 [0108.221] CPicture::get_Height () returned 0x0 [0108.221] CPicture::get_Attributes () returned 0x0 [0108.221] CPicture::Render () returned 0x0 [0108.224] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0108.224] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0108.224] GetClipBox (in: hdc=0x75010900, lprect=0x19f950 | out: lprect=0x19f950) returned 1 [0108.224] OleTranslateColor () returned 0x0 [0108.224] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0108.224] SetErrorMode (uMode=0x8001) returned 0x8001 [0108.225] LoadLibraryA (lpLibFileName="user32") returned 0x77be0000 [0108.225] SetErrorMode (uMode=0x8001) returned 0x8001 [0108.225] GetProcAddress (hModule=0x77be0000, lpProcName="GetWindowLongA") returned 0x77c11db0 [0108.225] GetWindowLongA (hWnd=0x2036c, nIndex=-20) returned 0 [0108.225] GetLastError () returned 0x0 [0108.225] SetErrorMode (uMode=0x8001) returned 0x8001 [0108.225] LoadLibraryA (lpLibFileName="user32") returned 0x77be0000 [0108.225] SetErrorMode (uMode=0x8001) returned 0x8001 [0108.225] GetProcAddress (hModule=0x77be0000, lpProcName="SetWindowLongA") returned 0x77c051b0 [0108.225] SetWindowLongA (hWnd=0x2036c, nIndex=-20, dwNewLong=524288) returned 0 [0108.226] GetCapture () returned 0x0 [0108.226] GetCapture () returned 0x0 [0108.226] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x7c, wParam=0xffffffec, lParam=0x19f9fc) returned 0x0 [0108.227] GetCapture () returned 0x0 [0108.227] GetCapture () returned 0x0 [0108.227] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x7d, wParam=0xffffffec, lParam=0x19f9fc) returned 0x0 [0108.228] GetLastError () returned 0x0 [0108.228] SetErrorMode (uMode=0x8001) returned 0x8001 [0108.228] LoadLibraryA (lpLibFileName="user32") returned 0x77be0000 [0108.228] SetErrorMode (uMode=0x8001) returned 0x8001 [0108.228] GetProcAddress (hModule=0x77be0000, lpProcName="SetLayeredWindowAttributes") returned 0x77c1f010 [0108.228] SetLayeredWindowAttributes (hwnd=0x2036c, crKey=0xff78ff, bAlpha=0x32, dwFlags=0x2) returned 1 [0108.230] GetLastError () returned 0x0 [0108.230] GetCurrentThreadId () returned 0x177c [0108.230] GetWindow (hWnd=0x2036c, uCmd=0x4) returned 0x3037a [0108.230] IsIconic (hWnd=0x3037a) returned 0 [0108.230] MonitorFromWindow (hwnd=0x2036c, dwFlags=0x2) returned 0x10001 [0108.230] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x19fb28 | out: lpmi=0x19fb28) returned 1 [0108.230] GetWindowRect (in: hWnd=0x3037a, lpRect=0x19fb50 | out: lpRect=0x19fb50) returned 1 [0108.230] SetWindowPos (hWnd=0x2036c, hWndInsertAfter=0x0, X=346, Y=110, cx=0, cy=0, uFlags=0x15) returned 1 [0108.230] GetCapture () returned 0x0 [0108.231] GetCapture () returned 0x0 [0108.231] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x46, wParam=0x0, lParam=0x19fad4) returned 0x0 [0108.232] GetCapture () returned 0x0 [0108.232] GetCapture () returned 0x0 [0108.232] GetParent (hWnd=0x2036c) returned 0x0 [0108.232] GetWindowRect (in: hWnd=0x2036c, lpRect=0x19f680 | out: lpRect=0x19f680) returned 1 [0108.232] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x47, wParam=0x0, lParam=0x19fad4) returned 0x0 [0108.232] GetCapture () returned 0x0 [0108.232] GetCapture () returned 0x0 [0108.232] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x3, wParam=0x0, lParam=0x6e015a) returned 0x0 [0108.232] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 100663296 [0108.232] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f6f0 | out: lpRect=0x19f6f0) returned 1 [0108.232] MapWindowPoints (in: hWndFrom=0x2036c, hWndTo=0x0, lpPoints=0x19f6f0, cPoints=0x2 | out: lpPoints=0x19f6f0) returned 7209306 [0108.235] ShowWindow (hWnd=0x2036c, nCmdShow=1) returned 0 [0108.236] GetCapture () returned 0x0 [0108.236] GetCapture () returned 0x0 [0108.236] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0108.236] GetCapture () returned 0x0 [0108.236] GetCapture () returned 0x0 [0108.236] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x46, wParam=0x0, lParam=0x19fb24) returned 0x0 [0108.236] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x46, wParam=0x0, lParam=0x19fb24) returned 0x0 [0108.239] GetCapture () returned 0x0 [0108.239] GetCapture () returned 0x0 [0108.239] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x46, wParam=0x0, lParam=0x19fb24) returned 0x0 [0108.239] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x46, wParam=0x0, lParam=0x19fb24) returned 0x0 [0108.239] GetWindowLongA (hWnd=0x40372, nIndex=0) returned 34938500 [0108.239] GetCapture () returned 0x0 [0108.240] GetCapture () returned 0x0 [0108.240] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0108.240] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0108.240] GetCapture () returned 0x0 [0108.240] GetCapture () returned 0x0 [0108.240] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1 [0108.240] GetCapture () returned 0x0 [0108.241] GetCapture () returned 0x0 [0108.241] IsIconic (hWnd=0x2036c) returned 0 [0108.241] GetFocus () returned 0x0 [0108.241] GetWindowLongA (hWnd=0x501c4, nIndex=-16) returned 1140916224 [0108.241] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0108.241] IsWindowVisible (hWnd=0x80056) returned 1 [0108.241] IsWindowEnabled (hWnd=0x80056) returned 1 [0108.241] GetParent (hWnd=0x80056) returned 0x2036c [0108.241] IsWindowEnabled (hWnd=0x2036c) returned 1 [0108.241] GetParent (hWnd=0x2036c) returned 0x0 [0108.241] GetWindowLongA (hWnd=0x9003a, nIndex=-16) returned 1140916224 [0108.241] GetFocus () returned 0x0 [0108.241] IsWindowEnabled (hWnd=0x80056) returned 1 [0108.241] GetWindowThreadProcessId (in: hWnd=0x80056, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x177c [0108.241] GetCurrentThreadId () returned 0x177c [0108.241] SetFocus (hWnd=0x80056) returned 0x0 [0108.711] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0108.725] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0108.725] GetFocus () returned 0x80056 [0108.725] GetCaretPos (in: lpPoint=0x19e7d8 | out: lpPoint=0x19e7d8) returned 1 [0108.726] GetFocus () returned 0x80056 [0108.726] GetCaretPos (in: lpPoint=0x19f018 | out: lpPoint=0x19f018) returned 1 [0108.726] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x1 [0108.728] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x282, wParam=0xa, lParam=0x0) returned 0x0 [0108.729] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x282, wParam=0xf, lParam=0x501cd) returned 0x0 [0108.731] GetFocus () returned 0x80056 [0108.731] GetCaretPos (in: lpPoint=0x19e318 | out: lpPoint=0x19e318) returned 1 [0108.731] GetFocus () returned 0x80056 [0108.731] GetCaretPos (in: lpPoint=0x19eeb8 | out: lpPoint=0x19eeb8) returned 1 [0108.731] GetCapture () returned 0x0 [0108.731] GetCapture () returned 0x0 [0108.731] IsWindow (hWnd=0x80056) returned 1 [0108.731] OleTranslateColor () returned 0x0 [0108.731] OleTranslateColor () returned 0x0 [0108.731] SetTextColor (hdc=0x380106db, color=0x0) returned 0x0 [0108.731] SetBkColor (hdc=0x380106db, color=0xffffff) returned 0xffffff [0108.731] OleTranslateColor () returned 0x0 [0108.911] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x282, wParam=0xb, lParam=0x0) returned 0x0 [0108.911] GetFocus () returned 0x80056 [0108.911] GetCaretPos (in: lpPoint=0x19ee00 | out: lpPoint=0x19ee00) returned 1 [0108.912] GetCapture () returned 0x0 [0108.912] GetCapture () returned 0x0 [0108.912] IsWindow (hWnd=0x80056) returned 1 [0108.912] IsWindow (hWnd=0x80056) returned 1 [0108.912] IsWindowEnabled (hWnd=0x2036c) returned 1 [0108.912] PostMessageA (hWnd=0x2036c, Msg=0x100e, wParam=0xa, lParam=0x0) returned 1 [0108.913] IsIconic (hWnd=0x2036c) returned 0 [0108.913] PostMessageA (hWnd=0x80056, Msg=0x100e, wParam=0x3, lParam=0x0) returned 1 [0108.913] GetFocus () returned 0x80056 [0108.913] GetCaretPos (in: lpPoint=0x19f4ac | out: lpPoint=0x19f4ac) returned 1 [0108.913] PostMessageA (hWnd=0x2036c, Msg=0x105a, wParam=0x0, lParam=0x0) returned 1 [0108.914] GetCapture () returned 0x0 [0108.914] GetCapture () returned 0x0 [0108.914] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0108.914] GetCapture () returned 0x0 [0108.914] GetCapture () returned 0x0 [0108.914] IsIconic (hWnd=0x2036c) returned 0 [0108.914] IsIconic (hWnd=0x2036c) returned 0 [0108.914] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0108.915] GetFocus () returned 0x80056 [0108.915] GetCaretPos (in: lpPoint=0x19f8d4 | out: lpPoint=0x19f8d4) returned 1 [0108.915] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x14, wParam=0x380106db, lParam=0x0) returned 0x1 [0108.915] GetFocus () returned 0x80056 [0108.915] GetCaretPos (in: lpPoint=0x19f8d4 | out: lpPoint=0x19f8d4) returned 1 [0108.916] GetCapture () returned 0x0 [0108.916] GetCapture () returned 0x0 [0108.916] GetParent (hWnd=0x2036c) returned 0x0 [0108.916] GetWindowRect (in: hWnd=0x2036c, lpRect=0x19f6d0 | out: lpRect=0x19f6d0) returned 1 [0108.916] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x47, wParam=0x0, lParam=0x19fb24) returned 0x0 [0108.916] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0108.916] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f740 | out: lpRect=0x19f740) returned 1 [0108.916] MapWindowPoints (in: hWndFrom=0x2036c, hWndTo=0x0, lpPoints=0x19f740, cPoints=0x2 | out: lpPoints=0x19f740) returned 7209306 [0108.916] GetCapture () returned 0x0 [0108.916] GetCapture () returned 0x0 [0108.916] CPicture::get_Attributes () returned 0x0 [0108.916] IsWindowVisible (hWnd=0x2036c) returned 1 [0108.916] IsIconic (hWnd=0x2036c) returned 0 [0108.916] IsZoomed (hWnd=0x2036c) returned 0 [0108.916] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x5, wParam=0x0, lParam=0x2a902ec) returned 0x0 [0108.916] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f71c | out: lpRect=0x19f71c) returned 1 [0108.916] GetWindow (hWnd=0x2036c, uCmd=0x5) returned 0x501c4 [0108.916] GetWindow (hWnd=0x501c4, uCmd=0x2) returned 0x80056 [0108.916] GetParent (hWnd=0x501c4) returned 0x2036c [0108.916] GetWindow (hWnd=0x80056, uCmd=0x2) returned 0x9003a [0108.916] GetParent (hWnd=0x80056) returned 0x2036c [0108.917] GetWindow (hWnd=0x9003a, uCmd=0x2) returned 0x0 [0108.917] GetParent (hWnd=0x9003a) returned 0x2036c [0108.917] GetCapture () returned 0x0 [0108.917] GetCapture () returned 0x0 [0108.917] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x3, wParam=0x0, lParam=0x6e015a) returned 0x0 [0109.025] GetCurrentThreadId () returned 0x177c [0109.025] PostThreadMessageA (idThread=0x177c, Msg=0x1069, wParam=0x0, lParam=0x0) returned 1 [0109.026] GetCurrentProcessId () returned 0x1518 [0109.026] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x18) returned 0x215a160 [0109.026] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xc) returned 0x215b050 [0109.026] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0109.026] IsWindow (hWnd=0x2036c) returned 1 [0109.026] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0109.026] IsIconic (hWnd=0x2036c) returned 0 [0109.026] GetParent (hWnd=0x2036c) returned 0x0 [0109.026] TranslateMessage (lpMsg=0x19fe40) returned 0 [0109.027] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0109.027] GetCapture () returned 0x0 [0109.027] GetCapture () returned 0x0 [0109.027] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0109.027] IsWindow (hWnd=0x80056) returned 1 [0109.027] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0109.028] IsIconic (hWnd=0x2036c) returned 0 [0109.028] GetParent (hWnd=0x80056) returned 0x2036c [0109.028] TranslateMessage (lpMsg=0x19fe40) returned 0 [0109.028] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0109.028] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0109.028] IsWindow (hWnd=0x2036c) returned 1 [0109.028] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0109.028] IsIconic (hWnd=0x2036c) returned 0 [0109.028] GetParent (hWnd=0x2036c) returned 0x0 [0109.028] TranslateMessage (lpMsg=0x19fe40) returned 0 [0109.028] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0109.028] GetCapture () returned 0x0 [0109.028] GetCapture () returned 0x0 [0109.028] GetActiveWindow () returned 0x2036c [0109.028] GetWindowThreadProcessId (in: hWnd=0x2036c, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x177c [0109.028] GetFocus () returned 0x80056 [0109.029] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0109.029] TranslateMessage (lpMsg=0x19fe40) returned 0 [0109.029] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0109.029] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0109.029] GetCapture () returned 0x0 [0109.029] GetCapture () returned 0x0 [0109.029] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x2dd03a4) returned 0x1 [0109.030] GetCapture () returned 0x0 [0109.030] GetCapture () returned 0x0 [0109.030] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x20, wParam=0x2036c, lParam=0x2000001) returned 0x0 [0109.030] IsWindow (hWnd=0x2036c) returned 1 [0109.030] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0109.030] IsIconic (hWnd=0x2036c) returned 0 [0109.030] GetCursorPos (in: lpPoint=0x19fdb4 | out: lpPoint=0x19fdb4*(x=932, y=733)) returned 1 [0109.030] WindowFromPoint (Point=0x3a4) returned 0x2036c [0109.031] GetCapture () returned 0x0 [0109.031] GetCapture () returned 0x0 [0109.031] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x2dd03a4) returned 0x1 [0109.031] ScreenToClient (in: hWnd=0x2036c, lpPoint=0x19fd94 | out: lpPoint=0x19fd94) returned 1 [0109.031] IsWindowEnabled (hWnd=0x2036c) returned 1 [0109.031] GetParent (hWnd=0x2036c) returned 0x0 [0109.031] PtInRect (lprc=0x19fd28, pt=0x24a) returned 0 [0109.031] GetParent (hWnd=0x2036c) returned 0x0 [0109.031] TranslateMessage (lpMsg=0x19fe40) returned 0 [0109.031] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0109.031] GetCapture () returned 0x0 [0109.031] GetCapture () returned 0x0 [0109.031] IsWindowEnabled (hWnd=0x2036c) returned 1 [0109.031] GetParent (hWnd=0x2036c) returned 0x0 [0109.031] PtInRect (lprc=0x19fbe4, pt=0x24a) returned 0 [0109.031] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x200, wParam=0x0, lParam=0x26f024a) returned 0x0 [0109.031] CreateWindowExA (dwExStyle=0x80, lpClassName="VBBubbleRT6", lpWindowName=0x0, dwStyle=0x80800000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x7a0000, lpParam=0x0) returned 0x70322 [0109.032] NtdllDefWindowProc_A (hWnd=0x70322, Msg=0x81, wParam=0x0, lParam=0x19f3d8) returned 0x1 [0109.033] NtdllDefWindowProc_A (hWnd=0x70322, Msg=0x83, wParam=0x0, lParam=0x19f3c4) returned 0x0 [0109.033] NtdllDefWindowProc_A (hWnd=0x70322, Msg=0x1, wParam=0x0, lParam=0x19f3d8) returned 0x0 [0109.034] NtdllDefWindowProc_A (hWnd=0x70322, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0109.034] NtdllDefWindowProc_A (hWnd=0x70322, Msg=0x3, wParam=0x0, lParam=0x10001) returned 0x0 [0109.034] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x154, pvParam=0x19f85c, fWinIni=0x0 | out: pvParam=0x19f85c) returned 1 [0109.035] CreateFontIndirectA (lplf=0x19f938) returned 0x530a06d9 [0109.035] GetCapture () returned 0x0 [0109.035] GetActiveWindow () returned 0x2036c [0109.035] GetWindowLongA (hWnd=0x2036c, nIndex=-6) returned 7995392 [0109.035] GetCursorPos (in: lpPoint=0x19f9c8 | out: lpPoint=0x19f9c8*(x=932, y=733)) returned 1 [0109.035] WindowFromPoint (Point=0x3a7) returned 0x2036c [0109.035] GetCapture () returned 0x0 [0109.035] GetCapture () returned 0x0 [0109.035] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x2df03a7) returned 0x1 [0109.035] ScreenToClient (in: hWnd=0x2036c, lpPoint=0x19f9c8 | out: lpPoint=0x19f9c8) returned 1 [0109.036] GetKeyState (nVirtKey=2) returned 0 [0109.036] GetKeyState (nVirtKey=4) returned 0 [0109.036] GetKeyState (nVirtKey=1) returned 0 [0109.036] GetKeyState (nVirtKey=17) returned 0 [0109.036] GetKeyState (nVirtKey=18) returned 0 [0109.036] GetKeyState (nVirtKey=16) returned 0 [0109.036] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0109.036] IsWindow (hWnd=0x2036c) returned 1 [0109.036] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0109.036] IsIconic (hWnd=0x2036c) returned 0 [0109.036] GetParent (hWnd=0x2036c) returned 0x0 [0109.036] TranslateMessage (lpMsg=0x19fe40) returned 0 [0109.036] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0109.036] GetCapture () returned 0x0 [0109.036] GetCapture () returned 0x0 [0109.036] IsIconic (hWnd=0x2036c) returned 0 [0109.037] GetUpdateRect (in: hWnd=0x2036c, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0109.037] BeginPaint (in: hWnd=0x2036c, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0x75010900 [0109.037] IsIconic (hWnd=0x2036c) returned 0 [0109.037] IsIconic (hWnd=0x2036c) returned 0 [0109.037] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0109.037] OleTranslateColor () returned 0x0 [0109.037] OleTranslateColor () returned 0x0 [0109.037] OleTranslateColor () returned 0x0 [0109.037] OleTranslateColor () returned 0x0 [0109.037] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0109.037] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0109.037] CPicture::get_Type () returned 0x0 [0109.037] CPicture::get_Type () returned 0x0 [0109.037] CPicture::get_Width () returned 0x0 [0109.037] CPicture::get_Height () returned 0x0 [0109.037] CPicture::get_Attributes () returned 0x0 [0109.037] CPicture::Render () returned 0x0 [0109.176] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0109.176] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0109.176] GetClipBox (in: hdc=0x75010900, lprect=0x19fa20 | out: lprect=0x19fa20) returned 3 [0109.176] SaveDC (hdc=0x75010900) returned 1 [0109.176] SelectObject (hdc=0x75010900, h=0x900015) returned 0x900015 [0109.176] SelectObject (hdc=0x75010900, h=0xb00016) returned 0x653008c6 [0109.176] SetROP2 (hdc=0x75010900, rop2=13) returned 13 [0109.176] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0109.176] OleTranslateColor () returned 0x0 [0109.177] OleTranslateColor () returned 0x0 [0109.177] SetTextColor (hdc=0x75010900, color=0xff00ff) returned 0x0 [0109.177] SetBkColor (hdc=0x75010900, color=0xf0f0f0) returned 0x0 [0109.177] SetBkMode (hdc=0x75010900, mode=1) returned 1 [0109.177] SelectObject (hdc=0x75010900, h=0x4e0a0925) returned 0x1a0a06fb [0109.177] GetViewportExtEx (in: hdc=0x75010900, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0109.177] GetWindowExtEx (in: hdc=0x75010900, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0109.177] SaveDC (hdc=0x75010900) returned 2 [0109.177] IntersectClipRect (hdc=0x75010900, left=72, top=296, right=769, bottom=385) returned 3 [0109.177] lstrlenA (lpString="Unicorn") returned 7 [0109.177] GetTextMetricsA (in: hdc=0x75010900, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0109.178] GetTextExtentPointA (in: hdc=0x75010900, lpString="Unicorn", c=7, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0109.179] TextOutA (hdc=0x75010900, x=72, y=296, lpString="Unicorn", c=7) returned 1 [0109.179] GetTextExtentPointA (in: hdc=0x75010900, lpString="Unicorn", c=7, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0109.179] RestoreDC (hdc=0x75010900, nSavedDC=-1) returned 1 [0109.181] SetTextColor (hdc=0x75010900, color=0x0) returned 0xff00ff [0109.181] SetBkColor (hdc=0x75010900, color=0x0) returned 0xf0f0f0 [0109.181] SelectObject (hdc=0x75010900, h=0x1a0a06fb) returned 0x4e0a0925 [0109.181] RestoreDC (hdc=0x75010900, nSavedDC=1) returned 1 [0109.181] EndPaint (hWnd=0x2036c, lpPaint=0x19fab0) returned 1 [0109.181] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0109.182] IsWindow (hWnd=0x80056) returned 1 [0109.182] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0109.182] IsIconic (hWnd=0x2036c) returned 0 [0109.182] GetParent (hWnd=0x80056) returned 0x2036c [0109.182] TranslateMessage (lpMsg=0x19fe40) returned 0 [0109.182] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0109.182] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0109.182] GetCapture () returned 0x0 [0109.182] GetCapture () returned 0x0 [0109.182] IsWindow (hWnd=0x80056) returned 1 [0109.182] OleTranslateColor () returned 0x0 [0109.182] OleTranslateColor () returned 0x0 [0109.182] SetTextColor (hdc=0x380106db, color=0x0) returned 0x0 [0109.182] SetBkColor (hdc=0x380106db, color=0xffffff) returned 0xffffff [0109.183] OleTranslateColor () returned 0x0 [0109.183] GetCapture () returned 0x0 [0109.183] GetCapture () returned 0x0 [0109.183] IsWindow (hWnd=0x80056) returned 1 [0109.183] OleTranslateColor () returned 0x0 [0109.183] OleTranslateColor () returned 0x0 [0109.183] SetTextColor (hdc=0x380106db, color=0x0) returned 0x0 [0109.183] SetBkColor (hdc=0x380106db, color=0xffffff) returned 0xffffff [0109.183] OleTranslateColor () returned 0x0 [0109.184] GetFocus () returned 0x80056 [0109.184] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0109.184] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0109.185] IsWindow (hWnd=0x7005a) returned 1 [0109.185] GetWindowLongA (hWnd=0x7005a, nIndex=-16) returned -1946157056 [0109.185] GetParent (hWnd=0x7005a) returned 0xa0374 [0109.185] TranslateMessage (lpMsg=0x19fe40) returned 0 [0109.185] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0109.185] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0109.185] GetTickCount () returned 0x1cc3af8 [0109.185] GetTickCount () returned 0x1cc3af8 [0109.185] GetTickCount () returned 0x1cc3af8 [0109.185] CoFreeUnusedLibraries () [0109.185] GetTickCount () returned 0x1cc3af8 [0109.185] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0109.185] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0109.185] WaitMessage () returned 1 [0109.715] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0109.715] IsWindow (hWnd=0x80056) returned 1 [0109.715] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0109.716] IsIconic (hWnd=0x2036c) returned 0 [0109.716] GetParent (hWnd=0x80056) returned 0x2036c [0109.716] TranslateMessage (lpMsg=0x19fe40) returned 0 [0109.716] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0109.717] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0109.717] GetTickCount () returned 0x1cc3d0b [0109.717] GetTickCount () returned 0x1cc3d0b [0109.718] GetTickCount () returned 0x1cc3d0b [0109.718] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0109.718] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0109.718] WaitMessage () returned 1 [0110.246] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0110.246] IsWindow (hWnd=0x80056) returned 1 [0110.246] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0110.246] IsIconic (hWnd=0x2036c) returned 0 [0110.246] GetParent (hWnd=0x80056) returned 0x2036c [0110.246] TranslateMessage (lpMsg=0x19fe40) returned 0 [0110.246] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0110.247] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0110.247] GetTickCount () returned 0x1cc3f1e [0110.247] GetTickCount () returned 0x1cc3f1e [0110.247] GetTickCount () returned 0x1cc3f1e [0110.247] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0110.247] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0110.247] WaitMessage () returned 1 [0110.778] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0110.779] IsWindow (hWnd=0x80056) returned 1 [0110.779] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0110.779] IsIconic (hWnd=0x2036c) returned 0 [0110.779] GetParent (hWnd=0x80056) returned 0x2036c [0110.779] TranslateMessage (lpMsg=0x19fe40) returned 0 [0110.779] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0110.780] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0110.780] GetTickCount () returned 0x1cc4132 [0110.780] GetTickCount () returned 0x1cc4132 [0110.780] GetTickCount () returned 0x1cc4132 [0110.780] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0110.780] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0110.780] WaitMessage () returned 1 [0110.884] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0110.885] GetCapture () returned 0x0 [0110.885] GetCapture () returned 0x0 [0110.885] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x2a003df) returned 0x1 [0110.886] GetCapture () returned 0x0 [0110.886] GetCapture () returned 0x0 [0110.886] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x20, wParam=0x2036c, lParam=0x2000001) returned 0x0 [0110.887] IsWindow (hWnd=0x2036c) returned 1 [0110.887] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0110.887] IsIconic (hWnd=0x2036c) returned 0 [0110.887] GetCursorPos (in: lpPoint=0x19fdb4 | out: lpPoint=0x19fdb4*(x=991, y=672)) returned 1 [0110.887] WindowFromPoint (Point=0x3df) returned 0x2036c [0110.888] GetCapture () returned 0x0 [0110.888] GetCapture () returned 0x0 [0110.888] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x2a003df) returned 0x1 [0110.888] ScreenToClient (in: hWnd=0x2036c, lpPoint=0x19fd94 | out: lpPoint=0x19fd94) returned 1 [0110.888] IsWindowEnabled (hWnd=0x2036c) returned 1 [0110.888] GetParent (hWnd=0x2036c) returned 0x0 [0110.888] PtInRect (lprc=0x19fd28, pt=0x285) returned 0 [0110.888] GetParent (hWnd=0x2036c) returned 0x0 [0110.889] TranslateMessage (lpMsg=0x19fe40) returned 0 [0110.889] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0110.889] GetCapture () returned 0x0 [0110.889] GetCapture () returned 0x0 [0110.889] IsWindowEnabled (hWnd=0x2036c) returned 1 [0110.889] GetParent (hWnd=0x2036c) returned 0x0 [0110.889] PtInRect (lprc=0x19fbe4, pt=0x285) returned 0 [0110.889] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x200, wParam=0x0, lParam=0x2320285) returned 0x0 [0110.889] GetCapture () returned 0x0 [0110.889] GetActiveWindow () returned 0x2036c [0110.890] GetWindowLongA (hWnd=0x2036c, nIndex=-6) returned 7995392 [0110.890] GetCursorPos (in: lpPoint=0x19f9c8 | out: lpPoint=0x19f9c8*(x=991, y=672)) returned 1 [0110.890] WindowFromPoint (Point=0x3e0) returned 0x2036c [0110.890] GetCapture () returned 0x0 [0110.890] GetCapture () returned 0x0 [0110.890] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x29f03e0) returned 0x1 [0110.891] ScreenToClient (in: hWnd=0x2036c, lpPoint=0x19f9c8 | out: lpPoint=0x19f9c8) returned 1 [0110.891] GetKeyState (nVirtKey=2) returned 0 [0110.891] GetKeyState (nVirtKey=4) returned 0 [0110.891] GetKeyState (nVirtKey=1) returned 0 [0110.891] GetKeyState (nVirtKey=17) returned 0 [0110.891] GetKeyState (nVirtKey=18) returned 0 [0110.891] GetKeyState (nVirtKey=16) returned 0 [0110.892] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0110.892] GetTickCount () returned 0x1cc419f [0110.892] GetTickCount () returned 0x1cc419f [0110.892] GetTickCount () returned 0x1cc419f [0110.892] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0110.892] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0110.892] WaitMessage () returned 1 [0110.907] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0110.908] GetCapture () returned 0x0 [0110.908] GetCapture () returned 0x0 [0110.908] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x29603e9) returned 0x1 [0110.908] GetCapture () returned 0x0 [0110.908] GetCapture () returned 0x0 [0110.908] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x20, wParam=0x2036c, lParam=0x2000001) returned 0x0 [0110.909] IsWindow (hWnd=0x2036c) returned 1 [0110.909] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0110.909] IsIconic (hWnd=0x2036c) returned 0 [0110.909] GetCursorPos (in: lpPoint=0x19fdb4 | out: lpPoint=0x19fdb4*(x=1001, y=662)) returned 1 [0110.909] WindowFromPoint (Point=0x3e9) returned 0x2036c [0110.909] GetCapture () returned 0x0 [0110.909] GetCapture () returned 0x0 [0110.909] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x29603e9) returned 0x1 [0110.909] ScreenToClient (in: hWnd=0x2036c, lpPoint=0x19fd94 | out: lpPoint=0x19fd94) returned 1 [0110.909] IsWindowEnabled (hWnd=0x2036c) returned 1 [0110.909] GetParent (hWnd=0x2036c) returned 0x0 [0110.909] PtInRect (lprc=0x19fd28, pt=0x28f) returned 0 [0110.909] GetParent (hWnd=0x2036c) returned 0x0 [0110.910] TranslateMessage (lpMsg=0x19fe40) returned 0 [0110.910] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0110.910] GetCapture () returned 0x0 [0110.910] GetCapture () returned 0x0 [0110.910] IsWindowEnabled (hWnd=0x2036c) returned 1 [0110.910] GetParent (hWnd=0x2036c) returned 0x0 [0110.910] PtInRect (lprc=0x19fbe4, pt=0x28f) returned 0 [0110.910] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x200, wParam=0x0, lParam=0x228028f) returned 0x0 [0110.910] GetCapture () returned 0x0 [0110.910] GetActiveWindow () returned 0x2036c [0110.910] GetWindowLongA (hWnd=0x2036c, nIndex=-6) returned 7995392 [0110.910] GetCursorPos (in: lpPoint=0x19f9c8 | out: lpPoint=0x19f9c8*(x=1001, y=662)) returned 1 [0110.910] WindowFromPoint (Point=0x3e9) returned 0x2036c [0110.910] GetCapture () returned 0x0 [0110.910] GetCapture () returned 0x0 [0110.910] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x29603e9) returned 0x1 [0110.911] ScreenToClient (in: hWnd=0x2036c, lpPoint=0x19f9c8 | out: lpPoint=0x19f9c8) returned 1 [0110.911] GetKeyState (nVirtKey=2) returned 0 [0110.911] GetKeyState (nVirtKey=4) returned 0 [0110.911] GetKeyState (nVirtKey=1) returned 0 [0110.911] GetKeyState (nVirtKey=17) returned 0 [0110.911] GetKeyState (nVirtKey=18) returned 0 [0110.911] GetKeyState (nVirtKey=16) returned 0 [0110.914] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0110.914] GetCapture () returned 0x0 [0110.914] GetCapture () returned 0x0 [0110.914] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x28c03f3) returned 0x1 [0110.914] GetCapture () returned 0x0 [0110.914] GetCapture () returned 0x0 [0110.914] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x20, wParam=0x2036c, lParam=0x2000001) returned 0x0 [0110.915] IsWindow (hWnd=0x2036c) returned 1 [0110.915] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0110.915] IsIconic (hWnd=0x2036c) returned 0 [0110.915] GetCursorPos (in: lpPoint=0x19fdb4 | out: lpPoint=0x19fdb4*(x=1011, y=652)) returned 1 [0110.915] WindowFromPoint (Point=0x3f3) returned 0x2036c [0110.915] GetCapture () returned 0x0 [0110.915] GetCapture () returned 0x0 [0110.915] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x28c03f3) returned 0x1 [0110.916] ScreenToClient (in: hWnd=0x2036c, lpPoint=0x19fd94 | out: lpPoint=0x19fd94) returned 1 [0110.916] IsWindowEnabled (hWnd=0x2036c) returned 1 [0110.916] GetParent (hWnd=0x2036c) returned 0x0 [0110.916] PtInRect (lprc=0x19fd28, pt=0x299) returned 0 [0110.916] GetParent (hWnd=0x2036c) returned 0x0 [0110.916] TranslateMessage (lpMsg=0x19fe40) returned 0 [0110.916] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0110.916] GetCapture () returned 0x0 [0110.916] GetCapture () returned 0x0 [0110.916] IsWindowEnabled (hWnd=0x2036c) returned 1 [0110.916] GetParent (hWnd=0x2036c) returned 0x0 [0110.916] PtInRect (lprc=0x19fbe4, pt=0x299) returned 0 [0110.916] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x200, wParam=0x0, lParam=0x21e0299) returned 0x0 [0110.916] GetCapture () returned 0x0 [0110.916] GetActiveWindow () returned 0x2036c [0110.916] GetWindowLongA (hWnd=0x2036c, nIndex=-6) returned 7995392 [0110.916] GetCursorPos (in: lpPoint=0x19f9c8 | out: lpPoint=0x19f9c8*(x=1011, y=652)) returned 1 [0110.916] WindowFromPoint (Point=0x3f5) returned 0x2036c [0110.917] GetCapture () returned 0x0 [0110.917] GetCapture () returned 0x0 [0110.917] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x28d03f5) returned 0x1 [0110.917] ScreenToClient (in: hWnd=0x2036c, lpPoint=0x19f9c8 | out: lpPoint=0x19f9c8) returned 1 [0110.917] GetKeyState (nVirtKey=2) returned 0 [0110.917] GetKeyState (nVirtKey=4) returned 0 [0110.917] GetKeyState (nVirtKey=1) returned 0 [0110.917] GetKeyState (nVirtKey=17) returned 0 [0110.917] GetKeyState (nVirtKey=18) returned 0 [0110.917] GetKeyState (nVirtKey=16) returned 0 [0110.917] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0110.917] GetTickCount () returned 0x1cc41be [0110.917] GetTickCount () returned 0x1cc41be [0110.917] GetTickCount () returned 0x1cc41be [0110.917] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0110.917] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0110.918] WaitMessage () returned 1 [0110.986] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0110.986] GetCapture () returned 0x0 [0110.986] GetCapture () returned 0x0 [0110.986] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x264041b) returned 0x1 [0110.990] GetCapture () returned 0x0 [0110.990] GetCapture () returned 0x0 [0110.990] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x20, wParam=0x2036c, lParam=0x2000001) returned 0x0 [0110.990] IsWindow (hWnd=0x2036c) returned 1 [0110.990] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0110.991] IsIconic (hWnd=0x2036c) returned 0 [0110.991] GetCursorPos (in: lpPoint=0x19fdb4 | out: lpPoint=0x19fdb4*(x=1061, y=602)) returned 1 [0110.991] WindowFromPoint (Point=0x425) returned 0x2036c [0110.991] GetCapture () returned 0x0 [0110.991] GetCapture () returned 0x0 [0110.991] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x25a0425) returned 0x1 [0110.991] ScreenToClient (in: hWnd=0x2036c, lpPoint=0x19fd94 | out: lpPoint=0x19fd94) returned 1 [0110.991] IsWindowEnabled (hWnd=0x2036c) returned 1 [0110.991] GetParent (hWnd=0x2036c) returned 0x0 [0110.991] PtInRect (lprc=0x19fd28, pt=0x2cb) returned 0 [0110.991] GetParent (hWnd=0x2036c) returned 0x0 [0110.991] TranslateMessage (lpMsg=0x19fe40) returned 0 [0110.991] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0110.991] GetCapture () returned 0x0 [0110.992] GetCapture () returned 0x0 [0110.992] IsWindowEnabled (hWnd=0x2036c) returned 1 [0110.992] GetParent (hWnd=0x2036c) returned 0x0 [0110.992] PtInRect (lprc=0x19fbe4, pt=0x2c1) returned 0 [0110.992] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x200, wParam=0x0, lParam=0x1f602c1) returned 0x0 [0110.992] GetCapture () returned 0x0 [0110.992] GetActiveWindow () returned 0x2036c [0110.992] GetWindowLongA (hWnd=0x2036c, nIndex=-6) returned 7995392 [0110.992] GetCursorPos (in: lpPoint=0x19f9c8 | out: lpPoint=0x19f9c8*(x=1061, y=602)) returned 1 [0110.992] WindowFromPoint (Point=0x425) returned 0x2036c [0110.992] GetCapture () returned 0x0 [0110.992] GetCapture () returned 0x0 [0110.992] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x25a0425) returned 0x1 [0110.992] ScreenToClient (in: hWnd=0x2036c, lpPoint=0x19f9c8 | out: lpPoint=0x19f9c8) returned 1 [0110.992] GetKeyState (nVirtKey=2) returned 0 [0110.992] GetKeyState (nVirtKey=4) returned 0 [0110.992] GetKeyState (nVirtKey=1) returned 0 [0110.993] GetKeyState (nVirtKey=17) returned 0 [0110.993] GetKeyState (nVirtKey=18) returned 0 [0110.993] GetKeyState (nVirtKey=16) returned 0 [0110.993] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0110.993] GetCapture () returned 0x0 [0110.993] GetCapture () returned 0x0 [0110.993] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x25a0425) returned 0x1 [0110.993] GetCapture () returned 0x0 [0110.993] GetCapture () returned 0x0 [0110.993] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x20, wParam=0x2036c, lParam=0x2000001) returned 0x0 [0110.994] IsWindow (hWnd=0x2036c) returned 1 [0110.994] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0110.994] IsIconic (hWnd=0x2036c) returned 0 [0110.994] GetCursorPos (in: lpPoint=0x19fdb4 | out: lpPoint=0x19fdb4*(x=1061, y=602)) returned 1 [0110.994] WindowFromPoint (Point=0x425) returned 0x2036c [0110.994] GetCapture () returned 0x0 [0110.994] GetCapture () returned 0x0 [0110.994] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x25a0425) returned 0x1 [0110.994] ScreenToClient (in: hWnd=0x2036c, lpPoint=0x19fd94 | out: lpPoint=0x19fd94) returned 1 [0110.994] IsWindowEnabled (hWnd=0x2036c) returned 1 [0110.994] GetParent (hWnd=0x2036c) returned 0x0 [0110.994] PtInRect (lprc=0x19fd28, pt=0x2cb) returned 0 [0110.994] GetParent (hWnd=0x2036c) returned 0x0 [0110.994] TranslateMessage (lpMsg=0x19fe40) returned 0 [0110.994] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0110.995] GetCapture () returned 0x0 [0110.995] GetCapture () returned 0x0 [0110.995] IsWindowEnabled (hWnd=0x2036c) returned 1 [0110.995] GetParent (hWnd=0x2036c) returned 0x0 [0110.995] PtInRect (lprc=0x19fbe4, pt=0x2cb) returned 0 [0110.995] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x200, wParam=0x0, lParam=0x1ec02cb) returned 0x0 [0110.995] GetCapture () returned 0x0 [0110.995] GetActiveWindow () returned 0x2036c [0110.995] GetWindowLongA (hWnd=0x2036c, nIndex=-6) returned 7995392 [0110.995] GetCursorPos (in: lpPoint=0x19f9c8 | out: lpPoint=0x19f9c8*(x=1061, y=602)) returned 1 [0110.995] WindowFromPoint (Point=0x428) returned 0x2036c [0110.995] GetCapture () returned 0x0 [0110.995] GetCapture () returned 0x0 [0110.995] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x2580428) returned 0x1 [0110.995] ScreenToClient (in: hWnd=0x2036c, lpPoint=0x19f9c8 | out: lpPoint=0x19f9c8) returned 1 [0110.996] GetKeyState (nVirtKey=2) returned 0 [0110.996] GetKeyState (nVirtKey=4) returned 0 [0110.996] GetKeyState (nVirtKey=1) returned 0 [0110.996] GetKeyState (nVirtKey=17) returned 0 [0110.996] GetKeyState (nVirtKey=18) returned 0 [0110.996] GetKeyState (nVirtKey=16) returned 0 [0110.996] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0110.998] GetTickCount () returned 0x1cc420c [0110.998] GetTickCount () returned 0x1cc420c [0110.999] GetTickCount () returned 0x1cc420c [0110.999] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 1 [0110.999] GetCapture () returned 0x0 [0110.999] GetCapture () returned 0x0 [0110.999] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x250042f) returned 0x1 [0110.999] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 1 [0110.999] GetCapture () returned 0x0 [0110.999] GetCapture () returned 0x0 [0110.999] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x250042f) returned 0x1 [0110.999] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0111.000] GetCapture () returned 0x0 [0111.000] GetCapture () returned 0x0 [0111.000] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x250042f) returned 0x1 [0111.000] GetCapture () returned 0x0 [0111.000] GetCapture () returned 0x0 [0111.000] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x20, wParam=0x2036c, lParam=0x2000001) returned 0x0 [0111.000] IsWindow (hWnd=0x2036c) returned 1 [0111.000] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0111.000] IsIconic (hWnd=0x2036c) returned 0 [0111.000] GetCursorPos (in: lpPoint=0x19fdb4 | out: lpPoint=0x19fdb4*(x=1071, y=592)) returned 1 [0111.000] WindowFromPoint (Point=0x42f) returned 0x2036c [0111.001] GetCapture () returned 0x0 [0111.001] GetCapture () returned 0x0 [0111.001] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x250042f) returned 0x1 [0111.002] ScreenToClient (in: hWnd=0x2036c, lpPoint=0x19fd94 | out: lpPoint=0x19fd94) returned 1 [0111.002] IsWindowEnabled (hWnd=0x2036c) returned 1 [0111.002] GetParent (hWnd=0x2036c) returned 0x0 [0111.002] PtInRect (lprc=0x19fd28, pt=0x2d5) returned 0 [0111.002] GetParent (hWnd=0x2036c) returned 0x0 [0111.002] TranslateMessage (lpMsg=0x19fe40) returned 0 [0111.002] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0111.002] GetCapture () returned 0x0 [0111.002] GetCapture () returned 0x0 [0111.003] IsWindowEnabled (hWnd=0x2036c) returned 1 [0111.003] GetParent (hWnd=0x2036c) returned 0x0 [0111.003] PtInRect (lprc=0x19fbe4, pt=0x2d5) returned 0 [0111.003] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x200, wParam=0x0, lParam=0x1e202d5) returned 0x0 [0111.003] GetCapture () returned 0x0 [0111.003] GetActiveWindow () returned 0x2036c [0111.003] GetWindowLongA (hWnd=0x2036c, nIndex=-6) returned 7995392 [0111.003] GetCursorPos (in: lpPoint=0x19f9c8 | out: lpPoint=0x19f9c8*(x=1071, y=592)) returned 1 [0111.003] WindowFromPoint (Point=0x430) returned 0x2036c [0111.003] GetCapture () returned 0x0 [0111.003] GetCapture () returned 0x0 [0111.003] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x24f0430) returned 0x1 [0111.003] ScreenToClient (in: hWnd=0x2036c, lpPoint=0x19f9c8 | out: lpPoint=0x19f9c8) returned 1 [0111.003] GetKeyState (nVirtKey=2) returned 0 [0111.004] GetKeyState (nVirtKey=4) returned 0 [0111.004] GetKeyState (nVirtKey=1) returned 0 [0111.004] GetKeyState (nVirtKey=17) returned 0 [0111.004] GetKeyState (nVirtKey=18) returned 0 [0111.004] GetKeyState (nVirtKey=16) returned 0 [0111.004] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0111.004] GetTickCount () returned 0x1cc420c [0111.004] GetTickCount () returned 0x1cc420c [0111.004] GetTickCount () returned 0x1cc420c [0111.004] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0111.004] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0111.004] WaitMessage () returned 1 [0111.023] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0111.023] GetCapture () returned 0x0 [0111.023] GetCapture () returned 0x0 [0111.023] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x2460439) returned 0x1 [0111.023] GetCapture () returned 0x0 [0111.024] GetCapture () returned 0x0 [0111.024] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x20, wParam=0x2036c, lParam=0x2000001) returned 0x0 [0111.024] IsWindow (hWnd=0x2036c) returned 1 [0111.024] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0111.024] IsIconic (hWnd=0x2036c) returned 0 [0111.024] GetCursorPos (in: lpPoint=0x19fdb4 | out: lpPoint=0x19fdb4*(x=1081, y=582)) returned 1 [0111.024] WindowFromPoint (Point=0x439) returned 0x2036c [0111.024] GetCapture () returned 0x0 [0111.024] GetCapture () returned 0x0 [0111.024] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x2460439) returned 0x1 [0111.024] ScreenToClient (in: hWnd=0x2036c, lpPoint=0x19fd94 | out: lpPoint=0x19fd94) returned 1 [0111.024] IsWindowEnabled (hWnd=0x2036c) returned 1 [0111.024] GetParent (hWnd=0x2036c) returned 0x0 [0111.024] PtInRect (lprc=0x19fd28, pt=0x2df) returned 0 [0111.024] GetParent (hWnd=0x2036c) returned 0x0 [0111.024] TranslateMessage (lpMsg=0x19fe40) returned 0 [0111.025] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0111.025] GetCapture () returned 0x0 [0111.025] GetCapture () returned 0x0 [0111.025] IsWindowEnabled (hWnd=0x2036c) returned 1 [0111.025] GetParent (hWnd=0x2036c) returned 0x0 [0111.025] PtInRect (lprc=0x19fbe4, pt=0x2df) returned 0 [0111.025] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x200, wParam=0x0, lParam=0x1d802df) returned 0x0 [0111.025] GetCapture () returned 0x0 [0111.025] GetActiveWindow () returned 0x2036c [0111.025] GetWindowLongA (hWnd=0x2036c, nIndex=-6) returned 7995392 [0111.025] GetCursorPos (in: lpPoint=0x19f9c8 | out: lpPoint=0x19f9c8*(x=1081, y=582)) returned 1 [0111.025] WindowFromPoint (Point=0x439) returned 0x2036c [0111.025] GetCapture () returned 0x0 [0111.025] GetCapture () returned 0x0 [0111.025] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x2460439) returned 0x1 [0111.025] ScreenToClient (in: hWnd=0x2036c, lpPoint=0x19f9c8 | out: lpPoint=0x19f9c8) returned 1 [0111.025] GetKeyState (nVirtKey=2) returned 0 [0111.025] GetKeyState (nVirtKey=4) returned 0 [0111.025] GetKeyState (nVirtKey=1) returned 0 [0111.025] GetKeyState (nVirtKey=17) returned 0 [0111.025] GetKeyState (nVirtKey=18) returned 0 [0111.025] GetKeyState (nVirtKey=16) returned 0 [0111.025] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0111.026] GetTickCount () returned 0x1cc422c [0111.026] GetTickCount () returned 0x1cc422c [0111.026] GetTickCount () returned 0x1cc422c [0111.026] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0111.026] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0111.026] WaitMessage () returned 1 [0111.039] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0111.039] GetCapture () returned 0x0 [0111.039] GetCapture () returned 0x0 [0111.039] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x23c0443) returned 0x1 [0111.039] GetCapture () returned 0x0 [0111.039] GetCapture () returned 0x0 [0111.039] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x20, wParam=0x2036c, lParam=0x2000001) returned 0x0 [0111.040] IsWindow (hWnd=0x2036c) returned 1 [0111.040] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0111.040] IsIconic (hWnd=0x2036c) returned 0 [0111.040] GetCursorPos (in: lpPoint=0x19fdb4 | out: lpPoint=0x19fdb4*(x=1091, y=572)) returned 1 [0111.040] WindowFromPoint (Point=0x443) returned 0x2036c [0111.040] GetCapture () returned 0x0 [0111.040] GetCapture () returned 0x0 [0111.040] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x84, wParam=0x0, lParam=0x23c0443) returned 0x1 [0111.040] ScreenToClient (in: hWnd=0x2036c, lpPoint=0x19fd94 | out: lpPoint=0x19fd94) returned 1 [0111.040] IsWindowEnabled (hWnd=0x2036c) returned 1 [0111.040] GetParent (hWnd=0x2036c) returned 0x0 [0111.040] PtInRect (lprc=0x19fd28, pt=0x2e9) returned 0 [0111.040] GetParent (hWnd=0x2036c) returned 0x0 [0111.040] TranslateMessage (lpMsg=0x19fe40) returned 0 [0111.040] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0111.041] GetCapture () returned 0x0 [0111.041] GetCapture () returned 0x0 [0111.041] IsWindowEnabled (hWnd=0x2036c) returned 1 [0111.041] GetParent (hWnd=0x2036c) returned 0x0 [0111.041] PtInRect (lprc=0x19fbe4, pt=0x2e9) returned 0 [0111.041] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x200, wParam=0x0, lParam=0x1ce02e9) returned 0x0 [0111.041] GetCapture () returned 0x0 [0111.041] GetActiveWindow () returned 0x2036c [0111.041] GetWindowLongA (hWnd=0x2036c, nIndex=-6) returned 7995392 [0111.041] GetCursorPos (in: lpPoint=0x19f9c8 | out: lpPoint=0x19f9c8*(x=1091, y=572)) returned 1 [0111.041] WindowFromPoint (Point=0x446) returned 0x10102 [0111.042] ScreenToClient (in: hWnd=0x2036c, lpPoint=0x19f9c8 | out: lpPoint=0x19f9c8) returned 1 [0111.042] GetKeyState (nVirtKey=2) returned 0 [0111.042] GetKeyState (nVirtKey=4) returned 0 [0111.042] GetKeyState (nVirtKey=1) returned 0 [0111.042] GetKeyState (nVirtKey=17) returned 0 [0111.042] GetKeyState (nVirtKey=18) returned 0 [0111.042] GetKeyState (nVirtKey=16) returned 0 [0111.042] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0111.042] GetTickCount () returned 0x1cc423b [0111.042] GetTickCount () returned 0x1cc423b [0111.042] GetTickCount () returned 0x1cc423b [0111.042] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0111.042] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0111.042] WaitMessage () returned 1 [0111.226] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0111.227] IsWindow (hWnd=0x9003a) returned 1 [0111.227] GetWindowLongA (hWnd=0x9003a, nIndex=-16) returned 1140916224 [0111.227] IsIconic (hWnd=0x2036c) returned 0 [0111.227] GetParent (hWnd=0x9003a) returned 0x2036c [0111.227] TranslateMessage (lpMsg=0x19fe40) returned 0 [0111.227] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0111.228] KillTimer (hWnd=0x9003a, uIDEvent=0x9003a) returned 1 [0111.231] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0x4, wMilliseconds=0x34c)) [0111.233] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0xfc) returned 0x28f3a60 [0111.233] GetCurrentThreadId () returned 0x177c [0111.233] GetCurrentThreadId () returned 0x177c [0111.233] GetCurrentThreadId () returned 0x177c [0111.233] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b068 [0111.234] SetWindowTextA (hWnd=0x3037a, lpString="Kawaii-Unicorn") returned 1 [0111.234] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0xc, wParam=0x0, lParam=0x215b068) returned 0x1 [0111.236] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1) returned 0x28f3b68 [0111.236] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b170 [0111.236] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b1e8 [0111.236] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x8, Size=0x15) returned 0x215a140 [0111.236] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0111.236] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0111.237] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0111.237] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0111.237] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0111.237] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0111.239] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3be8 [0111.239] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0111.244] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0111.245] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0111.245] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0111.245] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0111.245] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0111.251] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0111.257] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 0x2c [0111.257] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", cchWideChar=45, lpMultiByteStr=0x5dd8a4, cbMultiByte=89, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpUsedDefaultChar=0x0) returned 45 [0111.257] lstrcmpA (lpString1="Unicorn", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 1 [0111.257] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0111.258] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3b78 [0111.258] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0111.258] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0111.258] InvalidateRect (hWnd=0x2036c, lpRect=0x19f8e8, bErase=1) returned 1 [0111.261] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0111.261] GetFocus () returned 0x80056 [0111.261] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0111.262] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0111.262] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0111.262] GetFocus () returned 0x80056 [0111.262] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0111.262] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="0", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0111.262] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="0", cbMultiByte=-1, lpWideCharStr=0x5b9bac, cchWideChar=2 | out: lpWideCharStr="0") returned 2 [0111.262] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0111.262] GetUserDefaultLCID () returned 0x409 [0111.263] VarR8FromStr (in: strIn="0", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0111.263] GetUserDefaultLCID () returned 0x409 [0111.263] VarBstrFromR8 (in: dblIn=0x0, lcid=0x3ff00000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0111.263] SysStringLen (param_1="1") returned 0x1 [0111.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=2, lpMultiByteStr=0x5d9444, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="1", lpUsedDefaultChar=0x0) returned 2 [0111.263] SetWindowTextA (hWnd=0x80056, lpString="1") returned 1 [0111.263] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0111.263] GetFocus () returned 0x80056 [0111.263] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0111.264] lstrlenA (lpString="1") returned 1 [0111.264] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0111.264] GetWindowTextA (in: hWnd=0x80056, lpString=0x28f3a50, nMaxCount=2 | out: lpString="0") returned 1 [0111.264] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0111.264] GetFocus () returned 0x80056 [0111.264] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0111.264] lstrcmpA (lpString1="0", lpString2="1") returned -1 [0111.264] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0111.264] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xc, wParam=0x0, lParam=0x5d9444) returned 0x1 [0111.265] GetCapture () returned 0x0 [0111.265] GetCapture () returned 0x0 [0111.265] IsWindow (hWnd=0x80056) returned 1 [0111.265] IsWindow (hWnd=0x80056) returned 1 [0111.265] GetCapture () returned 0x0 [0111.265] GetCapture () returned 0x0 [0111.265] IsWindow (hWnd=0x80056) returned 1 [0111.266] IsWindow (hWnd=0x80056) returned 1 [0111.266] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0x4, wMilliseconds=0x36b)) [0111.266] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0111.266] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0111.266] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0111.266] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0111.266] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0111.266] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0111.268] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0111.268] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0111.268] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0111.268] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0111.268] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0111.268] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0111.268] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0111.269] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0111.269] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0111.269] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0111.269] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0111.269] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0111.272] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b0c8 [0111.273] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0111.273] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0111.273] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0111.273] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x5b8d2c, cchWideChar=15 | out: lpWideCharStr="Kawaii-Unicorn") returned 15 [0111.273] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x215b0c8 | out: hHeap=0x2150000) returned 1 [0111.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpUsedDefaultChar=0x0) returned 46 [0111.273] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpFilePart=0x19e9fc*="Kawaii-Unicorn.exe") returned 0x2d [0111.274] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0111.276] GetLastError () returned 0x20 [0111.276] GetLastError () returned 0x20 [0111.276] SetLastError (dwErrCode=0x20) [0111.277] GetLastError () returned 0x20 [0111.277] SetLastError (dwErrCode=0x20) [0111.277] GetLastError () returned 0x20 [0111.277] SetLastError (dwErrCode=0x20) [0111.277] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0111.277] GetLastError () returned 0x20 [0111.277] GetLastError () returned 0x20 [0111.277] SetLastError (dwErrCode=0x20) [0111.277] GetLastError () returned 0x20 [0111.277] SetLastError (dwErrCode=0x20) [0111.278] GetLastError () returned 0x20 [0111.278] SetLastError (dwErrCode=0x20) [0111.278] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0111.278] GetFileType (hFile=0x254) returned 0x1 [0111.278] IMalloc:Alloc (This=0x7627fec4, cb=0x6a) returned 0x5dd908 [0111.278] IMalloc:Realloc (This=0x7627fec4, pv=0x0, cb=0x60) returned 0x5dd980 [0111.279] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0111.279] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75130 [0111.279] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0111.279] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0111.299] ReadFile (in: hFile=0x254, lpBuffer=0x5dd9e8, nNumberOfBytesToRead=0x75131, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesRead=0x19eb68*=0x75130, lpOverlapped=0x0) returned 1 [0111.309] CloseHandle (hObject=0x254) returned 1 [0111.309] IMalloc:Free (This=0x7627fec4, pv=0x5dd908) [0111.311] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0111.312] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0111.312] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3bb0 [0111.312] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0111.312] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0111.312] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", cbMultiByte=-1, lpWideCharStr=0x5dd8a4, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 45 [0111.312] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0111.312] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpUsedDefaultChar=0x0) returned 45 [0111.312] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpFilePart=0x19e9fc*="Unicorn-32917.exe") returned 0x2c [0111.313] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0111.314] GetFileType (hFile=0x254) returned 0x1 [0111.314] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x5dd908 [0111.315] WriteFile (in: hFile=0x254, lpBuffer=0x5dd9e8*, nNumberOfBytesToWrite=0x75131, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesWritten=0x19e760*=0x75131, lpOverlapped=0x0) returned 1 [0111.332] CloseHandle (hObject=0x254) returned 1 [0111.434] IMalloc:Free (This=0x7627fec4, pv=0x5dd908) [0111.434] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0111.434] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3bb0 [0111.434] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0111.434] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0111.434] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", cbMultiByte=-1, lpWideCharStr=0x5dd8a4, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 45 [0111.434] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0111.435] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44 | out: lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpProcessInformation=0x19ec44*(hProcess=0x258, hThread=0x254, dwProcessId=0x17f8, dwThreadId=0x17e4)) returned 1 [0111.850] GetLastError () returned 0x715 [0111.851] WaitForInputIdle (hProcess=0x258, dwMilliseconds=0x2710) returned 0x0 [0114.826] CloseHandle (hObject=0x254) returned 1 [0114.826] CloseHandle (hObject=0x258) returned 1 [0114.826] SafeArrayDestroyDescriptor (psa=0x5d3a78) returned 0x0 [0114.827] GetFocus () returned 0x80056 [0114.827] GetCaretPos (in: lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1 [0114.827] SetTimer (hWnd=0x9003a, nIDEvent=0x9003a, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x9003a [0114.827] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0114.827] IsWindow (hWnd=0x2036c) returned 1 [0114.828] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0114.828] IsIconic (hWnd=0x2036c) returned 0 [0114.828] GetParent (hWnd=0x2036c) returned 0x0 [0114.828] TranslateMessage (lpMsg=0x19fe40) returned 0 [0114.828] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0114.828] GetCapture () returned 0x0 [0114.828] GetCapture () returned 0x0 [0114.828] IsIconic (hWnd=0x2036c) returned 0 [0114.828] GetUpdateRect (in: hWnd=0x2036c, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0114.828] BeginPaint (in: hWnd=0x2036c, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0x75010900 [0114.828] GetCapture () returned 0x0 [0114.828] GetCapture () returned 0x0 [0114.829] IsIconic (hWnd=0x2036c) returned 0 [0114.829] IsIconic (hWnd=0x2036c) returned 0 [0114.829] IsIconic (hWnd=0x2036c) returned 0 [0114.829] IsIconic (hWnd=0x2036c) returned 0 [0114.829] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0114.829] OleTranslateColor () returned 0x0 [0114.829] OleTranslateColor () returned 0x0 [0114.829] OleTranslateColor () returned 0x0 [0114.829] OleTranslateColor () returned 0x0 [0114.829] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0114.829] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0114.829] CPicture::get_Type () returned 0x0 [0114.829] CPicture::get_Type () returned 0x0 [0114.829] CPicture::get_Width () returned 0x0 [0114.830] CPicture::get_Height () returned 0x0 [0114.830] CPicture::get_Attributes () returned 0x0 [0114.830] CPicture::Render () returned 0x0 [0114.831] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0114.831] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0114.831] GetClipBox (in: hdc=0x75010900, lprect=0x19fa20 | out: lprect=0x19fa20) returned 2 [0114.831] SaveDC (hdc=0x75010900) returned 1 [0114.831] SelectObject (hdc=0x75010900, h=0x900015) returned 0x900015 [0114.831] SelectObject (hdc=0x75010900, h=0xb00016) returned 0x653008c6 [0114.831] SetROP2 (hdc=0x75010900, rop2=13) returned 13 [0114.831] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0114.832] OleTranslateColor () returned 0x0 [0114.832] OleTranslateColor () returned 0x0 [0114.832] SetTextColor (hdc=0x75010900, color=0xff00ff) returned 0x0 [0114.832] SetBkColor (hdc=0x75010900, color=0xf0f0f0) returned 0x0 [0114.832] SetBkMode (hdc=0x75010900, mode=1) returned 1 [0114.832] SelectObject (hdc=0x75010900, h=0x4e0a0925) returned 0x1a0a06fb [0114.832] GetViewportExtEx (in: hdc=0x75010900, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0114.832] GetWindowExtEx (in: hdc=0x75010900, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0114.832] SaveDC (hdc=0x75010900) returned 2 [0114.832] IntersectClipRect (hdc=0x75010900, left=72, top=296, right=769, bottom=385) returned 3 [0114.832] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0114.832] GetTextMetricsA (in: hdc=0x75010900, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0114.874] GetTextExtentPointA (in: hdc=0x75010900, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0114.875] TextOutA (hdc=0x75010900, x=72, y=296, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", c=44) returned 1 [0114.875] GetTextExtentPointA (in: hdc=0x75010900, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0114.875] RestoreDC (hdc=0x75010900, nSavedDC=-1) returned 1 [0114.902] SetTextColor (hdc=0x75010900, color=0x0) returned 0xff00ff [0114.902] SetBkColor (hdc=0x75010900, color=0x0) returned 0xf0f0f0 [0114.902] SelectObject (hdc=0x75010900, h=0x1a0a06fb) returned 0x4e0a0925 [0114.902] RestoreDC (hdc=0x75010900, nSavedDC=1) returned 1 [0114.902] EndPaint (hWnd=0x2036c, lpPaint=0x19fab0) returned 1 [0114.903] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0114.904] IsWindow (hWnd=0x80056) returned 1 [0114.904] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0114.904] IsIconic (hWnd=0x2036c) returned 0 [0114.904] GetParent (hWnd=0x80056) returned 0x2036c [0114.904] TranslateMessage (lpMsg=0x19fe40) returned 0 [0114.904] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0114.904] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0114.905] GetCapture () returned 0x0 [0114.905] GetCapture () returned 0x0 [0114.905] IsWindow (hWnd=0x80056) returned 1 [0114.905] OleTranslateColor () returned 0x0 [0114.905] OleTranslateColor () returned 0x0 [0114.905] SetTextColor (hdc=0x3b010920, color=0x0) returned 0x0 [0114.905] SetBkColor (hdc=0x3b010920, color=0xffffff) returned 0xffffff [0114.905] OleTranslateColor () returned 0x0 [0114.906] GetCapture () returned 0x0 [0114.906] GetCapture () returned 0x0 [0114.906] IsWindow (hWnd=0x80056) returned 1 [0114.906] OleTranslateColor () returned 0x0 [0114.906] OleTranslateColor () returned 0x0 [0114.906] SetTextColor (hdc=0x3b010920, color=0x0) returned 0x0 [0114.906] SetBkColor (hdc=0x3b010920, color=0xffffff) returned 0xffffff [0114.906] OleTranslateColor () returned 0x0 [0114.908] GetFocus () returned 0x80056 [0114.908] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0114.908] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0114.908] GetTickCount () returned 0x1cc514f [0114.908] GetTickCount () returned 0x1cc514f [0114.908] GetTickCount () returned 0x1cc514f [0114.908] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0114.908] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0114.908] WaitMessage () returned 1 [0115.427] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0115.428] IsWindow (hWnd=0x80056) returned 1 [0115.428] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0115.428] IsIconic (hWnd=0x2036c) returned 0 [0115.428] GetParent (hWnd=0x80056) returned 0x2036c [0115.428] TranslateMessage (lpMsg=0x19fe40) returned 0 [0115.428] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0115.429] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0115.429] GetTickCount () returned 0x1cc5362 [0115.429] GetTickCount () returned 0x1cc5362 [0115.429] GetTickCount () returned 0x1cc5362 [0115.429] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0115.429] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0115.429] WaitMessage () returned 1 [0115.970] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0115.971] IsWindow (hWnd=0x80056) returned 1 [0115.971] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0115.971] IsIconic (hWnd=0x2036c) returned 0 [0115.971] GetParent (hWnd=0x80056) returned 0x2036c [0115.971] TranslateMessage (lpMsg=0x19fe40) returned 0 [0115.971] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0115.972] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0115.972] GetTickCount () returned 0x1cc5585 [0115.972] GetTickCount () returned 0x1cc5585 [0115.973] GetTickCount () returned 0x1cc5585 [0115.973] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0115.973] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0115.973] WaitMessage () returned 1 [0116.502] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0116.502] IsWindow (hWnd=0x80056) returned 1 [0116.502] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0116.502] IsIconic (hWnd=0x2036c) returned 0 [0116.502] GetParent (hWnd=0x80056) returned 0x2036c [0116.502] TranslateMessage (lpMsg=0x19fe40) returned 0 [0116.502] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0116.503] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0116.503] GetTickCount () returned 0x1cc5798 [0116.503] GetTickCount () returned 0x1cc5798 [0116.503] GetTickCount () returned 0x1cc5798 [0116.503] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0116.503] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0116.503] WaitMessage () returned 1 [0117.036] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0117.036] IsWindow (hWnd=0x80056) returned 1 [0117.036] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0117.036] IsIconic (hWnd=0x2036c) returned 0 [0117.036] GetParent (hWnd=0x80056) returned 0x2036c [0117.036] TranslateMessage (lpMsg=0x19fe40) returned 0 [0117.036] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0117.037] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0117.037] GetTickCount () returned 0x1cc59ab [0117.037] GetTickCount () returned 0x1cc59ab [0117.037] GetTickCount () returned 0x1cc59ab [0117.037] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0117.037] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0117.037] WaitMessage () returned 1 [0117.189] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0117.189] IsWindow (hWnd=0x501c4) returned 1 [0117.189] GetWindowLongA (hWnd=0x501c4, nIndex=-16) returned 1140916224 [0117.189] IsIconic (hWnd=0x2036c) returned 0 [0117.189] GetParent (hWnd=0x501c4) returned 0x2036c [0117.189] TranslateMessage (lpMsg=0x19fe40) returned 0 [0117.189] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0117.189] KillTimer (hWnd=0x501c4, uIDEvent=0x501c4) returned 1 [0117.190] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0117.190] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0117.190] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0117.190] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0117.190] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0117.191] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0117.191] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0117.191] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0117.192] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0117.192] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0117.192] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0117.192] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0117.192] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0117.192] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0117.192] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0117.192] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0117.192] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0117.192] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0117.193] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b0c8 [0117.193] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0117.194] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0117.194] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0117.194] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x5d52cc, cchWideChar=15 | out: lpWideCharStr="Kawaii-Unicorn") returned 15 [0117.194] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x215b0c8 | out: hHeap=0x2150000) returned 1 [0117.195] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0117.195] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5d9444, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0117.196] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0117.196] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x8a3caf, ExceptionRecord=0x0, ReturnValue=0x0) [0117.197] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0117.197] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5d9444, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0117.197] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0117.197] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x8a3caf, ExceptionRecord=0x0, ReturnValue=0x0) [0117.198] SetTimer (hWnd=0x501c4, nIDEvent=0x501c4, uElapse=0x2328, lpTimerFunc=0x0) returned 0x501c4 [0117.198] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0117.198] GetTickCount () returned 0x1cc5a47 [0117.198] GetTickCount () returned 0x1cc5a47 [0117.198] GetTickCount () returned 0x1cc5a47 [0117.198] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0117.198] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0117.198] WaitMessage () returned 1 [0117.568] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0117.568] IsWindow (hWnd=0x80056) returned 1 [0117.568] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0117.568] IsIconic (hWnd=0x2036c) returned 0 [0117.568] GetParent (hWnd=0x80056) returned 0x2036c [0117.568] TranslateMessage (lpMsg=0x19fe40) returned 0 [0117.568] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0117.569] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0117.569] GetTickCount () returned 0x1cc5bbe [0117.569] GetTickCount () returned 0x1cc5bbe [0117.569] GetTickCount () returned 0x1cc5bbe [0117.569] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0117.569] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0117.569] WaitMessage () returned 1 [0117.908] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0117.908] IsWindow (hWnd=0x9003a) returned 1 [0117.908] GetWindowLongA (hWnd=0x9003a, nIndex=-16) returned 1140916224 [0117.908] IsIconic (hWnd=0x2036c) returned 0 [0117.908] GetParent (hWnd=0x9003a) returned 0x2036c [0117.908] TranslateMessage (lpMsg=0x19fe40) returned 0 [0117.908] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0117.908] KillTimer (hWnd=0x9003a, uIDEvent=0x9003a) returned 1 [0117.908] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0xb, wMilliseconds=0x20d)) [0117.909] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0117.909] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0117.909] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0117.909] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0117.909] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0117.909] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0117.909] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0117.910] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0117.910] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0117.910] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0117.910] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0117.910] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0117.910] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0117.910] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0117.911] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe") returned 0x2c [0117.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe", cchWideChar=45, lpMultiByteStr=0x5dd83c, cbMultiByte=89, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe", lpUsedDefaultChar=0x0) returned 45 [0117.911] lstrcmpA (lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe") returned -1 [0117.911] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe") returned 44 [0117.911] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3bb0 [0117.911] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0117.911] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0117.911] InvalidateRect (hWnd=0x2036c, lpRect=0x19f8e8, bErase=1) returned 1 [0117.912] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0117.912] GetFocus () returned 0x80056 [0117.912] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0117.912] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0117.912] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0117.912] GetFocus () returned 0x80056 [0117.912] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0117.912] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0117.912] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="1", cbMultiByte=-1, lpWideCharStr=0x5d9444, cchWideChar=2 | out: lpWideCharStr="1") returned 2 [0117.912] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0117.912] GetUserDefaultLCID () returned 0x409 [0117.912] VarR8FromStr (in: strIn="1", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0117.912] GetUserDefaultLCID () returned 0x409 [0117.912] VarBstrFromR8 (in: dblIn=0x0, lcid=0x40000000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0117.912] SysStringLen (param_1="2") returned 0x1 [0117.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=2, lpMultiByteStr=0x5b9b0c, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="2", lpUsedDefaultChar=0x0) returned 2 [0117.913] SetWindowTextA (hWnd=0x80056, lpString="2") returned 1 [0117.913] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0117.913] GetFocus () returned 0x80056 [0117.913] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0117.913] lstrlenA (lpString="2") returned 1 [0117.913] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0117.913] GetWindowTextA (in: hWnd=0x80056, lpString=0x28f3a50, nMaxCount=2 | out: lpString="1") returned 1 [0117.913] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0117.913] GetFocus () returned 0x80056 [0117.913] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0117.913] lstrcmpA (lpString1="1", lpString2="2") returned -1 [0117.913] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0117.913] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xc, wParam=0x0, lParam=0x5b9b0c) returned 0x1 [0117.914] GetCapture () returned 0x0 [0117.914] GetCapture () returned 0x0 [0117.914] IsWindow (hWnd=0x80056) returned 1 [0117.914] IsWindow (hWnd=0x80056) returned 1 [0117.914] GetCapture () returned 0x0 [0117.914] GetCapture () returned 0x0 [0117.914] IsWindow (hWnd=0x80056) returned 1 [0117.914] IsWindow (hWnd=0x80056) returned 1 [0117.914] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0xb, wMilliseconds=0x212)) [0117.914] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0117.914] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0117.914] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0117.914] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0117.915] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0117.915] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0117.915] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0117.915] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0117.915] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0117.915] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0117.915] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0117.915] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0117.915] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0117.915] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0117.915] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0117.916] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0117.916] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0117.916] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0117.916] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b098 [0117.916] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0117.916] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0117.916] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0117.917] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x5d52cc, cchWideChar=15 | out: lpWideCharStr="Kawaii-Unicorn") returned 15 [0117.917] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x215b098 | out: hHeap=0x2150000) returned 1 [0117.917] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpUsedDefaultChar=0x0) returned 46 [0117.917] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpFilePart=0x19e9fc*="Kawaii-Unicorn.exe") returned 0x2d [0117.917] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0117.918] GetLastError () returned 0x20 [0117.918] GetLastError () returned 0x20 [0117.918] SetLastError (dwErrCode=0x20) [0117.918] GetLastError () returned 0x20 [0117.918] SetLastError (dwErrCode=0x20) [0117.918] GetLastError () returned 0x20 [0117.918] SetLastError (dwErrCode=0x20) [0117.918] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0117.918] GetLastError () returned 0x20 [0117.919] GetLastError () returned 0x20 [0117.919] SetLastError (dwErrCode=0x20) [0117.919] GetLastError () returned 0x20 [0117.919] SetLastError (dwErrCode=0x20) [0117.919] GetLastError () returned 0x20 [0117.919] SetLastError (dwErrCode=0x20) [0117.919] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0117.919] GetFileType (hFile=0x258) returned 0x1 [0117.919] IMalloc:Alloc (This=0x7627fec4, cb=0x6a) returned 0x5dd908 [0117.919] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0117.920] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75130 [0117.920] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0117.920] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0117.922] ReadFile (in: hFile=0x258, lpBuffer=0x5dd9e8, nNumberOfBytesToRead=0x75131, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesRead=0x19eb68*=0x75130, lpOverlapped=0x0) returned 1 [0117.924] CloseHandle (hObject=0x258) returned 1 [0117.924] IMalloc:Free (This=0x7627fec4, pv=0x5dd908) [0117.924] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0117.924] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe") returned 44 [0117.925] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3b78 [0117.925] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe") returned 44 [0117.925] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0117.925] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe", cbMultiByte=-1, lpWideCharStr=0x5dd83c, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe") returned 45 [0117.925] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0117.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe", lpUsedDefaultChar=0x0) returned 45 [0117.925] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe", lpFilePart=0x19e9fc*="Unicorn-40757.exe") returned 0x2c [0117.926] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-40757.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0117.927] GetFileType (hFile=0x258) returned 0x1 [0117.927] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x5dd908 [0117.927] WriteFile (in: hFile=0x258, lpBuffer=0x5dd9e8*, nNumberOfBytesToWrite=0x75131, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesWritten=0x19e760*=0x75131, lpOverlapped=0x0) returned 1 [0117.935] CloseHandle (hObject=0x258) returned 1 [0117.950] IMalloc:Free (This=0x7627fec4, pv=0x5dd908) [0117.950] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe") returned 44 [0117.950] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3b78 [0117.950] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe") returned 44 [0117.950] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0117.950] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe", cbMultiByte=-1, lpWideCharStr=0x5dd83c, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe") returned 45 [0117.950] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0117.950] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44 | out: lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe", lpProcessInformation=0x19ec44*(hProcess=0x254, hThread=0x258, dwProcessId=0x15bc, dwThreadId=0x1568)) returned 1 [0118.314] GetLastError () returned 0x715 [0118.315] WaitForInputIdle (hProcess=0x254, dwMilliseconds=0x2710) returned 0x0 [0124.603] CloseHandle (hObject=0x258) returned 1 [0124.604] CloseHandle (hObject=0x254) returned 1 [0124.604] SafeArrayDestroyDescriptor (psa=0x5d3a78) returned 0x0 [0124.607] GetFocus () returned 0x80056 [0124.607] GetCaretPos (in: lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1 [0124.608] SetTimer (hWnd=0x9003a, nIDEvent=0x9003a, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x9003a [0124.608] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0124.613] GetCapture () returned 0x0 [0124.613] GetCapture () returned 0x0 [0124.613] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0124.614] GetCapture () returned 0x0 [0124.614] GetCapture () returned 0x0 [0124.614] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0124.614] GetCapture () returned 0x0 [0124.614] GetCapture () returned 0x0 [0124.614] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x85, wParam=0x504096f, lParam=0x0) returned 0x0 [0124.614] GetCapture () returned 0x0 [0124.615] GetCapture () returned 0x0 [0124.615] IsIconic (hWnd=0x2036c) returned 0 [0124.615] IsIconic (hWnd=0x2036c) returned 0 [0124.615] GetCapture () returned 0x0 [0124.615] GetCapture () returned 0x0 [0124.615] GetParent (hWnd=0x2036c) returned 0x0 [0124.615] GetWindowRect (in: hWnd=0x2036c, lpRect=0x19f910 | out: lpRect=0x19f910) returned 1 [0124.615] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0124.615] GetCapture () returned 0x0 [0124.615] GetCapture () returned 0x0 [0124.615] CPicture::get_Attributes () returned 0x0 [0124.615] IsWindowVisible (hWnd=0x2036c) returned 1 [0124.615] IsIconic (hWnd=0x2036c) returned 0 [0124.615] IsZoomed (hWnd=0x2036c) returned 0 [0124.615] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x5, wParam=0x0, lParam=0x2a902ec) returned 0x0 [0124.615] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f3f0 | out: lpRect=0x19f3f0) returned 1 [0124.615] GetWindow (hWnd=0x2036c, uCmd=0x5) returned 0x501c4 [0124.615] GetWindow (hWnd=0x501c4, uCmd=0x2) returned 0x80056 [0124.615] GetParent (hWnd=0x501c4) returned 0x2036c [0124.616] GetWindow (hWnd=0x80056, uCmd=0x2) returned 0x9003a [0124.616] GetParent (hWnd=0x80056) returned 0x2036c [0124.616] GetWindow (hWnd=0x9003a, uCmd=0x2) returned 0x0 [0124.616] GetParent (hWnd=0x9003a) returned 0x2036c [0124.616] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0124.616] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f980 | out: lpRect=0x19f980) returned 1 [0124.616] MapWindowPoints (in: hWndFrom=0x2036c, hWndTo=0x0, lpPoints=0x19f980, cPoints=0x2 | out: lpPoints=0x19f980) returned 7209306 [0124.622] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0124.623] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0124.623] GetCapture () returned 0x0 [0124.623] GetCapture () returned 0x0 [0124.623] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0124.623] GetCapture () returned 0x0 [0124.623] GetCapture () returned 0x0 [0124.623] IsIconic (hWnd=0x2036c) returned 0 [0124.623] IsIconic (hWnd=0x2036c) returned 0 [0124.624] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0124.624] GetFocus () returned 0x80056 [0124.624] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0124.624] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x14, wParam=0x380106db, lParam=0x0) returned 0x1 [0124.624] GetFocus () returned 0x80056 [0124.624] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0124.624] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0124.625] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0124.625] GetCapture () returned 0x0 [0124.625] GetCapture () returned 0x0 [0124.625] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x88, wParam=0x4, lParam=0x0) returned 0x0 [0124.625] IsWindow (hWnd=0x2036c) returned 1 [0124.625] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0124.625] IsIconic (hWnd=0x2036c) returned 0 [0124.625] GetParent (hWnd=0x2036c) returned 0x0 [0124.625] TranslateMessage (lpMsg=0x19fe40) returned 0 [0124.625] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0124.625] GetCapture () returned 0x0 [0124.625] GetCapture () returned 0x0 [0124.626] IsIconic (hWnd=0x2036c) returned 0 [0124.626] GetUpdateRect (in: hWnd=0x2036c, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0124.626] BeginPaint (in: hWnd=0x2036c, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0x75010900 [0124.626] IsIconic (hWnd=0x2036c) returned 0 [0124.626] IsIconic (hWnd=0x2036c) returned 0 [0124.626] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0124.626] OleTranslateColor () returned 0x0 [0124.626] OleTranslateColor () returned 0x0 [0124.626] OleTranslateColor () returned 0x0 [0124.626] OleTranslateColor () returned 0x0 [0124.626] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0124.626] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0124.626] CPicture::get_Type () returned 0x0 [0124.626] CPicture::get_Type () returned 0x0 [0124.626] CPicture::get_Width () returned 0x0 [0124.626] CPicture::get_Height () returned 0x0 [0124.626] CPicture::get_Attributes () returned 0x0 [0124.626] CPicture::Render () returned 0x0 [0124.648] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0124.648] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0124.648] GetClipBox (in: hdc=0x75010900, lprect=0x19fa20 | out: lprect=0x19fa20) returned 3 [0124.648] SaveDC (hdc=0x75010900) returned 1 [0124.648] SelectObject (hdc=0x75010900, h=0x900015) returned 0x900015 [0124.648] SelectObject (hdc=0x75010900, h=0xb00016) returned 0x653008c6 [0124.648] SetROP2 (hdc=0x75010900, rop2=13) returned 13 [0124.649] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0124.649] OleTranslateColor () returned 0x0 [0124.649] OleTranslateColor () returned 0x0 [0124.649] SetTextColor (hdc=0x75010900, color=0xff00ff) returned 0x0 [0124.649] SetBkColor (hdc=0x75010900, color=0xf0f0f0) returned 0x0 [0124.649] SetBkMode (hdc=0x75010900, mode=1) returned 1 [0124.649] SelectObject (hdc=0x75010900, h=0x4e0a0925) returned 0x1a0a06fb [0124.649] GetViewportExtEx (in: hdc=0x75010900, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0124.649] GetWindowExtEx (in: hdc=0x75010900, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0124.649] SaveDC (hdc=0x75010900) returned 2 [0124.649] IntersectClipRect (hdc=0x75010900, left=72, top=296, right=769, bottom=385) returned 3 [0124.649] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe") returned 44 [0124.649] GetTextMetricsA (in: hdc=0x75010900, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0124.649] GetTextExtentPointA (in: hdc=0x75010900, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0124.649] TextOutA (hdc=0x75010900, x=72, y=296, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe", c=44) returned 1 [0124.649] GetTextExtentPointA (in: hdc=0x75010900, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0124.649] RestoreDC (hdc=0x75010900, nSavedDC=-1) returned 1 [0124.651] SetTextColor (hdc=0x75010900, color=0x0) returned 0xff00ff [0124.651] SetBkColor (hdc=0x75010900, color=0x0) returned 0xf0f0f0 [0124.651] SelectObject (hdc=0x75010900, h=0x1a0a06fb) returned 0x4e0a0925 [0124.651] RestoreDC (hdc=0x75010900, nSavedDC=1) returned 1 [0124.651] EndPaint (hWnd=0x2036c, lpPaint=0x19fab0) returned 1 [0124.651] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0124.651] IsWindow (hWnd=0x80056) returned 1 [0124.651] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0124.651] IsIconic (hWnd=0x2036c) returned 0 [0124.651] GetParent (hWnd=0x80056) returned 0x2036c [0124.651] TranslateMessage (lpMsg=0x19fe40) returned 0 [0124.652] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0124.652] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0124.652] GetCapture () returned 0x0 [0124.652] GetCapture () returned 0x0 [0124.652] IsWindow (hWnd=0x80056) returned 1 [0124.652] OleTranslateColor () returned 0x0 [0124.652] OleTranslateColor () returned 0x0 [0124.652] SetTextColor (hdc=0x380106db, color=0x0) returned 0x0 [0124.652] SetBkColor (hdc=0x380106db, color=0xffffff) returned 0xffffff [0124.652] OleTranslateColor () returned 0x0 [0124.653] GetCapture () returned 0x0 [0124.653] GetCapture () returned 0x0 [0124.653] IsWindow (hWnd=0x80056) returned 1 [0124.653] OleTranslateColor () returned 0x0 [0124.653] OleTranslateColor () returned 0x0 [0124.653] SetTextColor (hdc=0x380106db, color=0x0) returned 0x0 [0124.653] SetBkColor (hdc=0x380106db, color=0xffffff) returned 0xffffff [0124.653] OleTranslateColor () returned 0x0 [0124.654] GetFocus () returned 0x80056 [0124.654] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0124.654] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0124.654] IsWindow (hWnd=0x9003a) returned 1 [0124.654] GetWindowLongA (hWnd=0x9003a, nIndex=-16) returned 1140916224 [0124.654] IsIconic (hWnd=0x2036c) returned 0 [0124.654] GetParent (hWnd=0x9003a) returned 0x2036c [0124.654] TranslateMessage (lpMsg=0x19fe40) returned 0 [0124.654] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0124.654] KillTimer (hWnd=0x9003a, uIDEvent=0x9003a) returned 1 [0124.654] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0x12, wMilliseconds=0x110)) [0124.655] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0124.655] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0124.655] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0124.655] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0124.655] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0124.656] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0124.656] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0124.656] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0124.656] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0124.657] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0124.657] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0124.657] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0124.657] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0124.657] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0124.657] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe") returned 0x2b [0124.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe", cchWideChar=44, lpMultiByteStr=0x5dd7d4, cbMultiByte=87, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe", lpUsedDefaultChar=0x0) returned 44 [0124.657] lstrcmpA (lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-40757.exe", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe") returned -1 [0124.657] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe") returned 43 [0124.657] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2c) returned 0x28f3b78 [0124.658] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0124.658] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0124.658] InvalidateRect (hWnd=0x2036c, lpRect=0x19f8e8, bErase=1) returned 1 [0124.658] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0124.658] GetFocus () returned 0x80056 [0124.658] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0124.658] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0124.658] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0124.659] GetFocus () returned 0x80056 [0124.659] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0124.659] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="2", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0124.659] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="2", cbMultiByte=-1, lpWideCharStr=0x5b9b0c, cchWideChar=2 | out: lpWideCharStr="2") returned 2 [0124.659] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0124.659] GetUserDefaultLCID () returned 0x409 [0124.659] VarR8FromStr (in: strIn="2", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0124.659] GetUserDefaultLCID () returned 0x409 [0124.659] VarBstrFromR8 (in: dblIn=0x0, lcid=0x40080000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0124.659] SysStringLen (param_1="3") returned 0x1 [0124.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=2, lpMultiByteStr=0x5b9bac, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3", lpUsedDefaultChar=0x0) returned 2 [0124.659] SetWindowTextA (hWnd=0x80056, lpString="3") returned 1 [0124.659] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0124.659] GetFocus () returned 0x80056 [0124.659] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0124.659] lstrlenA (lpString="3") returned 1 [0124.659] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0124.659] GetWindowTextA (in: hWnd=0x80056, lpString=0x28f3a50, nMaxCount=2 | out: lpString="2") returned 1 [0124.659] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0124.660] GetFocus () returned 0x80056 [0124.660] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0124.660] lstrcmpA (lpString1="2", lpString2="3") returned -1 [0124.660] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0124.660] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xc, wParam=0x0, lParam=0x5b9bac) returned 0x1 [0124.660] GetCapture () returned 0x0 [0124.660] GetCapture () returned 0x0 [0124.660] IsWindow (hWnd=0x80056) returned 1 [0124.660] IsWindow (hWnd=0x80056) returned 1 [0124.660] GetCapture () returned 0x0 [0124.660] GetCapture () returned 0x0 [0124.660] IsWindow (hWnd=0x80056) returned 1 [0124.660] IsWindow (hWnd=0x80056) returned 1 [0124.660] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0x12, wMilliseconds=0x110)) [0124.661] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0124.661] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0124.661] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0124.661] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0124.661] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0124.661] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0124.661] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0124.661] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0124.661] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0124.661] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0124.661] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0124.662] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0124.662] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0124.662] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0124.662] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0124.662] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0124.662] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0124.662] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0124.662] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b098 [0124.662] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0124.662] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0124.662] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0124.662] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x5d4e94, cchWideChar=15 | out: lpWideCharStr="Kawaii-Unicorn") returned 15 [0124.662] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x215b098 | out: hHeap=0x2150000) returned 1 [0124.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpUsedDefaultChar=0x0) returned 46 [0124.663] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpFilePart=0x19e9fc*="Kawaii-Unicorn.exe") returned 0x2d [0124.663] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0124.664] GetLastError () returned 0x20 [0124.664] GetLastError () returned 0x20 [0124.664] SetLastError (dwErrCode=0x20) [0124.664] GetLastError () returned 0x20 [0124.664] SetLastError (dwErrCode=0x20) [0124.664] GetLastError () returned 0x20 [0124.664] SetLastError (dwErrCode=0x20) [0124.664] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0124.664] GetLastError () returned 0x20 [0124.665] GetLastError () returned 0x20 [0124.665] SetLastError (dwErrCode=0x20) [0124.665] GetLastError () returned 0x20 [0124.665] SetLastError (dwErrCode=0x20) [0124.665] GetLastError () returned 0x20 [0124.665] SetLastError (dwErrCode=0x20) [0124.665] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0124.665] GetFileType (hFile=0x254) returned 0x1 [0124.665] IMalloc:Alloc (This=0x7627fec4, cb=0x6a) returned 0x5dd908 [0124.665] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.665] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75130 [0124.666] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0124.666] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0124.682] ReadFile (in: hFile=0x254, lpBuffer=0x5dd9e8, nNumberOfBytesToRead=0x75131, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesRead=0x19eb68*=0x75130, lpOverlapped=0x0) returned 1 [0124.925] CloseHandle (hObject=0x254) returned 1 [0124.925] IMalloc:Free (This=0x7627fec4, pv=0x5dd908) [0124.925] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0124.926] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe") returned 43 [0124.926] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2c) returned 0x28f3bb0 [0124.926] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe") returned 43 [0124.926] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 44 [0124.926] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe", cbMultiByte=-1, lpWideCharStr=0x5dd7d4, cchWideChar=44 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe") returned 44 [0124.927] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0124.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe", lpUsedDefaultChar=0x0) returned 44 [0124.927] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe", lpFilePart=0x19e9fc*="Unicorn-6413.exe") returned 0x2b [0124.927] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-6413.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0125.513] GetFileType (hFile=0x254) returned 0x1 [0125.513] IMalloc:Alloc (This=0x7627fec4, cb=0x68) returned 0x653608 [0125.513] WriteFile (in: hFile=0x254, lpBuffer=0x5dd9e8*, nNumberOfBytesToWrite=0x75131, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesWritten=0x19e760*=0x75131, lpOverlapped=0x0) returned 1 [0125.777] CloseHandle (hObject=0x254) returned 1 [0125.789] IMalloc:Free (This=0x7627fec4, pv=0x653608) [0125.790] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe") returned 43 [0125.790] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2c) returned 0x28f3bb0 [0125.790] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe") returned 43 [0125.790] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 44 [0125.790] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe", cbMultiByte=-1, lpWideCharStr=0x5dd7d4, cchWideChar=44 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe") returned 44 [0125.790] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0125.790] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44 | out: lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe", lpProcessInformation=0x19ec44*(hProcess=0x258, hThread=0x254, dwProcessId=0x15dc, dwThreadId=0x15b0)) returned 1 [0126.063] GetLastError () returned 0x715 [0126.063] WaitForInputIdle (hProcess=0x258, dwMilliseconds=0x2710) returned 0x0 [0135.632] CloseHandle (hObject=0x254) returned 1 [0135.632] CloseHandle (hObject=0x258) returned 1 [0135.632] SafeArrayDestroyDescriptor (psa=0x5d3c88) returned 0x0 [0135.633] GetFocus () returned 0x80056 [0135.633] GetCaretPos (in: lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1 [0135.633] SetTimer (hWnd=0x9003a, nIDEvent=0x9003a, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x9003a [0135.634] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0135.638] GetCapture () returned 0x0 [0135.638] GetCapture () returned 0x0 [0135.638] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0135.639] GetCapture () returned 0x0 [0135.639] GetCapture () returned 0x0 [0135.639] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0135.641] GetCapture () returned 0x0 [0135.641] GetCapture () returned 0x0 [0135.641] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x85, wParam=0x4040972, lParam=0x0) returned 0x0 [0135.642] GetCapture () returned 0x0 [0135.642] GetCapture () returned 0x0 [0135.642] IsIconic (hWnd=0x2036c) returned 0 [0135.642] IsIconic (hWnd=0x2036c) returned 0 [0135.642] GetCapture () returned 0x0 [0135.642] GetCapture () returned 0x0 [0135.642] GetParent (hWnd=0x2036c) returned 0x0 [0135.642] GetWindowRect (in: hWnd=0x2036c, lpRect=0x19f910 | out: lpRect=0x19f910) returned 1 [0135.642] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0135.642] GetCapture () returned 0x0 [0135.642] GetCapture () returned 0x0 [0135.642] CPicture::get_Attributes () returned 0x0 [0135.642] IsWindowVisible (hWnd=0x2036c) returned 1 [0135.642] IsIconic (hWnd=0x2036c) returned 0 [0135.642] IsZoomed (hWnd=0x2036c) returned 0 [0135.642] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x5, wParam=0x0, lParam=0x2a902ec) returned 0x0 [0135.642] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f3f0 | out: lpRect=0x19f3f0) returned 1 [0135.643] GetWindow (hWnd=0x2036c, uCmd=0x5) returned 0x501c4 [0135.643] GetWindow (hWnd=0x501c4, uCmd=0x2) returned 0x80056 [0135.643] GetParent (hWnd=0x501c4) returned 0x2036c [0135.643] GetWindow (hWnd=0x80056, uCmd=0x2) returned 0x9003a [0135.643] GetParent (hWnd=0x80056) returned 0x2036c [0135.643] GetWindow (hWnd=0x9003a, uCmd=0x2) returned 0x0 [0135.643] GetParent (hWnd=0x9003a) returned 0x2036c [0135.643] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0135.643] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f980 | out: lpRect=0x19f980) returned 1 [0135.643] MapWindowPoints (in: hWndFrom=0x2036c, hWndTo=0x0, lpPoints=0x19f980, cPoints=0x2 | out: lpPoints=0x19f980) returned 7209306 [0135.651] GetCapture () returned 0x0 [0135.651] GetCapture () returned 0x0 [0135.651] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0135.651] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0135.651] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0135.652] GetCapture () returned 0x0 [0135.652] GetCapture () returned 0x0 [0135.652] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0135.652] GetCapture () returned 0x0 [0135.652] GetCapture () returned 0x0 [0135.653] IsIconic (hWnd=0x2036c) returned 0 [0135.653] IsIconic (hWnd=0x2036c) returned 0 [0135.653] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0135.653] GetFocus () returned 0x80056 [0135.653] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0135.653] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x14, wParam=0x400108d1, lParam=0x0) returned 0x1 [0135.653] GetFocus () returned 0x80056 [0135.654] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0135.654] GetCapture () returned 0x0 [0135.654] GetCapture () returned 0x0 [0135.654] GetParent (hWnd=0x2036c) returned 0x0 [0135.654] GetWindowRect (in: hWnd=0x2036c, lpRect=0x19f910 | out: lpRect=0x19f910) returned 1 [0135.654] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0135.654] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0135.654] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f980 | out: lpRect=0x19f980) returned 1 [0135.654] MapWindowPoints (in: hWndFrom=0x2036c, hWndTo=0x0, lpPoints=0x19f980, cPoints=0x2 | out: lpPoints=0x19f980) returned 7209306 [0135.654] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0135.654] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0135.657] IsWindow (hWnd=0x2036c) returned 1 [0135.657] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0135.657] IsIconic (hWnd=0x2036c) returned 0 [0135.657] GetParent (hWnd=0x2036c) returned 0x0 [0135.657] TranslateMessage (lpMsg=0x19fe40) returned 0 [0135.657] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0135.657] GetCapture () returned 0x0 [0135.657] GetCapture () returned 0x0 [0135.657] IsIconic (hWnd=0x2036c) returned 0 [0135.657] GetUpdateRect (in: hWnd=0x2036c, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0135.657] BeginPaint (in: hWnd=0x2036c, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0x75010900 [0135.657] IsIconic (hWnd=0x2036c) returned 0 [0135.657] IsIconic (hWnd=0x2036c) returned 0 [0135.657] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0135.657] OleTranslateColor () returned 0x0 [0135.657] OleTranslateColor () returned 0x0 [0135.657] OleTranslateColor () returned 0x0 [0135.658] OleTranslateColor () returned 0x0 [0135.658] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0135.658] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0135.658] CPicture::get_Type () returned 0x0 [0135.658] CPicture::get_Type () returned 0x0 [0135.658] CPicture::get_Width () returned 0x0 [0135.658] CPicture::get_Height () returned 0x0 [0135.658] CPicture::get_Attributes () returned 0x0 [0135.658] CPicture::Render () returned 0x0 [0135.736] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0135.736] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0135.736] GetClipBox (in: hdc=0x75010900, lprect=0x19fa20 | out: lprect=0x19fa20) returned 3 [0135.736] SaveDC (hdc=0x75010900) returned 1 [0135.736] SelectObject (hdc=0x75010900, h=0x900015) returned 0x900015 [0135.736] SelectObject (hdc=0x75010900, h=0xb00016) returned 0x653008c6 [0135.737] SetROP2 (hdc=0x75010900, rop2=13) returned 13 [0135.737] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0135.737] OleTranslateColor () returned 0x0 [0135.737] OleTranslateColor () returned 0x0 [0135.737] SetTextColor (hdc=0x75010900, color=0xff00ff) returned 0x0 [0135.737] SetBkColor (hdc=0x75010900, color=0xf0f0f0) returned 0x0 [0135.737] SetBkMode (hdc=0x75010900, mode=1) returned 1 [0135.737] SelectObject (hdc=0x75010900, h=0x4e0a0925) returned 0x1a0a06fb [0135.737] GetViewportExtEx (in: hdc=0x75010900, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0135.742] GetWindowExtEx (in: hdc=0x75010900, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0135.742] SaveDC (hdc=0x75010900) returned 2 [0135.742] IntersectClipRect (hdc=0x75010900, left=72, top=296, right=769, bottom=385) returned 3 [0135.742] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe") returned 43 [0135.742] GetTextMetricsA (in: hdc=0x75010900, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0135.742] GetTextExtentPointA (in: hdc=0x75010900, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe", c=43, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0135.742] TextOutA (hdc=0x75010900, x=72, y=296, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe", c=43) returned 1 [0135.742] GetTextExtentPointA (in: hdc=0x75010900, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe", c=43, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0135.742] RestoreDC (hdc=0x75010900, nSavedDC=-1) returned 1 [0135.743] SetTextColor (hdc=0x75010900, color=0x0) returned 0xff00ff [0135.743] SetBkColor (hdc=0x75010900, color=0x0) returned 0xf0f0f0 [0135.743] SelectObject (hdc=0x75010900, h=0x1a0a06fb) returned 0x4e0a0925 [0135.743] RestoreDC (hdc=0x75010900, nSavedDC=1) returned 1 [0135.743] EndPaint (hWnd=0x2036c, lpPaint=0x19fab0) returned 1 [0135.744] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0135.744] IsWindow (hWnd=0x80056) returned 1 [0135.744] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0135.744] IsIconic (hWnd=0x2036c) returned 0 [0135.744] GetParent (hWnd=0x80056) returned 0x2036c [0135.744] TranslateMessage (lpMsg=0x19fe40) returned 0 [0135.744] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0135.745] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0135.745] GetCapture () returned 0x0 [0135.745] GetCapture () returned 0x0 [0135.745] IsWindow (hWnd=0x80056) returned 1 [0135.745] OleTranslateColor () returned 0x0 [0135.745] OleTranslateColor () returned 0x0 [0135.745] SetTextColor (hdc=0x400108d1, color=0x0) returned 0x0 [0135.745] SetBkColor (hdc=0x400108d1, color=0xffffff) returned 0xffffff [0135.745] OleTranslateColor () returned 0x0 [0135.745] GetCapture () returned 0x0 [0135.745] GetCapture () returned 0x0 [0135.745] IsWindow (hWnd=0x80056) returned 1 [0135.746] OleTranslateColor () returned 0x0 [0135.746] OleTranslateColor () returned 0x0 [0135.746] SetTextColor (hdc=0x400108d1, color=0x0) returned 0x0 [0135.746] SetBkColor (hdc=0x400108d1, color=0xffffff) returned 0xffffff [0135.746] OleTranslateColor () returned 0x0 [0136.377] GetFocus () returned 0x80056 [0136.377] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0136.378] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0136.378] IsWindow (hWnd=0x501c4) returned 1 [0136.378] GetWindowLongA (hWnd=0x501c4, nIndex=-16) returned 1140916224 [0136.378] IsIconic (hWnd=0x2036c) returned 0 [0136.378] GetParent (hWnd=0x501c4) returned 0x2036c [0136.379] TranslateMessage (lpMsg=0x19fe40) returned 0 [0136.379] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0136.379] KillTimer (hWnd=0x501c4, uIDEvent=0x501c4) returned 1 [0136.379] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0136.380] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0136.380] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0136.380] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0136.380] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0136.380] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0136.380] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0136.380] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0136.381] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0136.381] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0136.381] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0136.381] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0136.381] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0136.381] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0136.381] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0136.381] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0136.381] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0136.382] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0136.382] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b098 [0136.382] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0136.382] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0136.382] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0136.382] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x5d52cc, cchWideChar=15 | out: lpWideCharStr="Kawaii-Unicorn") returned 15 [0136.382] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x215b098 | out: hHeap=0x2150000) returned 1 [0136.383] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0136.383] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5b9bac, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0136.383] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0136.384] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x8a3caf, ExceptionRecord=0x0, ReturnValue=0x0) [0136.384] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0136.385] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5b9bac, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0136.385] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0136.385] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x8a3caf, ExceptionRecord=0x0, ReturnValue=0x0) [0136.385] SetTimer (hWnd=0x501c4, nIDEvent=0x501c4, uElapse=0x2328, lpTimerFunc=0x0) returned 0x501c4 [0136.385] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0136.386] IsWindow (hWnd=0x9003a) returned 1 [0136.386] GetWindowLongA (hWnd=0x9003a, nIndex=-16) returned 1140916224 [0136.386] IsIconic (hWnd=0x2036c) returned 0 [0136.386] GetParent (hWnd=0x9003a) returned 0x2036c [0136.386] TranslateMessage (lpMsg=0x19fe40) returned 0 [0136.387] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0136.387] KillTimer (hWnd=0x9003a, uIDEvent=0x9003a) returned 1 [0136.387] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0x1e, wMilliseconds=0x6)) [0136.388] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0136.388] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0136.388] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0136.388] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0136.388] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0136.388] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0136.388] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0136.389] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0136.389] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0136.389] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0136.389] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0136.389] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0136.389] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0136.389] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0136.390] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe") returned 0x2c [0136.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe", cchWideChar=45, lpMultiByteStr=0x5dd8a4, cbMultiByte=89, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe", lpUsedDefaultChar=0x0) returned 45 [0136.390] lstrcmpA (lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-6413.exe", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe") returned -1 [0136.390] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe") returned 44 [0136.390] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3bb0 [0136.390] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0136.390] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0136.390] InvalidateRect (hWnd=0x2036c, lpRect=0x19f8e8, bErase=1) returned 1 [0136.391] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0136.391] GetFocus () returned 0x80056 [0136.391] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0136.391] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0136.391] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0136.391] GetFocus () returned 0x80056 [0136.391] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0136.391] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="3", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0136.391] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="3", cbMultiByte=-1, lpWideCharStr=0x5b9bac, cchWideChar=2 | out: lpWideCharStr="3") returned 2 [0136.391] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0136.391] GetUserDefaultLCID () returned 0x409 [0136.391] VarR8FromStr (in: strIn="3", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0136.391] GetUserDefaultLCID () returned 0x409 [0136.391] VarBstrFromR8 (in: dblIn=0x0, lcid=0x40100000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0136.391] SysStringLen (param_1="4") returned 0x1 [0136.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="4", cchWideChar=2, lpMultiByteStr=0x5d9444, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4", lpUsedDefaultChar=0x0) returned 2 [0136.392] SetWindowTextA (hWnd=0x80056, lpString="4") returned 1 [0136.392] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0136.392] GetFocus () returned 0x80056 [0136.392] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0136.392] lstrlenA (lpString="4") returned 1 [0136.392] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0136.392] GetWindowTextA (in: hWnd=0x80056, lpString=0x28f3a50, nMaxCount=2 | out: lpString="3") returned 1 [0136.392] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0136.392] GetFocus () returned 0x80056 [0136.392] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0136.392] lstrcmpA (lpString1="3", lpString2="4") returned -1 [0136.392] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0136.392] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xc, wParam=0x0, lParam=0x5d9444) returned 0x1 [0136.393] GetCapture () returned 0x0 [0136.393] GetCapture () returned 0x0 [0136.393] IsWindow (hWnd=0x80056) returned 1 [0136.393] IsWindow (hWnd=0x80056) returned 1 [0136.393] GetCapture () returned 0x0 [0136.393] GetCapture () returned 0x0 [0136.393] IsWindow (hWnd=0x80056) returned 1 [0136.393] IsWindow (hWnd=0x80056) returned 1 [0136.393] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0x1e, wMilliseconds=0x6)) [0136.393] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0136.393] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0136.393] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0136.393] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0136.393] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0136.393] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0136.394] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0136.394] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0136.394] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0136.394] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0136.394] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0136.394] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0136.394] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0136.394] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0136.394] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0136.394] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0136.394] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0136.394] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0136.395] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b098 [0136.395] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0136.395] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0136.395] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0136.395] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x5d52cc, cchWideChar=15 | out: lpWideCharStr="Kawaii-Unicorn") returned 15 [0136.395] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x215b098 | out: hHeap=0x2150000) returned 1 [0136.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpUsedDefaultChar=0x0) returned 46 [0136.396] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpFilePart=0x19e9fc*="Kawaii-Unicorn.exe") returned 0x2d [0136.396] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0136.397] GetLastError () returned 0x20 [0136.397] GetLastError () returned 0x20 [0136.397] SetLastError (dwErrCode=0x20) [0136.397] GetLastError () returned 0x20 [0136.397] SetLastError (dwErrCode=0x20) [0136.397] GetLastError () returned 0x20 [0136.397] SetLastError (dwErrCode=0x20) [0136.397] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0136.397] GetLastError () returned 0x20 [0136.397] GetLastError () returned 0x20 [0136.397] SetLastError (dwErrCode=0x20) [0136.397] GetLastError () returned 0x20 [0136.397] SetLastError (dwErrCode=0x20) [0136.397] GetLastError () returned 0x20 [0136.397] SetLastError (dwErrCode=0x20) [0136.398] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0136.398] GetFileType (hFile=0x258) returned 0x1 [0136.398] IMalloc:Alloc (This=0x7627fec4, cb=0x6a) returned 0x5dd908 [0136.398] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0136.399] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75130 [0136.399] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0136.399] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0136.401] ReadFile (in: hFile=0x258, lpBuffer=0x5dd9e8, nNumberOfBytesToRead=0x75131, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesRead=0x19eb68*=0x75130, lpOverlapped=0x0) returned 1 [0137.355] CloseHandle (hObject=0x258) returned 1 [0137.356] IMalloc:Free (This=0x7627fec4, pv=0x5dd908) [0137.356] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0137.356] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe") returned 44 [0137.356] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3b78 [0137.356] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe") returned 44 [0137.356] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0137.356] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe", cbMultiByte=-1, lpWideCharStr=0x5dd8a4, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe") returned 45 [0137.357] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0137.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe", lpUsedDefaultChar=0x0) returned 45 [0137.357] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe", lpFilePart=0x19e9fc*="Unicorn-65522.exe") returned 0x2c [0137.357] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-65522.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0139.597] GetFileType (hFile=0x258) returned 0x1 [0139.597] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x5dd908 [0139.597] WriteFile (in: hFile=0x258, lpBuffer=0x5dd9e8*, nNumberOfBytesToWrite=0x75131, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesWritten=0x19e760*=0x75131, lpOverlapped=0x0) returned 1 [0139.651] CloseHandle (hObject=0x258) returned 1 [0140.296] IMalloc:Free (This=0x7627fec4, pv=0x5dd908) [0140.296] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe") returned 44 [0140.296] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3b78 [0140.296] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe") returned 44 [0140.296] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0140.296] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe", cbMultiByte=-1, lpWideCharStr=0x5dd8a4, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe") returned 45 [0140.297] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0140.297] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44 | out: lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe", lpProcessInformation=0x19ec44*(hProcess=0x1e0, hThread=0x258, dwProcessId=0x151c, dwThreadId=0x1534)) returned 1 [0140.939] GetLastError () returned 0x715 [0140.939] WaitForInputIdle (hProcess=0x1e0, dwMilliseconds=0x2710) returned 0x102 [0154.098] CloseHandle (hObject=0x258) returned 1 [0154.099] CloseHandle (hObject=0x1e0) returned 1 [0154.099] SafeArrayDestroyDescriptor (psa=0x5d3cb8) returned 0x0 [0154.100] GetFocus () returned 0x80056 [0154.100] GetCaretPos (in: lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1 [0154.101] SetTimer (hWnd=0x9003a, nIDEvent=0x9003a, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x9003a [0154.102] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0154.111] GetCapture () returned 0x0 [0154.111] GetCapture () returned 0x0 [0154.111] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0154.111] GetCapture () returned 0x0 [0154.111] GetCapture () returned 0x0 [0154.111] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0154.113] GetCapture () returned 0x0 [0154.113] GetCapture () returned 0x0 [0154.113] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x85, wParam=0x80409ec, lParam=0x0) returned 0x0 [0154.114] GetCapture () returned 0x0 [0154.145] GetCapture () returned 0x0 [0154.145] IsIconic (hWnd=0x2036c) returned 0 [0154.145] IsIconic (hWnd=0x2036c) returned 0 [0154.151] GetCapture () returned 0x0 [0154.151] GetCapture () returned 0x0 [0154.151] GetParent (hWnd=0x2036c) returned 0x0 [0154.151] GetWindowRect (in: hWnd=0x2036c, lpRect=0x19f910 | out: lpRect=0x19f910) returned 1 [0154.151] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0154.151] GetCapture () returned 0x0 [0154.152] GetCapture () returned 0x0 [0154.152] CPicture::get_Attributes () returned 0x0 [0154.152] IsWindowVisible (hWnd=0x2036c) returned 1 [0154.152] IsIconic (hWnd=0x2036c) returned 0 [0154.152] IsZoomed (hWnd=0x2036c) returned 0 [0154.152] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x5, wParam=0x0, lParam=0x2a902ec) returned 0x0 [0154.152] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f3f0 | out: lpRect=0x19f3f0) returned 1 [0154.152] GetWindow (hWnd=0x2036c, uCmd=0x5) returned 0x501c4 [0154.152] GetWindow (hWnd=0x501c4, uCmd=0x2) returned 0x80056 [0154.152] GetParent (hWnd=0x501c4) returned 0x2036c [0154.152] GetWindow (hWnd=0x80056, uCmd=0x2) returned 0x9003a [0154.152] GetParent (hWnd=0x80056) returned 0x2036c [0154.152] GetWindow (hWnd=0x9003a, uCmd=0x2) returned 0x0 [0154.152] GetParent (hWnd=0x9003a) returned 0x2036c [0154.152] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0154.153] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f980 | out: lpRect=0x19f980) returned 1 [0154.153] MapWindowPoints (in: hWndFrom=0x2036c, hWndTo=0x0, lpPoints=0x19f980, cPoints=0x2 | out: lpPoints=0x19f980) returned 7209306 [0154.159] GetCapture () returned 0x0 [0154.159] GetCapture () returned 0x0 [0154.159] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0154.159] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0154.159] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0154.160] GetCapture () returned 0x0 [0154.160] GetCapture () returned 0x0 [0154.160] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0154.160] GetCapture () returned 0x0 [0154.160] GetCapture () returned 0x0 [0154.160] IsIconic (hWnd=0x2036c) returned 0 [0154.160] IsIconic (hWnd=0x2036c) returned 0 [0154.160] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0154.161] GetFocus () returned 0x80056 [0154.161] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0154.161] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x14, wParam=0x3b010920, lParam=0x0) returned 0x1 [0154.162] GetFocus () returned 0x80056 [0154.162] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0154.162] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0154.162] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0154.164] IsWindow (hWnd=0x2036c) returned 1 [0154.164] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0154.164] IsIconic (hWnd=0x2036c) returned 0 [0154.164] GetParent (hWnd=0x2036c) returned 0x0 [0154.165] TranslateMessage (lpMsg=0x19fe40) returned 0 [0154.165] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0154.165] GetCapture () returned 0x0 [0154.165] GetCapture () returned 0x0 [0154.165] IsIconic (hWnd=0x2036c) returned 0 [0154.165] GetUpdateRect (in: hWnd=0x2036c, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0154.165] BeginPaint (in: hWnd=0x2036c, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0x75010900 [0154.165] IsIconic (hWnd=0x2036c) returned 0 [0154.165] IsIconic (hWnd=0x2036c) returned 0 [0154.165] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0154.165] OleTranslateColor () returned 0x0 [0154.165] OleTranslateColor () returned 0x0 [0154.165] OleTranslateColor () returned 0x0 [0154.165] OleTranslateColor () returned 0x0 [0154.165] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0154.165] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0154.165] CPicture::get_Type () returned 0x0 [0154.165] CPicture::get_Type () returned 0x0 [0154.165] CPicture::get_Width () returned 0x0 [0154.165] CPicture::get_Height () returned 0x0 [0154.165] CPicture::get_Attributes () returned 0x0 [0154.165] CPicture::Render () returned 0x0 [0154.181] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0154.181] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0154.181] GetClipBox (in: hdc=0x75010900, lprect=0x19fa20 | out: lprect=0x19fa20) returned 3 [0154.181] SaveDC (hdc=0x75010900) returned 1 [0154.181] SelectObject (hdc=0x75010900, h=0x900015) returned 0x900015 [0154.181] SelectObject (hdc=0x75010900, h=0xb00016) returned 0x653008c6 [0154.181] SetROP2 (hdc=0x75010900, rop2=13) returned 13 [0154.181] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0154.181] OleTranslateColor () returned 0x0 [0154.181] OleTranslateColor () returned 0x0 [0154.181] SetTextColor (hdc=0x75010900, color=0xff00ff) returned 0x0 [0154.181] SetBkColor (hdc=0x75010900, color=0xf0f0f0) returned 0x0 [0154.181] SetBkMode (hdc=0x75010900, mode=1) returned 1 [0154.181] SelectObject (hdc=0x75010900, h=0x4e0a0925) returned 0x1a0a06fb [0154.181] GetViewportExtEx (in: hdc=0x75010900, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0154.181] GetWindowExtEx (in: hdc=0x75010900, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0154.181] SaveDC (hdc=0x75010900) returned 2 [0154.181] IntersectClipRect (hdc=0x75010900, left=72, top=296, right=769, bottom=385) returned 3 [0154.182] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe") returned 44 [0154.182] GetTextMetricsA (in: hdc=0x75010900, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0154.182] GetTextExtentPointA (in: hdc=0x75010900, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0154.182] TextOutA (hdc=0x75010900, x=72, y=296, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe", c=44) returned 1 [0154.182] GetTextExtentPointA (in: hdc=0x75010900, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0154.182] RestoreDC (hdc=0x75010900, nSavedDC=-1) returned 1 [0154.182] SetTextColor (hdc=0x75010900, color=0x0) returned 0xff00ff [0154.182] SetBkColor (hdc=0x75010900, color=0x0) returned 0xf0f0f0 [0154.182] SelectObject (hdc=0x75010900, h=0x1a0a06fb) returned 0x4e0a0925 [0154.182] RestoreDC (hdc=0x75010900, nSavedDC=1) returned 1 [0154.183] EndPaint (hWnd=0x2036c, lpPaint=0x19fab0) returned 1 [0154.184] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0154.184] IsWindow (hWnd=0x80056) returned 1 [0154.184] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0154.184] IsIconic (hWnd=0x2036c) returned 0 [0154.184] GetParent (hWnd=0x80056) returned 0x2036c [0154.184] TranslateMessage (lpMsg=0x19fe40) returned 0 [0154.184] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0154.185] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0154.185] GetCapture () returned 0x0 [0154.185] GetCapture () returned 0x0 [0154.185] IsWindow (hWnd=0x80056) returned 1 [0154.185] OleTranslateColor () returned 0x0 [0154.185] OleTranslateColor () returned 0x0 [0154.185] SetTextColor (hdc=0x3b010920, color=0x0) returned 0x0 [0154.185] SetBkColor (hdc=0x3b010920, color=0xffffff) returned 0xffffff [0154.185] OleTranslateColor () returned 0x0 [0154.185] GetCapture () returned 0x0 [0154.185] GetCapture () returned 0x0 [0154.185] IsWindow (hWnd=0x80056) returned 1 [0154.185] OleTranslateColor () returned 0x0 [0154.185] OleTranslateColor () returned 0x0 [0154.185] SetTextColor (hdc=0x3b010920, color=0x0) returned 0x0 [0154.185] SetBkColor (hdc=0x3b010920, color=0xffffff) returned 0xffffff [0154.185] OleTranslateColor () returned 0x0 [0159.217] GetFocus () returned 0x80056 [0159.217] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0159.218] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0159.218] IsWindow (hWnd=0x501c4) returned 1 [0159.218] GetWindowLongA (hWnd=0x501c4, nIndex=-16) returned 1140916224 [0159.218] IsIconic (hWnd=0x2036c) returned 0 [0159.218] GetParent (hWnd=0x501c4) returned 0x2036c [0159.218] TranslateMessage (lpMsg=0x19fe40) returned 0 [0159.218] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0159.218] KillTimer (hWnd=0x501c4, uIDEvent=0x501c4) returned 1 [0159.219] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0159.219] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0159.219] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0159.219] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0159.219] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0159.219] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0159.219] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0159.220] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0159.220] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0159.220] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0159.220] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0159.220] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0159.220] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0159.221] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0159.221] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0159.221] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0159.221] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0159.221] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0159.221] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b098 [0159.221] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0159.222] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0159.222] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0159.222] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x5d4e94, cchWideChar=15 | out: lpWideCharStr="Kawaii-Unicorn") returned 15 [0159.222] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x215b098 | out: hHeap=0x2150000) returned 1 [0159.223] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0159.223] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5d9444, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0159.223] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0159.223] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x8a3caf, ExceptionRecord=0x0, ReturnValue=0x0) [0159.224] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0159.224] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5d9444, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0159.224] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0159.224] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x8a3caf, ExceptionRecord=0x0, ReturnValue=0x0) [0159.225] SetTimer (hWnd=0x501c4, nIDEvent=0x501c4, uElapse=0x2328, lpTimerFunc=0x0) returned 0x501c4 [0159.530] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0159.530] IsWindow (hWnd=0x9003a) returned 1 [0159.530] GetWindowLongA (hWnd=0x9003a, nIndex=-16) returned 1140916224 [0159.531] IsIconic (hWnd=0x2036c) returned 0 [0159.531] GetParent (hWnd=0x9003a) returned 0x2036c [0159.662] TranslateMessage (lpMsg=0x19fe40) returned 0 [0159.662] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0159.662] KillTimer (hWnd=0x9003a, uIDEvent=0x9003a) returned 1 [0159.662] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0x35, wMilliseconds=0x117)) [0159.663] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0159.663] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0159.663] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0159.663] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0159.663] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0159.663] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0159.663] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0159.663] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0159.664] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0159.664] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0159.664] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0159.664] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0159.664] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0159.664] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0159.664] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe") returned 0x2b [0159.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe", cchWideChar=44, lpMultiByteStr=0x5dd83c, cbMultiByte=87, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe", lpUsedDefaultChar=0x0) returned 44 [0159.664] lstrcmpA (lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-65522.exe", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe") returned -1 [0159.664] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe") returned 43 [0159.664] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2c) returned 0x28f3b78 [0159.665] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0159.665] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0159.665] InvalidateRect (hWnd=0x2036c, lpRect=0x19f8e8, bErase=1) returned 1 [0159.665] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0159.665] GetFocus () returned 0x80056 [0159.665] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0159.666] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0159.666] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0159.666] GetFocus () returned 0x80056 [0159.666] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0159.666] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="4", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0159.666] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="4", cbMultiByte=-1, lpWideCharStr=0x5d9444, cchWideChar=2 | out: lpWideCharStr="4") returned 2 [0159.666] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0159.666] GetUserDefaultLCID () returned 0x409 [0159.666] VarR8FromStr (in: strIn="4", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0159.666] GetUserDefaultLCID () returned 0x409 [0159.666] VarBstrFromR8 (in: dblIn=0x0, lcid=0x40140000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0159.666] SysStringLen (param_1="5") returned 0x1 [0159.666] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=2, lpMultiByteStr=0x5b9b0c, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="5", lpUsedDefaultChar=0x0) returned 2 [0159.666] SetWindowTextA (hWnd=0x80056, lpString="5") returned 1 [0159.666] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0159.666] GetFocus () returned 0x80056 [0159.666] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0159.666] lstrlenA (lpString="5") returned 1 [0159.667] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0159.667] GetWindowTextA (in: hWnd=0x80056, lpString=0x28f3a50, nMaxCount=2 | out: lpString="4") returned 1 [0159.667] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0159.667] GetFocus () returned 0x80056 [0159.667] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0159.667] lstrcmpA (lpString1="4", lpString2="5") returned -1 [0159.667] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0159.667] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xc, wParam=0x0, lParam=0x5b9b0c) returned 0x1 [0159.667] GetCapture () returned 0x0 [0159.667] GetCapture () returned 0x0 [0159.667] IsWindow (hWnd=0x80056) returned 1 [0159.667] IsWindow (hWnd=0x80056) returned 1 [0159.668] GetCapture () returned 0x0 [0159.668] GetCapture () returned 0x0 [0159.668] IsWindow (hWnd=0x80056) returned 1 [0159.668] IsWindow (hWnd=0x80056) returned 1 [0159.668] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0x35, wMilliseconds=0x117)) [0159.668] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0159.668] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0159.668] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0159.668] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0159.668] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0159.668] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0159.668] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0159.669] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0159.669] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0159.669] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0159.669] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0159.669] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0159.669] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0159.669] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0159.669] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0159.669] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0159.669] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0159.669] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0159.669] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b098 [0159.670] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0159.670] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0159.670] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0159.670] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x5d4e94, cchWideChar=15 | out: lpWideCharStr="Kawaii-Unicorn") returned 15 [0159.670] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x215b098 | out: hHeap=0x2150000) returned 1 [0159.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpUsedDefaultChar=0x0) returned 46 [0159.670] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpFilePart=0x19e9fc*="Kawaii-Unicorn.exe") returned 0x2d [0159.671] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0159.671] GetLastError () returned 0x20 [0159.671] GetLastError () returned 0x20 [0159.671] SetLastError (dwErrCode=0x20) [0159.671] GetLastError () returned 0x20 [0159.671] SetLastError (dwErrCode=0x20) [0159.672] GetLastError () returned 0x20 [0159.672] SetLastError (dwErrCode=0x20) [0159.672] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0159.672] GetLastError () returned 0x20 [0159.672] GetLastError () returned 0x20 [0159.672] SetLastError (dwErrCode=0x20) [0159.672] GetLastError () returned 0x20 [0159.672] SetLastError (dwErrCode=0x20) [0159.672] GetLastError () returned 0x20 [0159.672] SetLastError (dwErrCode=0x20) [0159.672] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0159.672] GetFileType (hFile=0x1e0) returned 0x1 [0159.673] IMalloc:Alloc (This=0x7627fec4, cb=0x6a) returned 0x5dd908 [0159.673] SetFilePointer (in: hFile=0x1e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0159.673] SetFilePointer (in: hFile=0x1e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75130 [0159.673] SetFilePointer (in: hFile=0x1e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0159.673] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0159.676] ReadFile (in: hFile=0x1e0, lpBuffer=0x5dd9e8, nNumberOfBytesToRead=0x75131, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesRead=0x19eb68*=0x75130, lpOverlapped=0x0) returned 1 [0159.684] CloseHandle (hObject=0x1e0) returned 1 [0159.685] IMalloc:Free (This=0x7627fec4, pv=0x5dd908) [0159.685] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0159.685] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe") returned 43 [0159.685] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2c) returned 0x28f3bb0 [0159.685] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe") returned 43 [0159.685] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 44 [0159.685] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe", cbMultiByte=-1, lpWideCharStr=0x5dd83c, cchWideChar=44 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe") returned 44 [0159.686] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0159.686] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe", lpUsedDefaultChar=0x0) returned 44 [0159.686] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe", lpFilePart=0x19e9fc*="Unicorn-7893.exe") returned 0x2b [0159.686] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-7893.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0159.687] GetFileType (hFile=0x1e0) returned 0x1 [0159.687] IMalloc:Alloc (This=0x7627fec4, cb=0x68) returned 0x653528 [0159.687] WriteFile (in: hFile=0x1e0, lpBuffer=0x5dd9e8*, nNumberOfBytesToWrite=0x75131, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesWritten=0x19e760*=0x75131, lpOverlapped=0x0) returned 1 [0161.247] CloseHandle (hObject=0x1e0) returned 1 [0161.266] IMalloc:Free (This=0x7627fec4, pv=0x653528) [0161.266] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe") returned 43 [0161.266] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2c) returned 0x28f3bb0 [0161.266] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe") returned 43 [0161.266] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 44 [0161.266] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe", cbMultiByte=-1, lpWideCharStr=0x5dd83c, cchWideChar=44 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe") returned 44 [0161.267] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0161.267] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44 | out: lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe", lpProcessInformation=0x19ec44*(hProcess=0x258, hThread=0x1e0, dwProcessId=0x16ac, dwThreadId=0x1664)) returned 1 [0163.027] GetLastError () returned 0x715 [0163.027] WaitForInputIdle (hProcess=0x258, dwMilliseconds=0x2710) returned 0x102 [0176.753] CloseHandle (hObject=0x1e0) returned 1 [0176.753] CloseHandle (hObject=0x258) returned 1 [0176.754] SafeArrayDestroyDescriptor (psa=0x5d3c88) returned 0x0 [0176.755] GetFocus () returned 0x80056 [0176.755] GetCaretPos (in: lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1 [0176.756] SetTimer (hWnd=0x9003a, nIDEvent=0x9003a, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x9003a [0176.756] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0176.761] GetCapture () returned 0x0 [0176.761] GetCapture () returned 0x0 [0176.761] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0176.761] GetCapture () returned 0x0 [0176.761] GetCapture () returned 0x0 [0176.761] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0176.762] GetCapture () returned 0x0 [0176.763] GetCapture () returned 0x0 [0176.763] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x85, wParam=0x4040bb5, lParam=0x0) returned 0x0 [0176.763] GetCapture () returned 0x0 [0176.763] GetCapture () returned 0x0 [0176.763] IsIconic (hWnd=0x2036c) returned 0 [0176.763] IsIconic (hWnd=0x2036c) returned 0 [0176.763] GetCapture () returned 0x0 [0176.763] GetCapture () returned 0x0 [0176.763] GetParent (hWnd=0x2036c) returned 0x0 [0176.763] GetWindowRect (in: hWnd=0x2036c, lpRect=0x19f910 | out: lpRect=0x19f910) returned 1 [0176.764] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0176.764] GetCapture () returned 0x0 [0176.764] GetCapture () returned 0x0 [0176.764] CPicture::get_Attributes () returned 0x0 [0176.764] IsWindowVisible (hWnd=0x2036c) returned 1 [0176.764] IsIconic (hWnd=0x2036c) returned 0 [0176.764] IsZoomed (hWnd=0x2036c) returned 0 [0176.764] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x5, wParam=0x0, lParam=0x2a902ec) returned 0x0 [0176.764] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f3f0 | out: lpRect=0x19f3f0) returned 1 [0176.764] GetWindow (hWnd=0x2036c, uCmd=0x5) returned 0x501c4 [0176.764] GetWindow (hWnd=0x501c4, uCmd=0x2) returned 0x80056 [0176.764] GetParent (hWnd=0x501c4) returned 0x2036c [0176.764] GetWindow (hWnd=0x80056, uCmd=0x2) returned 0x9003a [0176.764] GetParent (hWnd=0x80056) returned 0x2036c [0176.764] GetWindow (hWnd=0x9003a, uCmd=0x2) returned 0x0 [0176.764] GetParent (hWnd=0x9003a) returned 0x2036c [0176.764] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0176.764] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f980 | out: lpRect=0x19f980) returned 1 [0176.764] MapWindowPoints (in: hWndFrom=0x2036c, hWndTo=0x0, lpPoints=0x19f980, cPoints=0x2 | out: lpPoints=0x19f980) returned 7209306 [0176.820] GetCapture () returned 0x0 [0176.820] GetCapture () returned 0x0 [0176.820] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0176.820] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0176.820] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0176.821] GetCapture () returned 0x0 [0176.821] GetCapture () returned 0x0 [0176.821] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0176.821] GetCapture () returned 0x0 [0176.821] GetCapture () returned 0x0 [0176.821] IsIconic (hWnd=0x2036c) returned 0 [0176.821] IsIconic (hWnd=0x2036c) returned 0 [0176.821] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0176.822] GetFocus () returned 0x80056 [0176.822] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0176.822] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x14, wParam=0x9b0109b9, lParam=0x0) returned 0x1 [0176.823] GetFocus () returned 0x80056 [0176.823] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0176.823] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0176.823] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0176.826] IsWindow (hWnd=0x2036c) returned 1 [0176.826] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0176.826] IsIconic (hWnd=0x2036c) returned 0 [0176.826] GetParent (hWnd=0x2036c) returned 0x0 [0176.826] TranslateMessage (lpMsg=0x19fe40) returned 0 [0176.826] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0176.826] GetCapture () returned 0x0 [0176.826] GetCapture () returned 0x0 [0176.826] IsIconic (hWnd=0x2036c) returned 0 [0176.826] GetUpdateRect (in: hWnd=0x2036c, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0176.826] BeginPaint (in: hWnd=0x2036c, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0x75010900 [0176.826] IsIconic (hWnd=0x2036c) returned 0 [0176.826] IsIconic (hWnd=0x2036c) returned 0 [0176.826] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0176.826] OleTranslateColor () returned 0x0 [0176.826] OleTranslateColor () returned 0x0 [0176.826] OleTranslateColor () returned 0x0 [0176.826] OleTranslateColor () returned 0x0 [0176.826] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0176.827] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0176.827] CPicture::get_Type () returned 0x0 [0176.827] CPicture::get_Type () returned 0x0 [0176.827] CPicture::get_Width () returned 0x0 [0176.827] CPicture::get_Height () returned 0x0 [0176.827] CPicture::get_Attributes () returned 0x0 [0176.827] CPicture::Render () returned 0x0 [0176.845] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0176.845] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0176.845] GetClipBox (in: hdc=0x75010900, lprect=0x19fa20 | out: lprect=0x19fa20) returned 3 [0176.845] SaveDC (hdc=0x75010900) returned 1 [0176.845] SelectObject (hdc=0x75010900, h=0x900015) returned 0x900015 [0176.845] SelectObject (hdc=0x75010900, h=0xb00016) returned 0x653008c6 [0176.845] SetROP2 (hdc=0x75010900, rop2=13) returned 13 [0176.845] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0176.845] OleTranslateColor () returned 0x0 [0176.845] OleTranslateColor () returned 0x0 [0176.846] SetTextColor (hdc=0x75010900, color=0xff00ff) returned 0x0 [0176.846] SetBkColor (hdc=0x75010900, color=0xf0f0f0) returned 0x0 [0176.846] SetBkMode (hdc=0x75010900, mode=1) returned 1 [0176.846] SelectObject (hdc=0x75010900, h=0x4e0a0925) returned 0x1a0a06fb [0176.846] GetViewportExtEx (in: hdc=0x75010900, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0176.846] GetWindowExtEx (in: hdc=0x75010900, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0176.846] SaveDC (hdc=0x75010900) returned 2 [0176.846] IntersectClipRect (hdc=0x75010900, left=72, top=296, right=769, bottom=385) returned 3 [0176.846] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe") returned 43 [0176.846] GetTextMetricsA (in: hdc=0x75010900, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0176.846] GetTextExtentPointA (in: hdc=0x75010900, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe", c=43, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0176.846] TextOutA (hdc=0x75010900, x=72, y=296, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe", c=43) returned 1 [0176.846] GetTextExtentPointA (in: hdc=0x75010900, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe", c=43, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0176.846] RestoreDC (hdc=0x75010900, nSavedDC=-1) returned 1 [0176.847] SetTextColor (hdc=0x75010900, color=0x0) returned 0xff00ff [0176.847] SetBkColor (hdc=0x75010900, color=0x0) returned 0xf0f0f0 [0176.847] SelectObject (hdc=0x75010900, h=0x1a0a06fb) returned 0x4e0a0925 [0176.847] RestoreDC (hdc=0x75010900, nSavedDC=1) returned 1 [0176.847] EndPaint (hWnd=0x2036c, lpPaint=0x19fab0) returned 1 [0176.847] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0176.847] IsWindow (hWnd=0x80056) returned 1 [0176.847] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0176.847] IsIconic (hWnd=0x2036c) returned 0 [0176.847] GetParent (hWnd=0x80056) returned 0x2036c [0176.847] TranslateMessage (lpMsg=0x19fe40) returned 0 [0176.847] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0176.848] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0176.848] GetCapture () returned 0x0 [0176.848] GetCapture () returned 0x0 [0176.848] IsWindow (hWnd=0x80056) returned 1 [0176.848] OleTranslateColor () returned 0x0 [0176.848] OleTranslateColor () returned 0x0 [0176.848] SetTextColor (hdc=0x9b0109b9, color=0x0) returned 0x0 [0176.848] SetBkColor (hdc=0x9b0109b9, color=0xffffff) returned 0xffffff [0176.848] OleTranslateColor () returned 0x0 [0176.848] GetCapture () returned 0x0 [0176.848] GetCapture () returned 0x0 [0176.848] IsWindow (hWnd=0x80056) returned 1 [0176.848] OleTranslateColor () returned 0x0 [0176.848] OleTranslateColor () returned 0x0 [0176.848] SetTextColor (hdc=0x9b0109b9, color=0x0) returned 0x0 [0176.848] SetBkColor (hdc=0x9b0109b9, color=0xffffff) returned 0xffffff [0176.848] OleTranslateColor () returned 0x0 [0187.099] GetFocus () returned 0x80056 [0187.099] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0187.100] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0187.100] IsWindow (hWnd=0x501c4) returned 1 [0187.100] GetWindowLongA (hWnd=0x501c4, nIndex=-16) returned 1140916224 [0187.100] IsIconic (hWnd=0x2036c) returned 0 [0187.100] GetParent (hWnd=0x501c4) returned 0x2036c [0187.100] TranslateMessage (lpMsg=0x19fe40) returned 0 [0187.100] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0187.101] KillTimer (hWnd=0x501c4, uIDEvent=0x501c4) returned 1 [0187.101] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0187.102] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0187.102] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0187.102] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0187.102] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0187.102] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0187.102] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0187.103] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0187.103] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0187.103] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0187.103] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0187.103] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0187.103] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0187.103] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0187.103] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0187.104] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0187.104] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0187.104] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0187.104] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b0c8 [0187.104] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0187.105] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0187.105] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0187.105] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x5d52cc, cchWideChar=15 | out: lpWideCharStr="Kawaii-Unicorn") returned 15 [0187.105] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x215b0c8 | out: hHeap=0x2150000) returned 1 [0187.106] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0187.106] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5b9b0c, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0187.106] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0187.107] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x8a3caf, ExceptionRecord=0x0, ReturnValue=0x0) [0187.109] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0187.109] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5b9b0c, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0187.109] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0187.109] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x8a3caf, ExceptionRecord=0x0, ReturnValue=0x0) [0187.110] SetTimer (hWnd=0x501c4, nIDEvent=0x501c4, uElapse=0x2328, lpTimerFunc=0x0) returned 0x501c4 [0187.110] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0187.110] IsWindow (hWnd=0x9003a) returned 1 [0187.110] GetWindowLongA (hWnd=0x9003a, nIndex=-16) returned 1140916224 [0187.110] IsIconic (hWnd=0x2036c) returned 0 [0187.110] GetParent (hWnd=0x9003a) returned 0x2036c [0187.110] TranslateMessage (lpMsg=0x19fe40) returned 0 [0187.110] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0187.110] KillTimer (hWnd=0x9003a, uIDEvent=0x9003a) returned 1 [0187.111] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x21, wSecond=0x14, wMilliseconds=0x2d9)) [0187.111] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0187.111] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0187.111] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0187.111] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0187.111] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0187.112] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0187.112] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0187.112] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0187.112] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0187.112] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0187.112] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0187.113] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0187.113] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0187.113] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0187.113] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe") returned 0x2c [0187.113] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe", cchWideChar=45, lpMultiByteStr=0x5dd7d4, cbMultiByte=89, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe", lpUsedDefaultChar=0x0) returned 45 [0187.113] lstrcmpA (lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7893.exe", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe") returned 1 [0187.113] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe") returned 44 [0187.113] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3bb0 [0187.114] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0187.114] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0187.114] InvalidateRect (hWnd=0x2036c, lpRect=0x19f8e8, bErase=1) returned 1 [0187.114] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0187.114] GetFocus () returned 0x80056 [0187.114] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0187.114] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0187.114] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0187.114] GetFocus () returned 0x80056 [0187.115] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0187.115] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="5", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0187.115] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="5", cbMultiByte=-1, lpWideCharStr=0x5b9b0c, cchWideChar=2 | out: lpWideCharStr="5") returned 2 [0187.115] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0187.115] GetUserDefaultLCID () returned 0x409 [0187.115] VarR8FromStr (in: strIn="5", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0187.115] GetUserDefaultLCID () returned 0x409 [0187.115] VarBstrFromR8 (in: dblIn=0x0, lcid=0x40180000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0187.115] SysStringLen (param_1="6") returned 0x1 [0187.115] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="6", cchWideChar=2, lpMultiByteStr=0x5b9bac, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="6", lpUsedDefaultChar=0x0) returned 2 [0187.115] SetWindowTextA (hWnd=0x80056, lpString="6") returned 1 [0187.115] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0187.115] GetFocus () returned 0x80056 [0187.115] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0187.116] lstrlenA (lpString="6") returned 1 [0187.116] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0187.116] GetWindowTextA (in: hWnd=0x80056, lpString=0x28f3a50, nMaxCount=2 | out: lpString="5") returned 1 [0187.116] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0187.116] GetFocus () returned 0x80056 [0187.116] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0187.116] lstrcmpA (lpString1="5", lpString2="6") returned -1 [0187.116] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0187.116] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xc, wParam=0x0, lParam=0x5b9bac) returned 0x1 [0187.116] GetCapture () returned 0x0 [0187.116] GetCapture () returned 0x0 [0187.116] IsWindow (hWnd=0x80056) returned 1 [0187.116] IsWindow (hWnd=0x80056) returned 1 [0187.117] GetCapture () returned 0x0 [0187.117] GetCapture () returned 0x0 [0187.117] IsWindow (hWnd=0x80056) returned 1 [0187.117] IsWindow (hWnd=0x80056) returned 1 [0187.117] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x21, wSecond=0x14, wMilliseconds=0x2d9)) [0187.117] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0187.117] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0187.117] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0187.117] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0187.117] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0187.117] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0187.117] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0187.118] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0187.118] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0187.118] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0187.118] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0187.118] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0187.118] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0187.118] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0187.118] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0187.118] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0187.118] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0187.118] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0187.118] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b098 [0187.119] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0187.119] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0187.119] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0187.119] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x5d52cc, cchWideChar=15 | out: lpWideCharStr="Kawaii-Unicorn") returned 15 [0187.119] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x215b098 | out: hHeap=0x2150000) returned 1 [0187.120] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpUsedDefaultChar=0x0) returned 46 [0187.120] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpFilePart=0x19e9fc*="Kawaii-Unicorn.exe") returned 0x2d [0187.120] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0187.121] GetLastError () returned 0x20 [0187.121] GetLastError () returned 0x20 [0187.121] SetLastError (dwErrCode=0x20) [0187.121] GetLastError () returned 0x20 [0187.121] SetLastError (dwErrCode=0x20) [0187.121] GetLastError () returned 0x20 [0187.121] SetLastError (dwErrCode=0x20) [0187.121] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0187.121] GetLastError () returned 0x20 [0187.122] GetLastError () returned 0x20 [0187.122] SetLastError (dwErrCode=0x20) [0187.122] GetLastError () returned 0x20 [0187.122] SetLastError (dwErrCode=0x20) [0187.122] GetLastError () returned 0x20 [0187.122] SetLastError (dwErrCode=0x20) [0187.122] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0187.122] GetFileType (hFile=0x258) returned 0x1 [0187.122] IMalloc:Alloc (This=0x7627fec4, cb=0x6a) returned 0x5dd908 [0187.122] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.123] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75130 [0187.123] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.123] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0187.128] ReadFile (in: hFile=0x258, lpBuffer=0x5dd9e8, nNumberOfBytesToRead=0x75131, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesRead=0x19eb68*=0x75130, lpOverlapped=0x0) returned 1 [0187.131] CloseHandle (hObject=0x258) returned 1 [0187.131] IMalloc:Free (This=0x7627fec4, pv=0x5dd908) [0187.131] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0187.131] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe") returned 44 [0187.131] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3b78 [0187.131] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe") returned 44 [0187.131] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0187.131] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe", cbMultiByte=-1, lpWideCharStr=0x5dd7d4, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe") returned 45 [0187.132] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0187.132] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe", lpUsedDefaultChar=0x0) returned 45 [0187.132] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe", lpFilePart=0x19e9fc*="Unicorn-38283.exe") returned 0x2c [0187.132] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-38283.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0187.133] GetFileType (hFile=0x258) returned 0x1 [0187.133] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x5dd908 [0187.133] WriteFile (in: hFile=0x258, lpBuffer=0x5dd9e8*, nNumberOfBytesToWrite=0x75131, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesWritten=0x19e760*=0x75131, lpOverlapped=0x0) returned 1 [0189.068] CloseHandle (hObject=0x258) returned 1 [0189.082] IMalloc:Free (This=0x7627fec4, pv=0x5dd908) [0189.082] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe") returned 44 [0189.082] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3b78 [0189.082] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe") returned 44 [0189.082] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0189.083] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe", cbMultiByte=-1, lpWideCharStr=0x5dd7d4, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe") returned 45 [0189.083] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0189.083] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44 | out: lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe", lpProcessInformation=0x19ec44*(hProcess=0x1e0, hThread=0x258, dwProcessId=0x9ac, dwThreadId=0xa70)) returned 1 [0190.934] GetLastError () returned 0x715 [0190.934] WaitForInputIdle (hProcess=0x1e0, dwMilliseconds=0x2710) returned 0x102 [0203.607] CloseHandle (hObject=0x258) returned 1 [0203.607] CloseHandle (hObject=0x1e0) returned 1 [0203.608] SafeArrayDestroyDescriptor (psa=0x5d3ce8) returned 0x0 [0203.609] GetFocus () returned 0x80056 [0203.609] GetCaretPos (in: lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1 [0203.609] SetTimer (hWnd=0x9003a, nIDEvent=0x9003a, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x9003a [0203.610] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0203.616] GetCapture () returned 0x0 [0203.616] GetCapture () returned 0x0 [0203.616] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0203.617] GetCapture () returned 0x0 [0203.617] GetCapture () returned 0x0 [0203.617] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0203.992] GetCapture () returned 0x0 [0203.992] GetCapture () returned 0x0 [0203.992] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x85, wParam=0x21040c0d, lParam=0x0) returned 0x0 [0203.992] GetCapture () returned 0x0 [0203.992] GetCapture () returned 0x0 [0203.992] IsIconic (hWnd=0x2036c) returned 0 [0203.992] IsIconic (hWnd=0x2036c) returned 0 [0203.993] GetCapture () returned 0x0 [0203.993] GetCapture () returned 0x0 [0203.993] GetParent (hWnd=0x2036c) returned 0x0 [0203.993] GetWindowRect (in: hWnd=0x2036c, lpRect=0x19f910 | out: lpRect=0x19f910) returned 1 [0203.993] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0203.993] GetCapture () returned 0x0 [0203.993] GetCapture () returned 0x0 [0203.993] CPicture::get_Attributes () returned 0x0 [0203.993] IsWindowVisible (hWnd=0x2036c) returned 1 [0203.993] IsIconic (hWnd=0x2036c) returned 0 [0203.993] IsZoomed (hWnd=0x2036c) returned 0 [0203.993] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x5, wParam=0x0, lParam=0x2a902ec) returned 0x0 [0203.997] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f3f0 | out: lpRect=0x19f3f0) returned 1 [0203.997] GetWindow (hWnd=0x2036c, uCmd=0x5) returned 0x501c4 [0203.997] GetWindow (hWnd=0x501c4, uCmd=0x2) returned 0x80056 [0203.997] GetParent (hWnd=0x501c4) returned 0x2036c [0203.997] GetWindow (hWnd=0x80056, uCmd=0x2) returned 0x9003a [0203.997] GetParent (hWnd=0x80056) returned 0x2036c [0203.997] GetWindow (hWnd=0x9003a, uCmd=0x2) returned 0x0 [0203.997] GetParent (hWnd=0x9003a) returned 0x2036c [0203.997] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0203.997] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f980 | out: lpRect=0x19f980) returned 1 [0203.997] MapWindowPoints (in: hWndFrom=0x2036c, hWndTo=0x0, lpPoints=0x19f980, cPoints=0x2 | out: lpPoints=0x19f980) returned 7209306 [0204.003] GetCapture () returned 0x0 [0204.003] GetCapture () returned 0x0 [0204.003] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0204.003] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0204.004] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0204.005] GetCapture () returned 0x0 [0204.005] GetCapture () returned 0x0 [0204.005] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0204.005] GetCapture () returned 0x0 [0204.005] GetCapture () returned 0x0 [0204.005] IsIconic (hWnd=0x2036c) returned 0 [0204.005] IsIconic (hWnd=0x2036c) returned 0 [0204.005] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0204.006] GetFocus () returned 0x80056 [0204.006] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0204.006] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x14, wParam=0x2010d0b, lParam=0x0) returned 0x1 [0204.006] GetFocus () returned 0x80056 [0204.006] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0204.007] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0204.007] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0204.011] IsWindow (hWnd=0x2036c) returned 1 [0204.011] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0204.011] IsIconic (hWnd=0x2036c) returned 0 [0204.011] GetParent (hWnd=0x2036c) returned 0x0 [0204.011] TranslateMessage (lpMsg=0x19fe40) returned 0 [0204.011] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0204.011] GetCapture () returned 0x0 [0204.011] GetCapture () returned 0x0 [0204.011] IsIconic (hWnd=0x2036c) returned 0 [0204.011] GetUpdateRect (in: hWnd=0x2036c, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0204.011] BeginPaint (in: hWnd=0x2036c, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0x75010900 [0204.012] IsIconic (hWnd=0x2036c) returned 0 [0204.012] IsIconic (hWnd=0x2036c) returned 0 [0204.012] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0204.012] OleTranslateColor () returned 0x0 [0204.012] OleTranslateColor () returned 0x0 [0204.012] OleTranslateColor () returned 0x0 [0204.012] OleTranslateColor () returned 0x0 [0204.012] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0204.012] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0204.012] CPicture::get_Type () returned 0x0 [0204.012] CPicture::get_Type () returned 0x0 [0204.012] CPicture::get_Width () returned 0x0 [0204.012] CPicture::get_Height () returned 0x0 [0204.012] CPicture::get_Attributes () returned 0x0 [0204.012] CPicture::Render () returned 0x0 [0204.035] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0204.035] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0204.035] GetClipBox (in: hdc=0x75010900, lprect=0x19fa20 | out: lprect=0x19fa20) returned 3 [0204.035] SaveDC (hdc=0x75010900) returned 1 [0204.035] SelectObject (hdc=0x75010900, h=0x900015) returned 0x900015 [0204.035] SelectObject (hdc=0x75010900, h=0xb00016) returned 0x653008c6 [0204.035] SetROP2 (hdc=0x75010900, rop2=13) returned 13 [0204.035] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0204.035] OleTranslateColor () returned 0x0 [0204.035] OleTranslateColor () returned 0x0 [0204.035] SetTextColor (hdc=0x75010900, color=0xff00ff) returned 0x0 [0204.035] SetBkColor (hdc=0x75010900, color=0xf0f0f0) returned 0x0 [0204.035] SetBkMode (hdc=0x75010900, mode=1) returned 1 [0204.035] SelectObject (hdc=0x75010900, h=0x4e0a0925) returned 0x1a0a06fb [0204.036] GetViewportExtEx (in: hdc=0x75010900, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0204.036] GetWindowExtEx (in: hdc=0x75010900, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0204.036] SaveDC (hdc=0x75010900) returned 2 [0204.036] IntersectClipRect (hdc=0x75010900, left=72, top=296, right=769, bottom=385) returned 3 [0204.036] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe") returned 44 [0204.036] GetTextMetricsA (in: hdc=0x75010900, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0204.036] GetTextExtentPointA (in: hdc=0x75010900, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0204.036] TextOutA (hdc=0x75010900, x=72, y=296, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe", c=44) returned 1 [0204.036] GetTextExtentPointA (in: hdc=0x75010900, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0204.036] RestoreDC (hdc=0x75010900, nSavedDC=-1) returned 1 [0204.037] SetTextColor (hdc=0x75010900, color=0x0) returned 0xff00ff [0204.037] SetBkColor (hdc=0x75010900, color=0x0) returned 0xf0f0f0 [0204.037] SelectObject (hdc=0x75010900, h=0x1a0a06fb) returned 0x4e0a0925 [0204.037] RestoreDC (hdc=0x75010900, nSavedDC=1) returned 1 [0204.037] EndPaint (hWnd=0x2036c, lpPaint=0x19fab0) returned 1 [0204.037] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0204.037] IsWindow (hWnd=0x80056) returned 1 [0204.038] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0204.038] IsIconic (hWnd=0x2036c) returned 0 [0204.038] GetParent (hWnd=0x80056) returned 0x2036c [0204.038] TranslateMessage (lpMsg=0x19fe40) returned 0 [0204.038] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0204.038] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0204.038] GetCapture () returned 0x0 [0204.038] GetCapture () returned 0x0 [0204.038] IsWindow (hWnd=0x80056) returned 1 [0204.038] OleTranslateColor () returned 0x0 [0204.038] OleTranslateColor () returned 0x0 [0204.038] SetTextColor (hdc=0x2010d0b, color=0x0) returned 0x0 [0204.038] SetBkColor (hdc=0x2010d0b, color=0xffffff) returned 0xffffff [0204.038] OleTranslateColor () returned 0x0 [0204.039] GetCapture () returned 0x0 [0204.039] GetCapture () returned 0x0 [0204.039] IsWindow (hWnd=0x80056) returned 1 [0204.039] OleTranslateColor () returned 0x0 [0204.039] OleTranslateColor () returned 0x0 [0204.039] SetTextColor (hdc=0x2010d0b, color=0x0) returned 0x0 [0204.039] SetBkColor (hdc=0x2010d0b, color=0xffffff) returned 0xffffff [0204.039] OleTranslateColor () returned 0x0 [0215.072] GetFocus () returned 0x80056 [0215.073] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0215.073] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0215.073] IsWindow (hWnd=0x501c4) returned 1 [0215.073] GetWindowLongA (hWnd=0x501c4, nIndex=-16) returned 1140916224 [0215.073] IsIconic (hWnd=0x2036c) returned 0 [0215.073] GetParent (hWnd=0x501c4) returned 0x2036c [0215.073] TranslateMessage (lpMsg=0x19fe40) returned 0 [0215.074] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0215.074] KillTimer (hWnd=0x501c4, uIDEvent=0x501c4) returned 1 [0215.074] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0215.074] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0215.074] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0215.074] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0215.075] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0215.075] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0215.075] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0215.075] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0215.075] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0215.075] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0215.075] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0215.076] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0215.076] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0215.076] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0215.076] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0215.076] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0215.076] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0215.076] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0215.076] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b0c8 [0215.076] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0215.077] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0215.077] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0215.077] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x5d4e94, cchWideChar=15 | out: lpWideCharStr="Kawaii-Unicorn") returned 15 [0215.077] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x215b0c8 | out: hHeap=0x2150000) returned 1 [0215.078] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0215.078] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5b9bac, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0215.078] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0215.079] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x8a3caf, ExceptionRecord=0x0, ReturnValue=0x0) [0215.079] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0215.079] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5b9bac, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0215.079] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0215.080] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x8a3caf, ExceptionRecord=0x0, ReturnValue=0x0) [0215.080] SetTimer (hWnd=0x501c4, nIDEvent=0x501c4, uElapse=0x2328, lpTimerFunc=0x0) returned 0x501c4 [0215.080] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0215.080] IsWindow (hWnd=0x9003a) returned 1 [0215.080] GetWindowLongA (hWnd=0x9003a, nIndex=-16) returned 1140916224 [0215.080] IsIconic (hWnd=0x2036c) returned 0 [0215.080] GetParent (hWnd=0x9003a) returned 0x2036c [0215.080] TranslateMessage (lpMsg=0x19fe40) returned 0 [0215.081] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0215.081] KillTimer (hWnd=0x9003a, uIDEvent=0x9003a) returned 1 [0215.081] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x21, wSecond=0x30, wMilliseconds=0x2b3)) [0215.081] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0215.082] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0215.082] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0215.082] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0215.082] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0215.082] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0215.082] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0215.082] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0215.083] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0215.083] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0215.083] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0215.083] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0215.083] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0215.083] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0215.083] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe") returned 0x2c [0215.083] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe", cchWideChar=45, lpMultiByteStr=0x5dd8a4, cbMultiByte=89, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe", lpUsedDefaultChar=0x0) returned 45 [0215.083] lstrcmpA (lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-38283.exe", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe") returned 1 [0215.084] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe") returned 44 [0215.084] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3b78 [0215.084] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0215.084] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0215.084] InvalidateRect (hWnd=0x2036c, lpRect=0x19f8e8, bErase=1) returned 1 [0215.085] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0215.085] GetFocus () returned 0x80056 [0215.085] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0215.085] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0215.085] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0215.085] GetFocus () returned 0x80056 [0215.085] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0215.085] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="6", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0215.085] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="6", cbMultiByte=-1, lpWideCharStr=0x5b9bac, cchWideChar=2 | out: lpWideCharStr="6") returned 2 [0215.085] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0215.085] GetUserDefaultLCID () returned 0x409 [0215.085] VarR8FromStr (in: strIn="6", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0215.085] GetUserDefaultLCID () returned 0x409 [0215.085] VarBstrFromR8 (in: dblIn=0x0, lcid=0x401c0000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0215.085] SysStringLen (param_1="7") returned 0x1 [0215.086] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7", cchWideChar=2, lpMultiByteStr=0x5d9444, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7", lpUsedDefaultChar=0x0) returned 2 [0215.086] SetWindowTextA (hWnd=0x80056, lpString="7") returned 1 [0215.086] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0215.086] GetFocus () returned 0x80056 [0215.086] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0215.086] lstrlenA (lpString="7") returned 1 [0215.086] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0215.086] GetWindowTextA (in: hWnd=0x80056, lpString=0x28f3a50, nMaxCount=2 | out: lpString="6") returned 1 [0215.086] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0215.087] GetFocus () returned 0x80056 [0215.087] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0215.087] lstrcmpA (lpString1="6", lpString2="7") returned -1 [0215.087] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0215.087] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xc, wParam=0x0, lParam=0x5d9444) returned 0x1 [0215.087] GetCapture () returned 0x0 [0215.087] GetCapture () returned 0x0 [0215.087] IsWindow (hWnd=0x80056) returned 1 [0215.088] IsWindow (hWnd=0x80056) returned 1 [0215.088] GetCapture () returned 0x0 [0215.088] GetCapture () returned 0x0 [0215.088] IsWindow (hWnd=0x80056) returned 1 [0215.088] IsWindow (hWnd=0x80056) returned 1 [0215.088] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x21, wSecond=0x30, wMilliseconds=0x2c3)) [0215.088] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0215.091] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0215.091] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0215.091] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0215.091] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0215.091] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0215.091] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0215.092] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0215.092] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0215.092] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0215.092] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0215.092] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0215.092] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0215.092] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0215.092] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0215.092] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0215.092] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0215.092] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0215.092] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b098 [0215.093] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0215.093] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0215.093] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0215.093] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x5d4e94, cchWideChar=15 | out: lpWideCharStr="Kawaii-Unicorn") returned 15 [0215.093] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x215b098 | out: hHeap=0x2150000) returned 1 [0215.093] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpUsedDefaultChar=0x0) returned 46 [0215.093] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpFilePart=0x19e9fc*="Kawaii-Unicorn.exe") returned 0x2d [0215.094] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0215.094] GetLastError () returned 0x20 [0215.094] GetLastError () returned 0x20 [0215.095] SetLastError (dwErrCode=0x20) [0215.095] GetLastError () returned 0x20 [0215.095] SetLastError (dwErrCode=0x20) [0215.095] GetLastError () returned 0x20 [0215.095] SetLastError (dwErrCode=0x20) [0215.095] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0215.095] GetLastError () returned 0x20 [0215.095] GetLastError () returned 0x20 [0215.095] SetLastError (dwErrCode=0x20) [0215.095] GetLastError () returned 0x20 [0215.095] SetLastError (dwErrCode=0x20) [0215.095] GetLastError () returned 0x20 [0215.095] SetLastError (dwErrCode=0x20) [0215.095] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0215.095] GetFileType (hFile=0x1e0) returned 0x1 [0215.096] IMalloc:Alloc (This=0x7627fec4, cb=0x6a) returned 0x5dd908 [0215.096] SetFilePointer (in: hFile=0x1e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0215.096] SetFilePointer (in: hFile=0x1e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75130 [0215.096] SetFilePointer (in: hFile=0x1e0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0215.096] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0215.098] ReadFile (in: hFile=0x1e0, lpBuffer=0x5dd9e8, nNumberOfBytesToRead=0x75131, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesRead=0x19eb68*=0x75130, lpOverlapped=0x0) returned 1 [0215.101] CloseHandle (hObject=0x1e0) returned 1 [0215.101] IMalloc:Free (This=0x7627fec4, pv=0x5dd908) [0215.101] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0215.101] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe") returned 44 [0215.101] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3bb0 [0215.101] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe") returned 44 [0215.101] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0215.101] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe", cbMultiByte=-1, lpWideCharStr=0x5dd8a4, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe") returned 45 [0215.102] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0215.110] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe", lpUsedDefaultChar=0x0) returned 45 [0215.110] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe", lpFilePart=0x19e9fc*="Unicorn-23559.exe") returned 0x2c [0215.112] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-23559.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0215.124] GetFileType (hFile=0x1e0) returned 0x1 [0215.124] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x5dd908 [0215.124] WriteFile (in: hFile=0x1e0, lpBuffer=0x5dd9e8*, nNumberOfBytesToWrite=0x75131, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesWritten=0x19e760*=0x75131, lpOverlapped=0x0) returned 1 [0215.133] CloseHandle (hObject=0x1e0) returned 1 [0219.287] IMalloc:Free (This=0x7627fec4, pv=0x5dd908) [0219.287] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe") returned 44 [0219.287] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3bb0 [0219.287] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe") returned 44 [0219.287] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0219.287] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe", cbMultiByte=-1, lpWideCharStr=0x5dd8a4, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe") returned 45 [0219.288] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0219.288] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44 | out: lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe", lpProcessInformation=0x19ec44*(hProcess=0x258, hThread=0x1e0, dwProcessId=0x164c, dwThreadId=0x1684)) returned 1 [0220.741] GetLastError () returned 0x715 [0220.741] WaitForInputIdle (hProcess=0x258, dwMilliseconds=0x2710) returned 0x102 [0235.064] CloseHandle (hObject=0x1e0) returned 1 [0235.064] CloseHandle (hObject=0x258) returned 1 [0235.065] SafeArrayDestroyDescriptor (psa=0x5d3aa8) returned 0x0 [0235.065] GetFocus () returned 0x80056 [0235.065] GetCaretPos (in: lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1 [0235.066] SetTimer (hWnd=0x9003a, nIDEvent=0x9003a, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x9003a [0235.066] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0235.071] GetCapture () returned 0x0 [0235.071] GetCapture () returned 0x0 [0235.071] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0235.071] GetCapture () returned 0x0 [0235.071] GetCapture () returned 0x0 [0235.071] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0235.073] GetCapture () returned 0x0 [0235.073] GetCapture () returned 0x0 [0235.073] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x85, wParam=0x304115c, lParam=0x0) returned 0x0 [0235.074] GetCapture () returned 0x0 [0235.074] GetCapture () returned 0x0 [0235.074] IsIconic (hWnd=0x2036c) returned 0 [0235.074] IsIconic (hWnd=0x2036c) returned 0 [0235.099] GetCapture () returned 0x0 [0235.099] GetCapture () returned 0x0 [0235.099] GetParent (hWnd=0x2036c) returned 0x0 [0235.099] GetWindowRect (in: hWnd=0x2036c, lpRect=0x19f910 | out: lpRect=0x19f910) returned 1 [0235.099] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0235.099] GetCapture () returned 0x0 [0235.099] GetCapture () returned 0x0 [0235.099] CPicture::get_Attributes () returned 0x0 [0235.099] IsWindowVisible (hWnd=0x2036c) returned 1 [0235.100] IsIconic (hWnd=0x2036c) returned 0 [0235.100] IsZoomed (hWnd=0x2036c) returned 0 [0235.100] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x5, wParam=0x0, lParam=0x2a902ec) returned 0x0 [0235.100] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f3f0 | out: lpRect=0x19f3f0) returned 1 [0235.100] GetWindow (hWnd=0x2036c, uCmd=0x5) returned 0x501c4 [0235.100] GetWindow (hWnd=0x501c4, uCmd=0x2) returned 0x80056 [0235.100] GetParent (hWnd=0x501c4) returned 0x2036c [0235.100] GetWindow (hWnd=0x80056, uCmd=0x2) returned 0x9003a [0235.100] GetParent (hWnd=0x80056) returned 0x2036c [0235.100] GetWindow (hWnd=0x9003a, uCmd=0x2) returned 0x0 [0235.100] GetParent (hWnd=0x9003a) returned 0x2036c [0235.100] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0235.100] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f980 | out: lpRect=0x19f980) returned 1 [0235.100] MapWindowPoints (in: hWndFrom=0x2036c, hWndTo=0x0, lpPoints=0x19f980, cPoints=0x2 | out: lpPoints=0x19f980) returned 7209306 [0235.128] GetCapture () returned 0x0 [0235.128] GetCapture () returned 0x0 [0235.128] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0235.128] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0235.128] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0235.130] GetCapture () returned 0x0 [0235.130] GetCapture () returned 0x0 [0235.130] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0235.130] GetCapture () returned 0x0 [0235.130] GetCapture () returned 0x0 [0235.130] IsIconic (hWnd=0x2036c) returned 0 [0235.130] IsIconic (hWnd=0x2036c) returned 0 [0235.130] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0235.131] GetFocus () returned 0x80056 [0235.131] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0235.132] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x14, wParam=0x56011328, lParam=0x0) returned 0x1 [0235.132] GetFocus () returned 0x80056 [0235.132] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0235.132] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0235.132] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0235.135] IsWindow (hWnd=0x2036c) returned 1 [0235.135] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0235.135] IsIconic (hWnd=0x2036c) returned 0 [0235.135] GetParent (hWnd=0x2036c) returned 0x0 [0235.135] TranslateMessage (lpMsg=0x19fe40) returned 0 [0235.135] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0235.135] GetCapture () returned 0x0 [0235.135] GetCapture () returned 0x0 [0235.135] IsIconic (hWnd=0x2036c) returned 0 [0235.135] GetUpdateRect (in: hWnd=0x2036c, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0235.135] BeginPaint (in: hWnd=0x2036c, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0x75010900 [0235.135] IsIconic (hWnd=0x2036c) returned 0 [0235.135] IsIconic (hWnd=0x2036c) returned 0 [0235.135] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0235.135] OleTranslateColor () returned 0x0 [0235.135] OleTranslateColor () returned 0x0 [0235.135] OleTranslateColor () returned 0x0 [0235.135] OleTranslateColor () returned 0x0 [0235.135] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0235.136] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0235.136] CPicture::get_Type () returned 0x0 [0235.136] CPicture::get_Type () returned 0x0 [0235.136] CPicture::get_Width () returned 0x0 [0235.136] CPicture::get_Height () returned 0x0 [0235.136] CPicture::get_Attributes () returned 0x0 [0235.136] CPicture::Render () returned 0x0 [0237.764] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0237.764] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0237.764] GetClipBox (in: hdc=0x75010900, lprect=0x19fa20 | out: lprect=0x19fa20) returned 3 [0237.764] SaveDC (hdc=0x75010900) returned 1 [0237.764] SelectObject (hdc=0x75010900, h=0x900015) returned 0x900015 [0237.764] SelectObject (hdc=0x75010900, h=0xb00016) returned 0x653008c6 [0237.764] SetROP2 (hdc=0x75010900, rop2=13) returned 13 [0237.764] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0237.764] OleTranslateColor () returned 0x0 [0237.764] OleTranslateColor () returned 0x0 [0237.764] SetTextColor (hdc=0x75010900, color=0xff00ff) returned 0x0 [0237.764] SetBkColor (hdc=0x75010900, color=0xf0f0f0) returned 0x0 [0237.764] SetBkMode (hdc=0x75010900, mode=1) returned 1 [0237.764] SelectObject (hdc=0x75010900, h=0x4e0a0925) returned 0x1a0a06fb [0237.764] GetViewportExtEx (in: hdc=0x75010900, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0237.764] GetWindowExtEx (in: hdc=0x75010900, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0237.764] SaveDC (hdc=0x75010900) returned 2 [0237.764] IntersectClipRect (hdc=0x75010900, left=72, top=296, right=769, bottom=385) returned 3 [0237.764] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe") returned 44 [0237.764] GetTextMetricsA (in: hdc=0x75010900, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0237.765] GetTextExtentPointA (in: hdc=0x75010900, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0237.765] TextOutA (hdc=0x75010900, x=72, y=296, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe", c=44) returned 1 [0237.765] GetTextExtentPointA (in: hdc=0x75010900, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0237.765] RestoreDC (hdc=0x75010900, nSavedDC=-1) returned 1 [0237.765] SetTextColor (hdc=0x75010900, color=0x0) returned 0xff00ff [0237.765] SetBkColor (hdc=0x75010900, color=0x0) returned 0xf0f0f0 [0237.765] SelectObject (hdc=0x75010900, h=0x1a0a06fb) returned 0x4e0a0925 [0237.765] RestoreDC (hdc=0x75010900, nSavedDC=1) returned 1 [0237.765] EndPaint (hWnd=0x2036c, lpPaint=0x19fab0) returned 1 [0237.765] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0237.766] IsWindow (hWnd=0x80056) returned 1 [0237.766] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0237.766] IsIconic (hWnd=0x2036c) returned 0 [0237.766] GetParent (hWnd=0x80056) returned 0x2036c [0237.766] TranslateMessage (lpMsg=0x19fe40) returned 0 [0237.766] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0237.766] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0237.766] GetCapture () returned 0x0 [0237.766] GetCapture () returned 0x0 [0237.766] IsWindow (hWnd=0x80056) returned 1 [0237.766] OleTranslateColor () returned 0x0 [0237.766] OleTranslateColor () returned 0x0 [0237.766] SetTextColor (hdc=0x37010b8e, color=0x0) returned 0x0 [0237.766] SetBkColor (hdc=0x37010b8e, color=0xffffff) returned 0xffffff [0237.766] OleTranslateColor () returned 0x0 [0237.766] GetCapture () returned 0x0 [0237.767] GetCapture () returned 0x0 [0237.767] IsWindow (hWnd=0x80056) returned 1 [0237.767] OleTranslateColor () returned 0x0 [0237.767] OleTranslateColor () returned 0x0 [0237.767] SetTextColor (hdc=0x37010b8e, color=0x0) returned 0x0 [0237.767] SetBkColor (hdc=0x37010b8e, color=0xffffff) returned 0xffffff [0237.767] OleTranslateColor () returned 0x0 [0248.252] GetFocus () returned 0x80056 [0248.252] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0248.253] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0248.253] IsWindow (hWnd=0x501c4) returned 1 [0248.253] GetWindowLongA (hWnd=0x501c4, nIndex=-16) returned 1140916224 [0248.253] IsIconic (hWnd=0x2036c) returned 0 [0248.253] GetParent (hWnd=0x501c4) returned 0x2036c [0248.253] TranslateMessage (lpMsg=0x19fe40) returned 0 [0248.253] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0248.253] KillTimer (hWnd=0x501c4, uIDEvent=0x501c4) returned 1 [0248.253] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0248.254] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0248.254] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0248.254] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0248.254] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0248.254] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0248.254] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0248.254] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0248.255] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0248.255] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0248.255] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0248.255] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0248.255] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0248.255] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0248.255] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0248.255] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0248.255] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0248.255] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0248.255] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b0c8 [0248.255] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0248.256] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0248.256] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0248.256] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x5d52cc, cchWideChar=15 | out: lpWideCharStr="Kawaii-Unicorn") returned 15 [0248.256] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x215b0c8 | out: hHeap=0x2150000) returned 1 [0248.256] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0248.256] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5d9444, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0248.257] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0248.257] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x8a3caf, ExceptionRecord=0x0, ReturnValue=0x0) [0248.257] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0248.257] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5d9444, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0248.257] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0248.258] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x8a3caf, ExceptionRecord=0x0, ReturnValue=0x0) [0248.258] SetTimer (hWnd=0x501c4, nIDEvent=0x501c4, uElapse=0x2328, lpTimerFunc=0x0) returned 0x501c4 [0248.258] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0248.258] IsWindow (hWnd=0x9003a) returned 1 [0248.258] GetWindowLongA (hWnd=0x9003a, nIndex=-16) returned 1140916224 [0248.258] IsIconic (hWnd=0x2036c) returned 0 [0248.258] GetParent (hWnd=0x9003a) returned 0x2036c [0248.258] TranslateMessage (lpMsg=0x19fe40) returned 0 [0248.258] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0248.258] KillTimer (hWnd=0x9003a, uIDEvent=0x9003a) returned 1 [0248.258] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x22, wSecond=0x15, wMilliseconds=0x362)) [0248.259] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0248.259] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0248.259] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0248.259] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0248.259] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0248.259] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0248.259] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0248.259] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0248.260] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0248.260] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0248.260] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0248.260] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0248.260] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0248.260] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0248.260] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe") returned 0x2b [0248.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe", cchWideChar=44, lpMultiByteStr=0x5dd83c, cbMultiByte=87, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe", lpUsedDefaultChar=0x0) returned 44 [0248.260] lstrcmpA (lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-23559.exe", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe") returned -1 [0248.260] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe") returned 43 [0248.260] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2c) returned 0x28f3bb0 [0248.261] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0248.261] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0248.261] InvalidateRect (hWnd=0x2036c, lpRect=0x19f8e8, bErase=1) returned 1 [0248.262] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0248.262] GetFocus () returned 0x80056 [0248.262] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0248.262] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0248.262] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0248.262] GetFocus () returned 0x80056 [0248.262] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0248.262] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="7", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0248.262] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="7", cbMultiByte=-1, lpWideCharStr=0x5d9444, cchWideChar=2 | out: lpWideCharStr="7") returned 2 [0248.262] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0248.263] GetUserDefaultLCID () returned 0x409 [0248.263] VarR8FromStr (in: strIn="7", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0248.263] GetUserDefaultLCID () returned 0x409 [0248.263] VarBstrFromR8 (in: dblIn=0x0, lcid=0x40200000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0248.263] SysStringLen (param_1="8") returned 0x1 [0248.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="8", cchWideChar=2, lpMultiByteStr=0x5b9b0c, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8", lpUsedDefaultChar=0x0) returned 2 [0248.263] SetWindowTextA (hWnd=0x80056, lpString="8") returned 1 [0248.263] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0248.263] GetFocus () returned 0x80056 [0248.264] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0248.264] lstrlenA (lpString="8") returned 1 [0248.264] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0248.264] GetWindowTextA (in: hWnd=0x80056, lpString=0x28f3a50, nMaxCount=2 | out: lpString="7") returned 1 [0248.264] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0248.264] GetFocus () returned 0x80056 [0248.264] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0248.264] lstrcmpA (lpString1="7", lpString2="8") returned -1 [0248.264] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0248.264] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xc, wParam=0x0, lParam=0x5b9b0c) returned 0x1 [0248.264] GetCapture () returned 0x0 [0248.264] GetCapture () returned 0x0 [0248.265] IsWindow (hWnd=0x80056) returned 1 [0248.265] IsWindow (hWnd=0x80056) returned 1 [0248.265] GetCapture () returned 0x0 [0248.265] GetCapture () returned 0x0 [0248.265] IsWindow (hWnd=0x80056) returned 1 [0248.265] IsWindow (hWnd=0x80056) returned 1 [0248.265] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x22, wSecond=0x15, wMilliseconds=0x371)) [0248.265] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0248.265] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0248.265] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0248.265] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0248.265] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0248.265] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0248.265] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0248.265] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0248.266] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0248.266] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0248.268] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0248.268] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0248.268] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0248.268] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0248.268] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0248.268] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0248.268] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0248.268] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0248.268] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b098 [0248.268] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0248.268] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0248.269] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0248.269] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x5d52cc, cchWideChar=15 | out: lpWideCharStr="Kawaii-Unicorn") returned 15 [0248.269] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x215b098 | out: hHeap=0x2150000) returned 1 [0248.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpUsedDefaultChar=0x0) returned 46 [0248.269] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpFilePart=0x19e9fc*="Kawaii-Unicorn.exe") returned 0x2d [0248.269] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0248.270] GetLastError () returned 0x20 [0248.270] GetLastError () returned 0x20 [0248.270] SetLastError (dwErrCode=0x20) [0248.270] GetLastError () returned 0x20 [0248.270] SetLastError (dwErrCode=0x20) [0248.270] GetLastError () returned 0x20 [0248.270] SetLastError (dwErrCode=0x20) [0248.270] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0248.270] GetLastError () returned 0x20 [0248.270] GetLastError () returned 0x20 [0248.270] SetLastError (dwErrCode=0x20) [0248.270] GetLastError () returned 0x20 [0248.270] SetLastError (dwErrCode=0x20) [0248.270] GetLastError () returned 0x20 [0248.270] SetLastError (dwErrCode=0x20) [0248.270] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0248.270] GetFileType (hFile=0x254) returned 0x1 [0248.271] IMalloc:Alloc (This=0x7627fec4, cb=0x6a) returned 0x5dd908 [0248.271] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0248.271] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75130 [0248.271] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0248.271] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0248.283] ReadFile (in: hFile=0x254, lpBuffer=0x5dd9e8, nNumberOfBytesToRead=0x75131, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesRead=0x19eb68*=0x75130, lpOverlapped=0x0) returned 1 [0248.286] CloseHandle (hObject=0x254) returned 1 [0248.286] IMalloc:Free (This=0x7627fec4, pv=0x5dd908) [0248.286] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0248.286] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe") returned 43 [0248.286] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2c) returned 0x28f3b78 [0248.286] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe") returned 43 [0248.286] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 44 [0248.286] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe", cbMultiByte=-1, lpWideCharStr=0x5dd83c, cchWideChar=44 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe") returned 44 [0248.287] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0248.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe", lpUsedDefaultChar=0x0) returned 44 [0248.287] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe", lpFilePart=0x19e9fc*="Unicorn-3989.exe") returned 0x2b [0248.287] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-3989.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0249.267] GetFileType (hFile=0x254) returned 0x1 [0249.268] IMalloc:Alloc (This=0x7627fec4, cb=0x68) returned 0x653838 [0249.268] WriteFile (in: hFile=0x254, lpBuffer=0x5dd9e8*, nNumberOfBytesToWrite=0x75131, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesWritten=0x19e760*=0x75131, lpOverlapped=0x0) returned 1 [0249.488] CloseHandle (hObject=0x254) returned 1 [0249.502] IMalloc:Free (This=0x7627fec4, pv=0x653838) [0251.621] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe") returned 43 [0251.621] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2c) returned 0x28f3b78 [0251.621] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe") returned 43 [0251.621] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 44 [0251.621] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe", cbMultiByte=-1, lpWideCharStr=0x5dd83c, cchWideChar=44 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe") returned 44 [0251.621] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0251.622] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44 | out: lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe", lpProcessInformation=0x19ec44*(hProcess=0x260, hThread=0x254, dwProcessId=0x15a0, dwThreadId=0x1674)) returned 1 [0252.949] GetLastError () returned 0x715 [0252.950] WaitForInputIdle (hProcess=0x260, dwMilliseconds=0x2710) returned 0x102 [0266.439] CloseHandle (hObject=0x254) returned 1 [0266.439] CloseHandle (hObject=0x260) returned 1 [0266.441] SafeArrayDestroyDescriptor (psa=0x5d3b38) returned 0x0 [0266.582] GetFocus () returned 0x80056 [0266.583] GetCaretPos (in: lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1 [0266.583] SetTimer (hWnd=0x9003a, nIDEvent=0x9003a, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x9003a [0266.583] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0266.583] IsWindow (hWnd=0x2036c) returned 1 [0266.583] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0266.584] IsIconic (hWnd=0x2036c) returned 0 [0266.584] GetParent (hWnd=0x2036c) returned 0x0 [0266.584] TranslateMessage (lpMsg=0x19fe40) returned 0 [0266.584] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0266.584] GetCapture () returned 0x0 [0266.584] GetCapture () returned 0x0 [0266.584] IsIconic (hWnd=0x2036c) returned 0 [0266.584] GetUpdateRect (in: hWnd=0x2036c, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0266.584] BeginPaint (in: hWnd=0x2036c, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0x75010900 [0266.584] GetCapture () returned 0x0 [0266.584] GetCapture () returned 0x0 [0266.584] IsIconic (hWnd=0x2036c) returned 0 [0266.585] IsIconic (hWnd=0x2036c) returned 0 [0266.585] IsIconic (hWnd=0x2036c) returned 0 [0266.585] IsIconic (hWnd=0x2036c) returned 0 [0266.585] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0266.585] OleTranslateColor () returned 0x0 [0266.585] OleTranslateColor () returned 0x0 [0266.585] OleTranslateColor () returned 0x0 [0266.585] OleTranslateColor () returned 0x0 [0266.585] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0266.585] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0266.585] CPicture::get_Type () returned 0x0 [0266.585] CPicture::get_Type () returned 0x0 [0266.585] CPicture::get_Width () returned 0x0 [0266.585] CPicture::get_Height () returned 0x0 [0266.585] CPicture::get_Attributes () returned 0x0 [0266.585] CPicture::Render () returned 0x0 [0266.588] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0266.588] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0266.588] GetClipBox (in: hdc=0x75010900, lprect=0x19fa20 | out: lprect=0x19fa20) returned 2 [0266.588] SaveDC (hdc=0x75010900) returned 1 [0266.588] SelectObject (hdc=0x75010900, h=0x900015) returned 0x900015 [0266.588] SelectObject (hdc=0x75010900, h=0xb00016) returned 0x653008c6 [0266.588] SetROP2 (hdc=0x75010900, rop2=13) returned 13 [0266.588] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0266.588] OleTranslateColor () returned 0x0 [0266.588] OleTranslateColor () returned 0x0 [0266.588] SetTextColor (hdc=0x75010900, color=0xff00ff) returned 0x0 [0266.588] SetBkColor (hdc=0x75010900, color=0xf0f0f0) returned 0x0 [0266.588] SetBkMode (hdc=0x75010900, mode=1) returned 1 [0266.588] SelectObject (hdc=0x75010900, h=0x4e0a0925) returned 0x1a0a06fb [0266.588] GetViewportExtEx (in: hdc=0x75010900, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0266.588] GetWindowExtEx (in: hdc=0x75010900, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0266.588] SaveDC (hdc=0x75010900) returned 2 [0266.588] IntersectClipRect (hdc=0x75010900, left=72, top=296, right=769, bottom=385) returned 3 [0266.589] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe") returned 43 [0266.589] GetTextMetricsA (in: hdc=0x75010900, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0266.589] GetTextExtentPointA (in: hdc=0x75010900, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe", c=43, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0266.589] TextOutA (hdc=0x75010900, x=72, y=296, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe", c=43) returned 1 [0266.589] GetTextExtentPointA (in: hdc=0x75010900, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe", c=43, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0266.589] RestoreDC (hdc=0x75010900, nSavedDC=-1) returned 1 [0266.589] SetTextColor (hdc=0x75010900, color=0x0) returned 0xff00ff [0266.589] SetBkColor (hdc=0x75010900, color=0x0) returned 0xf0f0f0 [0266.589] SelectObject (hdc=0x75010900, h=0x1a0a06fb) returned 0x4e0a0925 [0266.589] RestoreDC (hdc=0x75010900, nSavedDC=1) returned 1 [0266.589] EndPaint (hWnd=0x2036c, lpPaint=0x19fab0) returned 1 [0266.590] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0266.590] IsWindow (hWnd=0x80056) returned 1 [0266.590] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0266.590] IsIconic (hWnd=0x2036c) returned 0 [0266.590] GetParent (hWnd=0x80056) returned 0x2036c [0266.590] TranslateMessage (lpMsg=0x19fe40) returned 0 [0266.590] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0266.590] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0266.590] GetCapture () returned 0x0 [0266.590] GetCapture () returned 0x0 [0266.590] IsWindow (hWnd=0x80056) returned 1 [0266.590] OleTranslateColor () returned 0x0 [0266.590] OleTranslateColor () returned 0x0 [0266.590] SetTextColor (hdc=0x40113cd, color=0x0) returned 0x0 [0266.591] SetBkColor (hdc=0x40113cd, color=0xffffff) returned 0xffffff [0266.591] OleTranslateColor () returned 0x0 [0266.591] GetCapture () returned 0x0 [0266.591] GetCapture () returned 0x0 [0266.591] IsWindow (hWnd=0x80056) returned 1 [0266.591] OleTranslateColor () returned 0x0 [0266.591] OleTranslateColor () returned 0x0 [0266.591] SetTextColor (hdc=0x40113cd, color=0x0) returned 0x0 [0266.591] SetBkColor (hdc=0x40113cd, color=0xffffff) returned 0xffffff [0266.591] OleTranslateColor () returned 0x0 [0281.207] GetFocus () returned 0x80056 [0281.207] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0281.208] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0281.208] IsWindow (hWnd=0x501c4) returned 1 [0281.208] GetWindowLongA (hWnd=0x501c4, nIndex=-16) returned 1140916224 [0281.208] IsIconic (hWnd=0x2036c) returned 0 [0281.208] GetParent (hWnd=0x501c4) returned 0x2036c [0281.208] TranslateMessage (lpMsg=0x19fe40) returned 0 [0281.208] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0281.208] KillTimer (hWnd=0x501c4, uIDEvent=0x501c4) returned 1 [0281.208] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0281.209] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0281.209] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0281.209] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0281.209] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0281.209] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0281.209] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0281.209] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0281.209] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0281.209] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0281.210] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0281.210] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0281.210] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0281.210] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0281.210] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0281.210] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0281.210] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0281.210] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0281.210] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b098 [0281.210] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0281.210] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0281.210] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0281.210] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x5d4e94, cchWideChar=15 | out: lpWideCharStr="Kawaii-Unicorn") returned 15 [0281.210] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x215b098 | out: hHeap=0x2150000) returned 1 [0281.211] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.211] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5b9b0c, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0281.211] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0281.211] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x8a3caf, ExceptionRecord=0x0, ReturnValue=0x0) [0281.212] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0281.212] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5b9b0c, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0281.212] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0281.212] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x8a3caf, ExceptionRecord=0x0, ReturnValue=0x0) [0281.212] SetTimer (hWnd=0x501c4, nIDEvent=0x501c4, uElapse=0x2328, lpTimerFunc=0x0) returned 0x501c4 [0281.213] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0281.213] IsWindow (hWnd=0x9003a) returned 1 [0281.213] GetWindowLongA (hWnd=0x9003a, nIndex=-16) returned 1140916224 [0281.213] IsIconic (hWnd=0x2036c) returned 0 [0281.213] GetParent (hWnd=0x9003a) returned 0x2036c [0281.213] TranslateMessage (lpMsg=0x19fe40) returned 0 [0281.213] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0281.213] KillTimer (hWnd=0x9003a, uIDEvent=0x9003a) returned 1 [0281.213] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x22, wSecond=0x36, wMilliseconds=0x336)) [0281.213] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0281.213] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0281.213] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0281.213] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0281.213] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0281.213] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0281.213] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0281.214] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0281.214] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0281.214] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0281.214] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0281.214] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0281.214] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0281.214] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0281.214] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe") returned 0x2c [0281.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe", cchWideChar=45, lpMultiByteStr=0x5dd7d4, cbMultiByte=89, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe", lpUsedDefaultChar=0x0) returned 45 [0281.214] lstrcmpA (lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-3989.exe", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe") returned 1 [0281.215] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe") returned 44 [0281.215] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3b78 [0281.215] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0281.215] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0281.215] InvalidateRect (hWnd=0x2036c, lpRect=0x19f8e8, bErase=1) returned 1 [0281.215] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0281.215] GetFocus () returned 0x80056 [0281.215] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0281.215] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0281.215] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0281.215] GetFocus () returned 0x80056 [0281.215] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0281.215] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="8", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0281.216] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="8", cbMultiByte=-1, lpWideCharStr=0x5b9b0c, cchWideChar=2 | out: lpWideCharStr="8") returned 2 [0281.216] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0281.216] GetUserDefaultLCID () returned 0x409 [0281.216] VarR8FromStr (in: strIn="8", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0281.216] GetUserDefaultLCID () returned 0x409 [0281.216] VarBstrFromR8 (in: dblIn=0x0, lcid=0x40220000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0281.216] SysStringLen (param_1="9") returned 0x1 [0281.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="9", cchWideChar=2, lpMultiByteStr=0x5b9bac, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9", lpUsedDefaultChar=0x0) returned 2 [0281.216] SetWindowTextA (hWnd=0x80056, lpString="9") returned 1 [0281.216] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0281.216] GetFocus () returned 0x80056 [0281.216] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0281.216] lstrlenA (lpString="9") returned 1 [0281.216] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0281.216] GetWindowTextA (in: hWnd=0x80056, lpString=0x28f3a50, nMaxCount=2 | out: lpString="8") returned 1 [0281.216] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0281.216] GetFocus () returned 0x80056 [0281.216] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0281.216] lstrcmpA (lpString1="8", lpString2="9") returned -1 [0281.216] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0281.216] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xc, wParam=0x0, lParam=0x5b9bac) returned 0x1 [0281.217] GetCapture () returned 0x0 [0281.217] GetCapture () returned 0x0 [0281.217] IsWindow (hWnd=0x80056) returned 1 [0281.217] IsWindow (hWnd=0x80056) returned 1 [0281.217] GetCapture () returned 0x0 [0281.217] GetCapture () returned 0x0 [0281.217] IsWindow (hWnd=0x80056) returned 1 [0281.217] IsWindow (hWnd=0x80056) returned 1 [0281.217] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x22, wSecond=0x36, wMilliseconds=0x336)) [0281.217] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0281.217] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0281.217] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0281.217] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0281.217] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0281.217] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0281.217] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0281.218] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0281.219] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0281.219] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0281.219] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0281.219] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0281.219] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0281.219] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0281.219] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0281.219] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0281.219] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0281.219] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0281.219] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b098 [0281.219] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0281.220] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0281.220] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0281.220] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x5d4e94, cchWideChar=15 | out: lpWideCharStr="Kawaii-Unicorn") returned 15 [0281.220] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x215b098 | out: hHeap=0x2150000) returned 1 [0281.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpUsedDefaultChar=0x0) returned 46 [0281.220] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpFilePart=0x19e9fc*="Kawaii-Unicorn.exe") returned 0x2d [0281.220] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0281.221] GetLastError () returned 0x20 [0281.221] GetLastError () returned 0x20 [0281.221] SetLastError (dwErrCode=0x20) [0281.221] GetLastError () returned 0x20 [0281.221] SetLastError (dwErrCode=0x20) [0281.221] GetLastError () returned 0x20 [0281.221] SetLastError (dwErrCode=0x20) [0281.221] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0281.221] GetLastError () returned 0x20 [0281.221] GetLastError () returned 0x20 [0281.221] SetLastError (dwErrCode=0x20) [0281.221] GetLastError () returned 0x20 [0281.221] SetLastError (dwErrCode=0x20) [0281.221] GetLastError () returned 0x20 [0281.221] SetLastError (dwErrCode=0x20) [0281.221] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x260 [0281.221] GetFileType (hFile=0x260) returned 0x1 [0281.222] IMalloc:Alloc (This=0x7627fec4, cb=0x6a) returned 0x5dd908 [0281.222] SetFilePointer (in: hFile=0x260, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0281.222] SetFilePointer (in: hFile=0x260, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75130 [0281.222] SetFilePointer (in: hFile=0x260, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0281.222] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0281.224] ReadFile (in: hFile=0x260, lpBuffer=0x5dd9e8, nNumberOfBytesToRead=0x75131, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesRead=0x19eb68*=0x75130, lpOverlapped=0x0) returned 1 [0283.148] CloseHandle (hObject=0x260) returned 1 [0283.148] IMalloc:Free (This=0x7627fec4, pv=0x5dd908) [0283.148] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0283.148] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe") returned 44 [0283.148] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3bb0 [0283.148] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe") returned 44 [0283.149] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0283.149] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe", cbMultiByte=-1, lpWideCharStr=0x5dd7d4, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe") returned 45 [0283.149] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0283.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe", lpUsedDefaultChar=0x0) returned 45 [0283.149] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe", lpFilePart=0x19e9fc*="Unicorn-25995.exe") returned 0x2c [0283.150] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-25995.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x260 [0283.150] GetFileType (hFile=0x260) returned 0x1 [0283.150] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x5dd908 [0283.151] WriteFile (in: hFile=0x260, lpBuffer=0x5dd9e8*, nNumberOfBytesToWrite=0x75131, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesWritten=0x19e760*=0x75131, lpOverlapped=0x0) returned 1 [0289.140] CloseHandle (hObject=0x260) returned 1 [0289.157] IMalloc:Free (This=0x7627fec4, pv=0x5dd908) [0289.157] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe") returned 44 [0289.157] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3bb0 [0289.158] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe") returned 44 [0289.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0289.158] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe", cbMultiByte=-1, lpWideCharStr=0x5dd7d4, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe") returned 45 [0289.158] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0289.158] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44 | out: lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe", lpProcessInformation=0x19ec44*(hProcess=0x254, hThread=0x260, dwProcessId=0xcc0, dwThreadId=0xe84)) returned 1 [0292.482] GetLastError () returned 0x715 [0292.483] WaitForInputIdle (hProcess=0x254, dwMilliseconds=0x2710) returned 0x102 [0305.018] CloseHandle (hObject=0x260) returned 1 [0305.018] CloseHandle (hObject=0x254) returned 1 [0305.019] SafeArrayDestroyDescriptor (psa=0x5d3e38) returned 0x0 [0305.019] GetFocus () returned 0x80056 [0305.020] GetCaretPos (in: lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1 [0305.021] SetTimer (hWnd=0x9003a, nIDEvent=0x9003a, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x9003a [0305.021] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0305.088] GetCapture () returned 0x0 [0305.088] GetCapture () returned 0x0 [0305.088] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0305.088] GetCapture () returned 0x0 [0305.088] GetCapture () returned 0x0 [0305.088] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0305.098] GetCapture () returned 0x0 [0305.098] GetCapture () returned 0x0 [0305.098] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x85, wParam=0x7304164d, lParam=0x0) returned 0x0 [0305.098] GetCapture () returned 0x0 [0305.098] GetCapture () returned 0x0 [0305.098] IsIconic (hWnd=0x2036c) returned 0 [0305.098] IsIconic (hWnd=0x2036c) returned 0 [0305.099] GetCapture () returned 0x0 [0305.099] GetCapture () returned 0x0 [0305.099] GetParent (hWnd=0x2036c) returned 0x0 [0305.099] GetWindowRect (in: hWnd=0x2036c, lpRect=0x19f910 | out: lpRect=0x19f910) returned 1 [0305.099] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0305.099] GetCapture () returned 0x0 [0305.099] GetCapture () returned 0x0 [0305.099] CPicture::get_Attributes () returned 0x0 [0305.099] IsWindowVisible (hWnd=0x2036c) returned 1 [0305.099] IsIconic (hWnd=0x2036c) returned 0 [0305.099] IsZoomed (hWnd=0x2036c) returned 0 [0305.099] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x5, wParam=0x0, lParam=0x2a902ec) returned 0x0 [0305.100] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f3f0 | out: lpRect=0x19f3f0) returned 1 [0305.100] GetWindow (hWnd=0x2036c, uCmd=0x5) returned 0x501c4 [0305.100] GetWindow (hWnd=0x501c4, uCmd=0x2) returned 0x80056 [0305.100] GetParent (hWnd=0x501c4) returned 0x2036c [0305.100] GetWindow (hWnd=0x80056, uCmd=0x2) returned 0x9003a [0305.100] GetParent (hWnd=0x80056) returned 0x2036c [0305.100] GetWindow (hWnd=0x9003a, uCmd=0x2) returned 0x0 [0305.100] GetParent (hWnd=0x9003a) returned 0x2036c [0305.100] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0305.100] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f980 | out: lpRect=0x19f980) returned 1 [0305.100] MapWindowPoints (in: hWndFrom=0x2036c, hWndTo=0x0, lpPoints=0x19f980, cPoints=0x2 | out: lpPoints=0x19f980) returned 7209306 [0305.110] GetCapture () returned 0x0 [0305.110] GetCapture () returned 0x0 [0305.110] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0305.110] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0305.110] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0305.112] GetCapture () returned 0x0 [0305.112] GetCapture () returned 0x0 [0305.112] NtdllDefWindowProc_A (hWnd=0x2036c, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0305.113] GetCapture () returned 0x0 [0305.113] GetCapture () returned 0x0 [0305.113] IsIconic (hWnd=0x2036c) returned 0 [0305.113] IsIconic (hWnd=0x2036c) returned 0 [0305.113] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0305.114] GetFocus () returned 0x80056 [0305.115] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0305.115] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0x14, wParam=0x10112f6, lParam=0x0) returned 0x1 [0305.115] GetFocus () returned 0x80056 [0305.115] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0305.116] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0305.116] NtdllDefWindowProc_A (hWnd=0x3037a, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0305.119] IsWindow (hWnd=0x2036c) returned 1 [0305.119] GetWindowLongA (hWnd=0x2036c, nIndex=-16) returned 369098752 [0305.119] IsIconic (hWnd=0x2036c) returned 0 [0305.119] GetParent (hWnd=0x2036c) returned 0x0 [0305.119] TranslateMessage (lpMsg=0x19fe40) returned 0 [0305.119] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0305.119] GetCapture () returned 0x0 [0305.119] GetCapture () returned 0x0 [0305.119] IsIconic (hWnd=0x2036c) returned 0 [0305.119] GetUpdateRect (in: hWnd=0x2036c, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0305.119] BeginPaint (in: hWnd=0x2036c, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0x75010900 [0305.120] IsIconic (hWnd=0x2036c) returned 0 [0305.120] IsIconic (hWnd=0x2036c) returned 0 [0305.120] GetClientRect (in: hWnd=0x2036c, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0305.120] OleTranslateColor () returned 0x0 [0305.120] OleTranslateColor () returned 0x0 [0305.120] OleTranslateColor () returned 0x0 [0305.120] OleTranslateColor () returned 0x0 [0305.120] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0305.120] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0305.120] CPicture::get_Type () returned 0x0 [0305.120] CPicture::get_Type () returned 0x0 [0305.120] CPicture::get_Width () returned 0x0 [0305.120] CPicture::get_Height () returned 0x0 [0305.120] CPicture::get_Attributes () returned 0x0 [0305.120] CPicture::Render () returned 0x0 [0308.586] SetTextColor (hdc=0x75010900, color=0x0) returned 0x0 [0308.586] SetBkColor (hdc=0x75010900, color=0x0) returned 0x0 [0308.586] GetClipBox (in: hdc=0x75010900, lprect=0x19fa20 | out: lprect=0x19fa20) returned 3 [0308.586] SaveDC (hdc=0x75010900) returned 1 [0308.586] SelectObject (hdc=0x75010900, h=0x900015) returned 0x900015 [0308.586] SelectObject (hdc=0x75010900, h=0xb00016) returned 0x653008c6 [0308.586] SetROP2 (hdc=0x75010900, rop2=13) returned 13 [0308.586] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0308.586] OleTranslateColor () returned 0x0 [0308.586] OleTranslateColor () returned 0x0 [0308.586] SetTextColor (hdc=0x75010900, color=0xff00ff) returned 0x0 [0308.586] SetBkColor (hdc=0x75010900, color=0xf0f0f0) returned 0x0 [0308.586] SetBkMode (hdc=0x75010900, mode=1) returned 1 [0308.586] SelectObject (hdc=0x75010900, h=0x4e0a0925) returned 0x1a0a06fb [0308.586] GetViewportExtEx (in: hdc=0x75010900, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0308.586] GetWindowExtEx (in: hdc=0x75010900, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0308.586] SaveDC (hdc=0x75010900) returned 2 [0308.586] IntersectClipRect (hdc=0x75010900, left=72, top=296, right=769, bottom=385) returned 3 [0308.586] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe") returned 44 [0308.587] GetTextMetricsA (in: hdc=0x75010900, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0308.587] GetTextExtentPointA (in: hdc=0x75010900, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0308.587] TextOutA (hdc=0x75010900, x=72, y=296, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe", c=44) returned 1 [0308.587] GetTextExtentPointA (in: hdc=0x75010900, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0308.587] RestoreDC (hdc=0x75010900, nSavedDC=-1) returned 1 [0313.585] SetTextColor (hdc=0x75010900, color=0x0) returned 0xff00ff [0313.585] SetBkColor (hdc=0x75010900, color=0x0) returned 0xf0f0f0 [0313.586] SelectObject (hdc=0x75010900, h=0x1a0a06fb) returned 0x4e0a0925 [0313.586] RestoreDC (hdc=0x75010900, nSavedDC=1) returned 1 [0313.586] EndPaint (hWnd=0x2036c, lpPaint=0x19fab0) returned 1 [0313.586] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0313.587] IsWindow (hWnd=0x80056) returned 1 [0313.587] GetWindowLongA (hWnd=0x80056, nIndex=-16) returned 1409351872 [0313.587] IsIconic (hWnd=0x2036c) returned 0 [0313.587] GetParent (hWnd=0x80056) returned 0x2036c [0313.587] TranslateMessage (lpMsg=0x19fe40) returned 0 [0313.587] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0313.587] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0313.587] GetCapture () returned 0x0 [0313.587] GetCapture () returned 0x0 [0313.587] IsWindow (hWnd=0x80056) returned 1 [0313.588] OleTranslateColor () returned 0x0 [0313.588] OleTranslateColor () returned 0x0 [0313.588] SetTextColor (hdc=0x19011341, color=0x0) returned 0x0 [0313.588] SetBkColor (hdc=0x19011341, color=0xffffff) returned 0xffffff [0313.588] OleTranslateColor () returned 0x0 [0313.588] GetCapture () returned 0x0 [0313.588] GetCapture () returned 0x0 [0313.588] IsWindow (hWnd=0x80056) returned 1 [0313.588] OleTranslateColor () returned 0x0 [0313.589] OleTranslateColor () returned 0x0 [0313.589] SetTextColor (hdc=0x19011341, color=0x0) returned 0x0 [0313.589] SetBkColor (hdc=0x19011341, color=0xffffff) returned 0xffffff [0313.589] OleTranslateColor () returned 0x0 [0328.833] GetFocus () returned 0x80056 [0328.833] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0328.833] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0328.834] IsWindow (hWnd=0x501c4) returned 1 [0328.834] GetWindowLongA (hWnd=0x501c4, nIndex=-16) returned 1140916224 [0328.834] IsIconic (hWnd=0x2036c) returned 0 [0328.834] GetParent (hWnd=0x501c4) returned 0x2036c [0328.834] TranslateMessage (lpMsg=0x19fe40) returned 0 [0328.834] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0328.834] KillTimer (hWnd=0x501c4, uIDEvent=0x501c4) returned 1 [0328.835] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0328.835] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0328.835] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0328.835] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0328.835] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0328.835] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0328.835] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0328.836] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0328.836] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0328.836] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0328.836] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0328.836] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0328.836] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0328.836] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0328.837] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0328.837] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0328.837] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0328.837] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0328.837] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b098 [0328.837] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0328.837] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0328.837] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0328.838] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x5d52cc, cchWideChar=15 | out: lpWideCharStr="Kawaii-Unicorn") returned 15 [0328.838] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x215b098 | out: hHeap=0x2150000) returned 1 [0328.838] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0328.838] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5b9bac, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0328.838] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0328.839] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x8a3caf, ExceptionRecord=0x0, ReturnValue=0x0) [0328.839] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0328.839] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5b9bac, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0328.840] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0328.840] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x8a3caf, ExceptionRecord=0x0, ReturnValue=0x0) [0328.840] SetTimer (hWnd=0x501c4, nIDEvent=0x501c4, uElapse=0x2328, lpTimerFunc=0x0) returned 0x501c4 [0328.840] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0328.840] IsWindow (hWnd=0x9003a) returned 1 [0328.840] GetWindowLongA (hWnd=0x9003a, nIndex=-16) returned 1140916224 [0328.841] IsIconic (hWnd=0x2036c) returned 0 [0328.841] GetParent (hWnd=0x9003a) returned 0x2036c [0328.841] TranslateMessage (lpMsg=0x19fe40) returned 0 [0328.841] DispatchMessageA (lpMsg=0x19fe40) [0328.841] KillTimer (hWnd=0x9003a, uIDEvent=0x9003a) returned 1 [0328.841] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x23, wSecond=0x2a, wMilliseconds=0x1c3)) [0328.841] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0328.841] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0328.841] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0328.841] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3bb0 [0328.841] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0328.841] lstrcpyA (in: lpString1=0x28f3bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0328.841] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0328.842] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0328.842] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3bb0 | out: hHeap=0x2150000) returned 1 [0328.842] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0328.842] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0328.842] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0328.842] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0328.842] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0328.843] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-11159.exe") returned 0x2c [0328.843] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-11159.exe", cchWideChar=45, lpMultiByteStr=0x5dd8a4, cbMultiByte=89, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-11159.exe", lpUsedDefaultChar=0x0) returned 45 [0328.843] lstrcmpA (lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-25995.exe", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-11159.exe") returned 1 [0328.843] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-11159.exe") returned 44 [0328.843] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3bb0 [0328.843] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0328.843] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0328.843] InvalidateRect (hWnd=0x2036c, lpRect=0x19f8e8, bErase=1) returned 1 [0328.844] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0328.844] GetFocus () returned 0x80056 [0328.844] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0328.844] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2) returned 0x28f3a50 [0328.844] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xd, wParam=0x2, lParam=0x28f3a50) returned 0x1 [0328.844] GetFocus () returned 0x80056 [0328.844] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0328.844] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="9", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0328.844] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="9", cbMultiByte=-1, lpWideCharStr=0x5b9bac, cchWideChar=2 | out: lpWideCharStr="9") returned 2 [0328.844] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3a50 | out: hHeap=0x2150000) returned 1 [0328.844] GetUserDefaultLCID () returned 0x409 [0328.844] VarR8FromStr (in: strIn="9", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0328.844] GetUserDefaultLCID () returned 0x409 [0328.844] VarBstrFromR8 (in: dblIn=0x0, lcid=0x40240000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0328.844] SysStringLen (param_1="10") returned 0x2 [0328.844] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="10", cchWideChar=3, lpMultiByteStr=0x5d9444, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="10", lpUsedDefaultChar=0x0) returned 3 [0328.845] SetWindowTextA (hWnd=0x80056, lpString="10") [0328.845] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0328.845] GetFocus () returned 0x80056 [0328.845] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0328.845] lstrlenA (lpString="10") returned 2 [0328.845] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x80056, Msg=0xc, wParam=0x0, lParam=0x5d9444) [0328.845] GetCapture () returned 0x0 [0328.845] GetCapture () returned 0x0 [0328.845] IsWindow (hWnd=0x80056) returned 1 [0328.845] IsWindow (hWnd=0x80056) returned 1 [0328.846] GetCapture () returned 0x0 [0328.846] GetCapture () returned 0x0 [0328.846] IsWindow (hWnd=0x80056) returned 1 [0328.846] IsWindow (hWnd=0x80056) returned 1 [0328.846] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x23, wSecond=0x2a, wMilliseconds=0x1c3)) [0328.846] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0328.846] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0328.846] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0328.846] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0328.846] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0328.846] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0328.846] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x1b) returned 0x28f3c20 [0328.846] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0328.848] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0328.848] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0328.848] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5d5284, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0328.848] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3c20 | out: hHeap=0x2150000) returned 1 [0328.848] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe")) returned 0x2d [0328.848] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0328.848] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned 45 [0328.848] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3b78 [0328.848] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2e) returned 0x28f3be8 [0328.848] lstrcpyA (in: lpString1=0x28f3b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" [0328.848] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0xf) returned 0x215b098 [0328.849] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3be8 | out: hHeap=0x2150000) returned 1 [0328.849] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0328.849] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0328.849] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Kawaii-Unicorn", cbMultiByte=-1, lpWideCharStr=0x5d52cc, cchWideChar=15 | out: lpWideCharStr="Kawaii-Unicorn") returned 15 [0328.849] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x215b098 | out: hHeap=0x2150000) returned 1 [0328.849] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpUsedDefaultChar=0x0) returned 46 [0328.849] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe", lpFilePart=0x19e9fc*="Kawaii-Unicorn.exe") returned 0x2d [0328.850] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0341.443] GetLastError () returned 0x20 [0341.443] GetLastError () returned 0x20 [0341.443] SetLastError (dwErrCode=0x20) [0341.444] GetLastError () returned 0x20 [0341.444] SetLastError (dwErrCode=0x20) [0341.444] GetLastError () returned 0x20 [0341.444] SetLastError (dwErrCode=0x20) [0341.444] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0341.445] GetLastError () returned 0x20 [0341.445] GetLastError () returned 0x20 [0341.445] SetLastError (dwErrCode=0x20) [0341.445] GetLastError () returned 0x20 [0341.445] SetLastError (dwErrCode=0x20) [0341.445] GetLastError () returned 0x20 [0341.445] SetLastError (dwErrCode=0x20) [0341.445] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Kawaii-Unicorn.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\kawaii-unicorn.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0341.445] GetFileType (hFile=0x254) returned 0x1 [0341.446] IMalloc:Alloc (This=0x7627fec4, cb=0x6a) returned 0x5dd908 [0341.447] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0341.447] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75130 [0341.447] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0341.447] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0341.451] ReadFile (in: hFile=0x254, lpBuffer=0x5dd9e8, nNumberOfBytesToRead=0x75131, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesRead=0x19eb68*=0x75130, lpOverlapped=0x0) returned 1 [0341.456] CloseHandle (hObject=0x254) returned 1 [0341.457] IMalloc:Free (This=0x7627fec4, pv=0x5dd908) [0341.457] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0341.458] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-11159.exe") returned 44 [0341.458] RtlAllocateHeap (HeapHandle=0x2150000, Flags=0x0, Size=0x2d) returned 0x28f3b78 [0341.458] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-11159.exe") returned 44 [0341.458] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-11159.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0341.458] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-11159.exe", cbMultiByte=-1, lpWideCharStr=0x5dd8a4, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-11159.exe") returned 45 [0341.459] HeapFree (in: hHeap=0x2150000, dwFlags=0x0, lpMem=0x28f3b78 | out: hHeap=0x2150000) returned 1 [0341.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-11159.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-11159.exe", lpUsedDefaultChar=0x0) returned 45 [0341.459] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-11159.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-11159.exe", lpFilePart=0x19e9fc*="Unicorn-11159.exe") returned 0x2c [0341.460] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-11159.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-11159.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0341.469] GetFileType (hFile=0x254) returned 0x1 [0341.469] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x5dd908 [0341.469] WriteFile (in: hFile=0x254, lpBuffer=0x5dd9e8*, nNumberOfBytesToWrite=0x75131, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5dd9e8*, lpNumberOfBytesWritten=0x19e760*=0x75131, lpOverlapped=0x0) returned 1 [0341.482] CloseHandle (hObject=0x254) Thread: id = 2 os_tid = 0x17dc Thread: id = 20 os_tid = 0x14d4 [0140.166] GetCurrentThreadId () returned 0x14d4 [0244.758] GetCurrentThreadId () returned 0x14d4 Thread: id = 24 os_tid = 0x14f8 [0140.909] GetCurrentThreadId () returned 0x14f8 [0244.754] GetCurrentThreadId () returned 0x14f8 Process: id = "2" image_name = "unicorn-32917.exe" filename = "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe" page_root = "0x5cc5f000" os_pid = "0x17f8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x1518" cmd_line = "C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" cur_dir = "C:\\Users\\OqXZRaykm\\Desktop\\" os_username = "PXTHFFRYO7\\OqXZRaykm" bitness = "32" os_groups = "PXTHFFRYO7\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001df9c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 390 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 391 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 392 start_va = 0x40000 end_va = 0x5cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 393 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 394 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 395 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 396 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 397 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 398 start_va = 0x400000 end_va = 0x474fff monitored = 1 entry_point = 0x4013d4 region_type = mapped_file name = "unicorn-32917.exe" filename = "\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe") Region: id = 399 start_va = 0x77df0000 end_va = 0x77f91fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 400 start_va = 0x7ffa0000 end_va = 0x7ffa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffa0000" filename = "" Region: id = 401 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 402 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 403 start_va = 0x7fff0000 end_va = 0xffffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 404 start_va = 0x7ff8805b0000 end_va = 0x7ff8807a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 405 start_va = 0x7ff90000 end_va = 0x7ff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff90000" filename = "" Region: id = 406 start_va = 0x7ff70000 end_va = 0x7ff80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff70000" filename = "" Region: id = 407 start_va = 0x480000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 408 start_va = 0x7ff87eee0000 end_va = 0x7ff87ef38fff monitored = 0 entry_point = 0x7ff87eef8ff0 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 409 start_va = 0x7ff87f5e0000 end_va = 0x7ff87f662fff monitored = 0 entry_point = 0x7ff87f5efb00 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 410 start_va = 0x77de0000 end_va = 0x77de9fff monitored = 0 entry_point = 0x77de12e0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 411 start_va = 0x7ff60000 end_va = 0x7ff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff60000" filename = "" Region: id = 412 start_va = 0x7ff50000 end_va = 0x7ff58fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff50000" filename = "" Region: id = 413 start_va = 0x500000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 414 start_va = 0x77990000 end_va = 0x77a7ffff monitored = 0 entry_point = 0x779af5a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 415 start_va = 0x75e20000 end_va = 0x76032fff monitored = 0 entry_point = 0x75f34030 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 416 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 417 start_va = 0x7fe50000 end_va = 0x7ff4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fe50000" filename = "" Region: id = 418 start_va = 0x690000 end_va = 0x758fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 419 start_va = 0x75c30000 end_va = 0x75ccefff monitored = 0 entry_point = 0x75c685c0 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 420 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 421 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 422 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 423 start_va = 0x760000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 424 start_va = 0x860000 end_va = 0x9b2fff monitored = 1 entry_point = 0x861af8 region_type = mapped_file name = "msvbvm60.dll" filename = "\\Windows\\SysWOW64\\msvbvm60.dll" (normalized: "c:\\windows\\syswow64\\msvbvm60.dll") Region: id = 425 start_va = 0x77be0000 end_va = 0x77d73fff monitored = 0 entry_point = 0x77c19860 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 426 start_va = 0x77390000 end_va = 0x773a7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\SysWOW64\\win32u.dll" (normalized: "c:\\windows\\syswow64\\win32u.dll") Region: id = 427 start_va = 0x77050000 end_va = 0x77072fff monitored = 0 entry_point = 0x770573c0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 428 start_va = 0x75cd0000 end_va = 0x75daafff monitored = 0 entry_point = 0x75d2fc10 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\SysWOW64\\gdi32full.dll" (normalized: "c:\\windows\\syswow64\\gdi32full.dll") Region: id = 429 start_va = 0x77310000 end_va = 0x7738afff monitored = 0 entry_point = 0x77327800 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\SysWOW64\\msvcp_win.dll" (normalized: "c:\\windows\\syswow64\\msvcp_win.dll") Region: id = 430 start_va = 0x77100000 end_va = 0x7721ffff monitored = 0 entry_point = 0x7712b170 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\SysWOW64\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll") Region: id = 431 start_va = 0x76670000 end_va = 0x766e8fff monitored = 0 entry_point = 0x76681a00 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 432 start_va = 0x77220000 end_va = 0x772defff monitored = 0 entry_point = 0x77255ac0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 433 start_va = 0x77080000 end_va = 0x770f4fff monitored = 0 entry_point = 0x7709f710 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 434 start_va = 0x773b0000 end_va = 0x77469fff monitored = 0 entry_point = 0x773ea2c0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 435 start_va = 0x76340000 end_va = 0x76422fff monitored = 0 entry_point = 0x7636c600 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 436 start_va = 0x76040000 end_va = 0x762bffff monitored = 0 entry_point = 0x7617a960 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 437 start_va = 0x76890000 end_va = 0x7692afff monitored = 0 entry_point = 0x768c5a20 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 438 start_va = 0x30000 end_va = 0x37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 439 start_va = 0x480000 end_va = 0x4a2fff monitored = 0 entry_point = 0x484410 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 440 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 441 start_va = 0x9c0000 end_va = 0xbbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009c0000" filename = "" Region: id = 442 start_va = 0x772e0000 end_va = 0x77304fff monitored = 0 entry_point = 0x772e4410 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 443 start_va = 0xbc0000 end_va = 0xd40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bc0000" filename = "" Region: id = 444 start_va = 0xd50000 end_va = 0x2150fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d50000" filename = "" Region: id = 445 start_va = 0x2160000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 446 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 447 start_va = 0x490000 end_va = 0x490fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 448 start_va = 0x4a0000 end_va = 0x4a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 449 start_va = 0x500000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 450 start_va = 0x590000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 451 start_va = 0x2300000 end_va = 0x26fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 452 start_va = 0x2700000 end_va = 0x2a37fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 453 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 454 start_va = 0x2160000 end_va = 0x222ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 455 start_va = 0x22f0000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 456 start_va = 0x759a0000 end_va = 0x759aefff monitored = 0 entry_point = 0x759a4830 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 457 start_va = 0x762e0000 end_va = 0x7633bfff monitored = 0 entry_point = 0x76310900 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 458 start_va = 0x74f30000 end_va = 0x74fa3fff monitored = 0 entry_point = 0x74f67550 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 459 start_va = 0x2a40000 end_va = 0x2bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a40000" filename = "" Region: id = 460 start_va = 0x4c0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 461 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 462 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 463 start_va = 0x717c0000 end_va = 0x71847fff monitored = 0 entry_point = 0x717db9a0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 464 start_va = 0x4d0000 end_va = 0x4d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 465 start_va = 0x77470000 end_va = 0x77541fff monitored = 0 entry_point = 0x774bd9d0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 466 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 467 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 468 start_va = 0x510000 end_va = 0x513fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 469 start_va = 0x2a40000 end_va = 0x2b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a40000" filename = "" Region: id = 470 start_va = 0x2bb0000 end_va = 0x2bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bb0000" filename = "" Region: id = 471 start_va = 0x71580000 end_va = 0x71595fff monitored = 0 entry_point = 0x71590a40 region_type = mapped_file name = "asycfilt.dll" filename = "\\Windows\\SysWOW64\\asycfilt.dll" (normalized: "c:\\windows\\syswow64\\asycfilt.dll") Region: id = 472 start_va = 0x2bc0000 end_va = 0x2d7dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bc0000" filename = "" Region: id = 473 start_va = 0x520000 end_va = 0x520fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 474 start_va = 0x2d80000 end_va = 0x2e61fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d80000" filename = "" Region: id = 475 start_va = 0x520000 end_va = 0x523fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 476 start_va = 0x530000 end_va = 0x533fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 477 start_va = 0x2160000 end_va = 0x21dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 478 start_va = 0x2220000 end_va = 0x222ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 479 start_va = 0x2e70000 end_va = 0x3062fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002e70000" filename = "" Region: id = 480 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 481 start_va = 0x6fa60000 end_va = 0x6fb18fff monitored = 0 entry_point = 0x6fa9fcd0 region_type = mapped_file name = "textinputframework.dll" filename = "\\Windows\\SysWOW64\\TextInputFramework.dll" (normalized: "c:\\windows\\syswow64\\textinputframework.dll") Region: id = 482 start_va = 0x6f740000 end_va = 0x6f9bdfff monitored = 0 entry_point = 0x6f79e8f0 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\SysWOW64\\CoreUIComponents.dll" (normalized: "c:\\windows\\syswow64\\coreuicomponents.dll") Region: id = 483 start_va = 0x77b30000 end_va = 0x77bb6fff monitored = 0 entry_point = 0x77b72d70 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 484 start_va = 0x6f9c0000 end_va = 0x6fa5afff monitored = 0 entry_point = 0x6fa20d90 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\SysWOW64\\CoreMessaging.dll" (normalized: "c:\\windows\\syswow64\\coremessaging.dll") Region: id = 485 start_va = 0x6f710000 end_va = 0x6f738fff monitored = 0 entry_point = 0x6f717e90 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 486 start_va = 0x75db0000 end_va = 0x75e12fff monitored = 0 entry_point = 0x75db4b40 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 487 start_va = 0x71d90000 end_va = 0x71e6cfff monitored = 0 entry_point = 0x71e07530 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 488 start_va = 0x540000 end_va = 0x543fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 489 start_va = 0x3070000 end_va = 0x42cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 490 start_va = 0x70870000 end_va = 0x70904fff monitored = 0 entry_point = 0x708ffe80 region_type = mapped_file name = "textshaping.dll" filename = "\\Windows\\SysWOW64\\TextShaping.dll" (normalized: "c:\\windows\\syswow64\\textshaping.dll") Region: id = 491 start_va = 0x42d0000 end_va = 0x47c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000042d0000" filename = "" Region: id = 492 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 816 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 1304 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 2099 start_va = 0x21e0000 end_va = 0x221ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021e0000" filename = "" Region: id = 2100 start_va = 0x2230000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 2101 start_va = 0x42d0000 end_va = 0x43cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042d0000" filename = "" Region: id = 2102 start_va = 0x43d0000 end_va = 0x44cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000043d0000" filename = "" Region: id = 2103 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 3337 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 4842 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 6579 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 8300 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 3 os_tid = 0x17e4 [0112.680] GetVersion () returned 0x23f00206 [0112.681] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77990000 [0112.681] GetProcAddress (hModule=0x77990000, lpProcName="IsTNT") returned 0x0 [0112.681] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x580000 [0112.681] VirtualAlloc (lpAddress=0x0, dwSize=0x400000, flAllocationType=0x2000, flProtect=0x4) returned 0x2300000 [0112.681] VirtualAlloc (lpAddress=0x2300000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x2300000 [0112.683] GetCurrentThreadId () returned 0x17e4 [0112.683] GetCommandLineA () returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0112.684] GetEnvironmentStringsW () returned 0x5ab478* [0112.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1566, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1566 [0112.684] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x620) returned 0x5805b8 [0112.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1566, lpMultiByteStr=0x5805b8, cbMultiByte=1566, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1566 [0112.684] FreeEnvironmentStringsW (penv=0x5ab478) returned 1 [0112.684] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x480) returned 0x580be0 [0112.684] GetStartupInfoA (in: lpStartupInfo=0x19f8a0 | out: lpStartupInfo=0x19f8a0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0112.684] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0112.684] GetFileType (hFile=0x0) returned 0x0 [0112.684] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0112.684] GetFileType (hFile=0x0) returned 0x0 [0112.685] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0112.685] GetFileType (hFile=0x0) returned 0x0 [0112.685] SetHandleCount (uNumber=0x20) returned 0x20 [0112.685] GetACP () returned 0x4e4 [0112.685] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f8c8 | out: lpCPInfo=0x19f8c8) returned 1 [0112.685] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x96c528, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0112.693] HeapFree (in: hHeap=0x580000, dwFlags=0x0, lpMem=0x5805b8 | out: hHeap=0x580000) returned 1 [0112.694] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x77990000 [0112.694] GetProcAddress (hModule=0x77990000, lpProcName="IsProcessorFeaturePresent") returned 0x779b0ad0 [0112.694] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0112.694] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x800) returned 0x581068 [0112.695] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x170 [0112.695] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x174 [0112.695] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0112.695] GetModuleFileNameA (in: hModule=0x860000, lpFilename=0x96e6c8, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL" (normalized: "c:\\windows\\syswow64\\msvbvm60.dll")) returned 0x20 [0112.695] GetVersion () returned 0x23f00206 [0112.695] lstrcmpiW (lpString1="A", lpString2="B") returned -1 [0112.699] GetUserDefaultLCID () returned 0x409 [0112.699] CompareStringW (Locale=0x409, dwCmpFlags=0x30001, lpString1="A", cchCount1=-1, lpString2="B", cchCount2=-1) returned 1 [0112.699] GetSystemMetrics (nIndex=5) returned 1 [0112.699] GetSystemMetrics (nIndex=6) returned 1 [0112.699] GetSystemMetrics (nIndex=11) returned 32 [0112.699] GetSystemMetrics (nIndex=12) returned 32 [0112.699] GetSystemMetrics (nIndex=34) returned 136 [0112.699] GetSystemMetrics (nIndex=35) returned 39 [0112.699] GetSystemMetrics (nIndex=0) returned 1440 [0112.699] GetSystemMetrics (nIndex=1) returned 900 [0112.699] GetSystemMetrics (nIndex=32) returned 8 [0112.700] GetSystemMetrics (nIndex=33) returned 8 [0112.700] GetSystemMetrics (nIndex=42) returned 0 [0112.700] GetStockObject (i=15) returned 0x88000b [0112.700] GetStockObject (i=7) returned 0xb00017 [0112.700] GetStockObject (i=6) returned 0xb00018 [0112.700] GetStockObject (i=8) returned 0xb00016 [0112.700] GetStockObject (i=4) returned 0x900011 [0112.700] GetStockObject (i=2) returned 0x900012 [0112.700] GetStockObject (i=0) returned 0x900010 [0112.700] GetStockObject (i=5) returned 0x900015 [0112.700] GetStockObject (i=13) returned 0x58a00b4 [0112.700] GetDC (hWnd=0x0) returned 0x380106db [0112.700] GetTextExtentPointA (in: hdc=0x380106db, lpString="0", c=1, lpsz=0x19f8c4 | out: lpsz=0x19f8c4) returned 1 [0112.702] GetDeviceCaps (hdc=0x380106db, index=14) returned 1 [0112.702] GetDeviceCaps (hdc=0x380106db, index=12) returned 32 [0112.702] GetDeviceCaps (hdc=0x380106db, index=88) returned 96 [0112.702] GetDeviceCaps (hdc=0x380106db, index=90) returned 96 [0112.702] GetDeviceCaps (hdc=0x380106db, index=38) returned 32409 [0112.702] ReleaseDC (hWnd=0x0, hDC=0x380106db) returned 1 [0112.703] HeapCreate (flOptions=0x0, dwInitialSize=0x0, dwMaximumSize=0x0) returned 0x2220000 [0112.703] CoGetMalloc (in: dwMemContext=0x1, ppMalloc=0x96e7d0 | out: ppMalloc=0x96e7d0*=0x7627fec4) returned 0x0 [0112.704] GetCurrentThreadId () returned 0x17e4 [0112.704] GetStartupInfoA (in: lpStartupInfo=0x19ff08 | out: lpStartupInfo=0x19ff08*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0112.704] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x104) returned 0x22205b8 [0112.704] GetCurrentThreadId () returned 0x17e4 [0112.704] GetCurrentThreadId () returned 0x17e4 [0112.704] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xec8) returned 0x22206c8 [0112.883] GetCommandLineA () returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0112.883] lstrlenA (lpString="") returned 0 [0112.883] lstrcpyA (in: lpString1=0x19fe94, lpString2="" | out: lpString1="") returned="" [0112.883] SetErrorMode (uMode=0x8001) returned 0x8001 [0112.883] GetModuleFileNameA (in: hModule=0x860000, lpFilename=0x19fb50, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL" (normalized: "c:\\windows\\syswow64\\msvbvm60.dll")) returned 0x20 [0112.883] GetUserDefaultLCID () returned 0x409 [0112.883] GetUserDefaultLCID () returned 0x409 [0112.883] LoadStringA (in: hInstance=0x860000, uID=0x7d1, lpBuffer=0x19fc54, cchBufferMax=8 | out: lpBuffer="409") returned 0x3 [0112.883] GetSystemDefaultLCID () returned 0x409 [0112.883] GetUserDefaultLCID () returned 0x409 [0112.883] GetLocaleInfoA (in: Locale=0x400, LCType=0xe, lpLCData=0x19fc5e, cchData=2 | out: lpLCData=".") returned 2 [0112.883] GetStockObject (i=13) returned 0x58a00b4 [0112.884] GetObjectA (in: h=0x58a00b4, c=60, pv=0x19fc24 | out: pv=0x19fc24) returned 60 [0112.884] GetLocaleInfoA (in: Locale=0x409, LCType=0x80000003, lpLCData=0x19fc20, cchData=4 | out: lpLCData="ENU") returned 4 [0112.884] lstrcpyA (in: lpString1=0x19fc50, lpString2="EN" | out: lpString1="EN") returned="EN" [0112.884] lstrlenA (lpString="{xx}") returned 4 [0112.884] lstrlenA (lpString="VB98.CHM") returned 8 [0112.884] lstrcpyA (in: lpString1=0x96eae8, lpString2="VB98.CHM" | out: lpString1="VB98.CHM") returned="VB98.CHM" [0112.884] GetLocaleInfoA (in: Locale=0x409, LCType=0x80000003, lpLCData=0x19fc20, cchData=4 | out: lpLCData="ENU") returned 4 [0112.884] lstrcpyA (in: lpString1=0x19fc50, lpString2="EN" | out: lpString1="EN") returned="EN" [0112.884] lstrlenA (lpString="{xx}") returned 4 [0112.884] lstrlenA (lpString="VBENLR98.CHM") returned 12 [0112.884] lstrcpyA (in: lpString1=0x96ebf0, lpString2="VBENLR98.CHM" | out: lpString1="VBENLR98.CHM") returned="VBENLR98.CHM" [0112.884] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19fd78, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0112.884] GetModuleFileNameA (in: hModule=0x860000, lpFilename=0x19fc74, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL" (normalized: "c:\\windows\\syswow64\\msvbvm60.dll")) returned 0x20 [0112.884] lstrcpynA (in: lpString1=0x19fb58, lpString2="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL", iMaxLength=260 | out: lpString1="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL") returned="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL" [0112.884] lstrlenA (lpString="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL") returned 32 [0112.884] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x21) returned 0x2221598 [0112.884] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x21) returned 0x22215c8 [0112.885] lstrcpyA (in: lpString1=0x2221598, lpString2="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL" | out: lpString1="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL") returned="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL" [0112.885] LCMapStringA (in: Locale=0x409, dwMapFlags=0x200, lpSrcStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", cchSrc=-1, lpDestStr=0x19fb38, cchDest=260 | out: lpDestStr="C:\\USERS\\OQXZRAYKM\\DESKTOP\\UNICORN-32917.EXE") returned 45 [0112.887] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x19fc3c, dwRevision=0x1 | out: pSecurityDescriptor=0x19fc3c) returned 1 [0112.887] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x19fc3c, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x19fc3c) returned 1 [0112.887] CreateSemaphoreA (lpSemaphoreAttributes=0x19fc50, lInitialCount=0, lMaximumCount=2147483647, lpName="C:?USERS?OQXZRAYKM?DESKTOP?UNICORN-32917.EXE") returned 0x17c [0112.887] GetLastError () returned 0x0 [0112.887] GetVersionExA (in: lpVersionInformation=0x19fbb4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x19fbb4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0112.888] OleInitialize (pvReserved=0x0) returned 0x0 [0113.194] OaBuildVersion () returned 0x321396 [0113.194] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x76890000 [0113.194] GetLastError () returned 0x0 [0113.194] GetProcAddress (hModule=0x76890000, lpProcName="OleLoadPictureEx") returned 0x76901420 [0113.195] RegisterClipboardFormatA (lpszFormat="Link") returned 0xc150 [0113.195] RegisterClipboardFormatA (lpszFormat="Rich Text Format") returned 0xc06e [0113.195] GetClassInfoA (in: hInstance=0x860000, lpClassName="VBFocusRT6", lpWndClass=0x19fc1c | out: lpWndClass=0x19fc1c) returned 0 [0113.195] RegisterClassA (lpWndClass=0x19fc1c) returned 0xc1cd [0113.195] GetClassInfoA (in: hInstance=0x860000, lpClassName="VBBubbleRT6", lpWndClass=0x19fc1c | out: lpWndClass=0x19fc1c) returned 0 [0113.195] RegisterClassA (lpWndClass=0x19fc1c) returned 0xc1cb [0113.195] HeapCreate (flOptions=0x0, dwInitialSize=0x400, dwMaximumSize=0x0) returned 0x4e0000 [0113.196] GetUserDefaultLCID () returned 0x409 [0113.196] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x3a4) returned 0x22215f8 [0113.196] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x3a4) returned 0x22219a8 [0113.196] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xd4) returned 0x2221d58 [0113.196] GetSystemInfo (in: lpSystemInfo=0x19fbdc | out: lpSystemInfo=0x19fbdc*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5507)) [0113.196] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x2000, flProtect=0x4) returned 0x4c0000 [0113.197] VirtualAlloc (lpAddress=0x4c0000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x4c0000 [0113.197] VirtualAlloc (lpAddress=0x4c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x4c0000 [0113.197] VirtualAlloc (lpAddress=0x4c0000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x4c0000 [0113.198] VirtualAlloc (lpAddress=0x4c0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x4c0000 [0113.198] VirtualAlloc (lpAddress=0x4c0000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x4c0000 [0113.198] VirtualAlloc (lpAddress=0x4c0000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x4c0000 [0113.198] VirtualProtect (in: lpAddress=0x4c0000, dwSize=0x6000, flNewProtect=0x20, lpflOldProtect=0x19fc38 | out: lpflOldProtect=0x19fc38*=0x4) returned 1 [0113.200] GetCurrentProcess () returned 0xffffffff [0113.200] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x4c0000, dwSize=0x6000) returned 1 [0113.201] GlobalAddAtomA (lpString="VBDisabled") returned 0xc0bf [0113.201] GetVersion () returned 0x23f00206 [0113.201] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x76890000 [0113.201] GetProcAddress (hModule=0x76890000, lpProcName="DispCallFunc") returned 0x768cc800 [0113.201] GetProcAddress (hModule=0x76890000, lpProcName="LoadTypeLibEx") returned 0x768b0c50 [0113.201] GetProcAddress (hModule=0x76890000, lpProcName="UnRegisterTypeLib") returned 0x768e5c70 [0113.201] GetProcAddress (hModule=0x76890000, lpProcName="CreateTypeLib2") returned 0x768c4e70 [0113.201] GetProcAddress (hModule=0x76890000, lpProcName="VarDateFromUdate") returned 0x768c07b0 [0113.201] GetProcAddress (hModule=0x76890000, lpProcName="VarUdateFromDate") returned 0x768a6e60 [0113.201] GetProcAddress (hModule=0x76890000, lpProcName="GetAltMonthNames") returned 0x768fc880 [0113.202] GetProcAddress (hModule=0x76890000, lpProcName="VarNumFromParseNum") returned 0x768a75e0 [0113.202] GetProcAddress (hModule=0x76890000, lpProcName="VarParseNumFromStr") returned 0x768aed30 [0113.202] GetProcAddress (hModule=0x76890000, lpProcName="VarDecFromR4") returned 0x76901ff0 [0113.202] GetProcAddress (hModule=0x76890000, lpProcName="VarDecFromR8") returned 0x76902250 [0113.202] GetProcAddress (hModule=0x76890000, lpProcName="VarDecFromDate") returned 0x76901e50 [0113.202] GetProcAddress (hModule=0x76890000, lpProcName="VarDecFromI4") returned 0x76901f40 [0113.202] GetProcAddress (hModule=0x76890000, lpProcName="VarDecFromCy") returned 0x76901e10 [0113.202] GetProcAddress (hModule=0x76890000, lpProcName="VarR4FromDec") returned 0x76902870 [0113.202] GetProcAddress (hModule=0x76890000, lpProcName="GetRecordInfoFromTypeInfo") returned 0x76900a10 [0113.202] GetProcAddress (hModule=0x76890000, lpProcName="GetRecordInfoFromGuids") returned 0x76900920 [0113.203] GetProcAddress (hModule=0x76890000, lpProcName="SafeArrayGetRecordInfo") returned 0x76901730 [0113.203] GetProcAddress (hModule=0x76890000, lpProcName="SafeArraySetRecordInfo") returned 0x76901780 [0113.203] GetProcAddress (hModule=0x76890000, lpProcName="SafeArrayGetIID") returned 0x769016f0 [0113.203] GetProcAddress (hModule=0x76890000, lpProcName="SafeArraySetIID") returned 0x768c0e80 [0113.203] GetProcAddress (hModule=0x76890000, lpProcName="SafeArrayCopyData") returned 0x768aa340 [0113.203] GetProcAddress (hModule=0x76890000, lpProcName="SafeArrayAllocDescriptorEx") returned 0x768aa5b0 [0113.203] GetProcAddress (hModule=0x76890000, lpProcName="SafeArrayCreateEx") returned 0x769015d0 [0113.203] GetProcAddress (hModule=0x76890000, lpProcName="VarFormat") returned 0x76904d40 [0113.203] GetProcAddress (hModule=0x76890000, lpProcName="VarFormatDateTime") returned 0x76904eb0 [0113.203] GetProcAddress (hModule=0x76890000, lpProcName="VarFormatNumber") returned 0x76906cd0 [0113.203] GetProcAddress (hModule=0x76890000, lpProcName="VarFormatPercent") returned 0x76906d80 [0113.204] GetProcAddress (hModule=0x76890000, lpProcName="VarFormatCurrency") returned 0x76904e00 [0113.204] GetProcAddress (hModule=0x76890000, lpProcName="VarWeekdayName") returned 0x769070d0 [0113.204] GetProcAddress (hModule=0x76890000, lpProcName="VarMonthName") returned 0x76906e20 [0113.204] GetProcAddress (hModule=0x76890000, lpProcName="VarAdd") returned 0x768ce420 [0113.204] GetProcAddress (hModule=0x76890000, lpProcName="VarAnd") returned 0x768c0a60 [0113.204] GetProcAddress (hModule=0x76890000, lpProcName="VarCat") returned 0x768c0460 [0113.204] GetProcAddress (hModule=0x76890000, lpProcName="VarDiv") returned 0x768f7350 [0113.204] GetProcAddress (hModule=0x76890000, lpProcName="VarEqv") returned 0x768f7cb0 [0113.205] GetProcAddress (hModule=0x76890000, lpProcName="VarIdiv") returned 0x768f7cf0 [0113.205] GetProcAddress (hModule=0x76890000, lpProcName="VarImp") returned 0x768f7e70 [0113.205] GetProcAddress (hModule=0x76890000, lpProcName="VarMod") returned 0x768f7f50 [0113.205] GetProcAddress (hModule=0x76890000, lpProcName="VarMul") returned 0x768cece0 [0113.205] GetProcAddress (hModule=0x76890000, lpProcName="VarOr") returned 0x768f8160 [0113.205] GetProcAddress (hModule=0x76890000, lpProcName="VarPow") returned 0x768f7990 [0113.205] GetProcAddress (hModule=0x76890000, lpProcName="VarSub") returned 0x768cf5b0 [0113.205] GetProcAddress (hModule=0x76890000, lpProcName="VarXor") returned 0x768f8300 [0113.205] GetProcAddress (hModule=0x76890000, lpProcName="VarAbs") returned 0x768f67f0 [0113.205] GetProcAddress (hModule=0x76890000, lpProcName="VarFix") returned 0x768f6aa0 [0113.206] GetProcAddress (hModule=0x76890000, lpProcName="VarInt") returned 0x768f6c50 [0113.206] GetProcAddress (hModule=0x76890000, lpProcName="VarNeg") returned 0x768f6e10 [0113.206] GetProcAddress (hModule=0x76890000, lpProcName="VarNot") returned 0x768f80b0 [0113.206] GetProcAddress (hModule=0x76890000, lpProcName="VarRound") returned 0x768f7040 [0113.206] GetProcAddress (hModule=0x76890000, lpProcName="VarCmp") returned 0x768a4ae0 [0113.206] GetProcAddress (hModule=0x76890000, lpProcName="VarDecAdd") returned 0x768cbfa0 [0113.206] GetProcAddress (hModule=0x76890000, lpProcName="VarDecCmp") returned 0x768cc780 [0113.206] GetProcAddress (hModule=0x76890000, lpProcName="VarBstrCat") returned 0x768a6870 [0113.206] GetProcAddress (hModule=0x76890000, lpProcName="VarCyMulI4") returned 0x768cb9d0 [0113.206] GetProcAddress (hModule=0x76890000, lpProcName="VarBstrCmp") returned 0x768a5040 [0113.207] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76340000 [0113.207] GetProcAddress (hModule=0x76340000, lpProcName="CoCreateInstanceEx") returned 0x761641d0 [0113.207] GetProcAddress (hModule=0x76340000, lpProcName="CLSIDFromProgIDEx") returned 0x761748e0 [0113.207] GetSystemMetrics (nIndex=42) returned 0 [0113.207] CoGetMalloc (in: dwMemContext=0x1, ppMalloc=0x96e688 | out: ppMalloc=0x96e688*=0x7627fec4) returned 0x0 [0113.207] IMalloc:Alloc (This=0x7627fec4, cb=0x4) returned 0x5a5b18 [0113.207] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x19f950, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0113.208] lstrcatA (in: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpString2=".cfg" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe.cfg") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe.cfg" [0113.208] SetLastError (dwErrCode=0x0) [0113.208] SearchPathA (in: lpPath=0x0, lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe.cfg", lpExtension=0x0, nBufferLength=0x103, lpBuffer=0x19f84c, lpFilePart=0x19f820 | out: lpBuffer="hù\x19", lpFilePart=0x19f820*="\x8bÿU\x8bì\x83ì\x18SVW\x8b}\x0cÆEÿ") returned 0x0 [0113.235] SetLastError (dwErrCode=0x2) [0113.235] GetLastError () returned 0x2 [0113.235] lstrcmpiA (lpString1="Unicorn-32917", lpString2="MTX") returned 1 [0113.235] lstrcmpiA (lpString1="Unicorn-32917", lpString2="DLLHOST") returned 1 [0113.235] lstrcmpiA (lpString1="Unicorn-32917", lpString2="INETINFO") returned 1 [0113.235] lstrcmpiA (lpString1="Unicorn-32917", lpString2="W3WP") returned -1 [0113.235] lstrcmpiA (lpString1="Unicorn-32917", lpString2="ASPNET_WP") returned 1 [0113.235] lstrcmpiA (lpString1="Unicorn-32917", lpString2="DLLHST3G") returned 1 [0113.235] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x19f944, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0113.235] lstrcmpiA (lpString1="Unicorn-32917", lpString2="IEXPLORE") returned 1 [0113.235] LoadLibraryA (lpLibFileName="SXS.DLL") returned 0x717c0000 [0113.260] GetLastError () returned 0x0 [0113.260] GetProcAddress (hModule=0x717c0000, lpProcName="SxsOleAut32MapIIDOrCLSIDToTypeLibrary") returned 0x7182a250 [0113.260] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="", cbMultiByte=-1, lpWideCharStr=0x19fe90, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0113.261] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x1c) returned 0x2221e38 [0113.261] CoRegisterMessageFilter (in: lpMessageFilter=0x2221e3c, lplpMessageFilter=0x2221e44 | out: lplpMessageFilter=0x2221e44*=0x0) returned 0x0 [0113.262] IUnknown:AddRef (This=0x2221e3c) returned 0x2 [0113.262] GetClassInfoExA (in: hInstance=0x860000, lpszClass="ThunderRT6Main", lpwcx=0x19fe60 | out: lpwcx=0x19fe60) returned 0 [0113.262] LoadIconA (hInstance=0x400000, lpIconName=0x1) returned 0xb016f [0113.268] GetModuleHandleA (lpModuleName="USER32") returned 0x77be0000 [0113.269] GetProcAddress (hModule=0x77be0000, lpProcName="GetSystemMetrics") returned 0x77c11aa0 [0113.269] GetProcAddress (hModule=0x77be0000, lpProcName="MonitorFromWindow") returned 0x77c15fb0 [0113.269] GetProcAddress (hModule=0x77be0000, lpProcName="MonitorFromRect") returned 0x77c06270 [0113.269] GetProcAddress (hModule=0x77be0000, lpProcName="MonitorFromPoint") returned 0x77c0db10 [0113.269] GetProcAddress (hModule=0x77be0000, lpProcName="EnumDisplayMonitors") returned 0x77c1e260 [0113.269] GetProcAddress (hModule=0x77be0000, lpProcName="GetMonitorInfoA") returned 0x77c016a0 [0113.269] GetSystemMetrics (nIndex=0) returned 1440 [0113.269] GetSystemMetrics (nIndex=78) returned 1440 [0113.269] GetSystemMetrics (nIndex=1) returned 900 [0113.269] GetSystemMetrics (nIndex=79) returned 900 [0113.269] GetSystemMetrics (nIndex=50) returned 16 [0113.269] GetSystemMetrics (nIndex=49) returned 16 [0113.270] LoadImageA (hInst=0x400000, name=0x1, type=0x1, cx=16, cy=16, fuLoad=0x0) returned 0x6015f [0113.522] RegisterClassExA (param_1=0x19fe60) returned 0xc1dc [0113.522] CreateWindowExA (dwExStyle=0x80, lpClassName="ThunderRT6Main", lpWindowName=0x0, dwStyle=0x80090000, X=-2147483648, Y=-2147483648, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x860000, lpParam=0x0) returned 0x40330 [0113.529] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x81, wParam=0x0, lParam=0x19f9d8) returned 0x1 [0113.541] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x83, wParam=0x0, lParam=0x19f9c4) returned 0x0 [0113.542] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x1, wParam=0x0, lParam=0x19f9d8) returned 0x0 [0113.542] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0113.543] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0113.543] MonitorFromWindow (hwnd=0x40330, dwFlags=0x2) returned 0x10001 [0113.543] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x19fe68 | out: lpmi=0x19fe68) returned 1 [0113.543] SetWindowPos (hWnd=0x40330, hWndInsertAfter=0x0, X=720, Y=450, cx=0, cy=0, uFlags=0x1d) returned 1 [0113.543] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x46, wParam=0x0, lParam=0x19fe0c) returned 0x0 [0113.544] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x47, wParam=0x0, lParam=0x19fe0c) returned 0x0 [0113.544] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x3, wParam=0x0, lParam=0x1c202d0) returned 0x0 [0113.544] ShowWindow (hWnd=0x40330, nCmdShow=4) returned 0 [0113.544] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0113.544] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x46, wParam=0x0, lParam=0x19fe1c) returned 0x0 [0113.550] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x47, wParam=0x0, lParam=0x19fe1c) returned 0x0 [0113.550] GetWindowThreadProcessId (in: hWnd=0x40330, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x17e4 [0113.550] VirtualQuery (in: lpAddress=0x19fe90, lpBuffer=0x19fe74, dwLength=0x1c | out: lpBuffer=0x19fe74*(BaseAddress=0x19f000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0113.550] GetUserDefaultLCID () returned 0x409 [0113.551] IsValidCodePage (CodePage=0x3a4) returned 1 [0113.551] IsValidCodePage (CodePage=0x3b5) returned 1 [0113.551] IsValidCodePage (CodePage=0x3b6) returned 1 [0113.556] IsValidCodePage (CodePage=0x3a8) returned 1 [0113.559] GetUserDefaultLangID () returned 0x409 [0113.560] GetSystemDefaultLangID () returned 0x5a0409 [0113.560] GetSystemMetrics (nIndex=42) returned 0 [0113.560] IMalloc:Alloc (This=0x7627fec4, cb=0xa8) returned 0x5a14b0 [0113.560] IMalloc:GetSize (This=0x7627fec4, pv=0x5a14b0) returned 0xa8 [0113.560] IMalloc:Alloc (This=0x7627fec4, cb=0xc) returned 0x5b4ba8 [0113.560] GetCurrentThreadId () returned 0x17e4 [0113.560] IMalloc:Alloc (This=0x7627fec4, cb=0x3c) returned 0x5a72e8 [0113.560] IMalloc:Alloc (This=0x7627fec4, cb=0x1c) returned 0x5a9e78 [0113.560] RegOpenKeyA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\VBA\\Monitors", phkResult=0x19fe5c | out: phkResult=0x19fe5c*=0x0) returned 0x2 [0113.561] IMalloc:Alloc (This=0x7627fec4, cb=0x1c) returned 0x5a9d38 [0113.561] GetCurrentThreadId () returned 0x17e4 [0113.561] SetWindowsHookExA (idHook=-1, lpfn=0x8c1e09, hmod=0x0, dwThreadId=0x17e4) returned 0x4014b [0113.562] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x14) returned 0x2221e60 [0113.562] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x80) returned 0x2221e80 [0113.562] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x10) returned 0x2221f08 [0113.562] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x2c) returned 0x2221f20 [0113.562] GetClassInfoA (in: hInstance=0x860000, lpClassName="VBMsoStdCompMgr", lpWndClass=0x19fdb4 | out: lpWndClass=0x19fdb4) returned 0 [0113.562] RegisterClassA (lpWndClass=0x19fdb4) returned 0xc1de [0113.562] CreateWindowExA (dwExStyle=0x0, lpClassName="VBMsoStdCompMgr", lpWindowName=0x0, dwStyle=0x80000000, X=-2147483648, Y=-2147483648, nWidth=-2147483648, nHeight=-2147483648, hWndParent=0x0, hMenu=0x0, hInstance=0x860000, lpParam=0x0) returned 0x40340 [0113.564] NtdllDefWindowProc_A (hWnd=0x40340, Msg=0x81, wParam=0x0, lParam=0x19f988) returned 0x1 [0113.565] NtdllDefWindowProc_A (hWnd=0x40340, Msg=0x83, wParam=0x0, lParam=0x19f974) returned 0x0 [0113.565] NtdllDefWindowProc_A (hWnd=0x40340, Msg=0x1, wParam=0x0, lParam=0x19f988) returned 0x0 [0113.566] NtdllDefWindowProc_A (hWnd=0x40340, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0113.566] NtdllDefWindowProc_A (hWnd=0x40340, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0113.570] SetWindowLongA (hWnd=0x40340, nIndex=0, dwNewLong=35790468) returned 0 [0113.570] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x38) returned 0x2221f58 [0113.570] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x18) returned 0x2221f98 [0113.570] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x10) returned 0x2221fb8 [0113.570] RegisterClipboardFormatA (lpszFormat="Object Descriptor") returned 0xc00e [0113.570] RegisterClipboardFormatA (lpszFormat="Link Source Descriptor") returned 0xc00f [0113.570] RegisterClipboardFormatA (lpszFormat="Embed Source") returned 0xc00b [0113.570] RegisterClipboardFormatA (lpszFormat="Embedded Object") returned 0xc00a [0113.570] RegisterClipboardFormatA (lpszFormat="Link Source") returned 0xc00d [0113.570] RegisterClipboardFormatA (lpszFormat="OwnerLink") returned 0xc003 [0113.570] RegisterClipboardFormatA (lpszFormat="FileName") returned 0xc006 [0113.570] CreateCompatibleDC (hdc=0x0) returned 0x4f0108ff [0113.571] GetCurrentObject (hdc=0x4f0108ff, type=0x7) returned 0x85000f [0113.571] CreateWindowExA (dwExStyle=0x0, lpClassName="VBFocusRT6", lpWindowName=0x0, dwStyle=0x40000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x40330, hMenu=0x0, hInstance=0x860000, lpParam=0x0) returned 0x6004a [0113.572] NtdllDefWindowProc_A (hWnd=0x6004a, Msg=0x81, wParam=0x0, lParam=0x19fa18) returned 0x1 [0113.572] NtdllDefWindowProc_A (hWnd=0x6004a, Msg=0x83, wParam=0x0, lParam=0x19fa04) returned 0x0 [0113.573] NtdllDefWindowProc_A (hWnd=0x6004a, Msg=0x1, wParam=0x0, lParam=0x19fa18) returned 0x0 [0113.573] NtdllDefWindowProc_A (hWnd=0x6004a, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0113.573] NtdllDefWindowProc_A (hWnd=0x6004a, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0113.574] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x210, wParam=0x1, lParam=0x6004a) returned 0x0 [0113.574] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x18) returned 0x2221fd0 [0113.574] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x114) returned 0x4e05b8 [0113.574] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x5c) returned 0x2221ff0 [0113.574] GetCurrentThreadId () returned 0x17e4 [0113.574] GetCurrentThreadId () returned 0x17e4 [0113.575] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x10) returned 0x2222058 [0113.575] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x30) returned 0x2222070 [0113.575] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x434) returned 0x22220a8 [0113.575] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x434) returned 0x22224e8 [0113.575] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x3c) returned 0x2222928 [0113.575] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x2222970 [0113.575] lstrlenA (lpString="VB") returned 2 [0113.575] lstrlenA (lpString="Label") returned 5 [0113.575] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x9) returned 0x2222a90 [0113.575] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x34) returned 0x2222aa8 [0113.575] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xf0) returned 0x2222ae8 [0113.575] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x48) returned 0x2222be0 [0113.575] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1f4) returned 0x2222c30 [0113.575] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x28) returned 0x2222e30 [0113.575] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2222e60 [0113.575] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x28) returned 0x2222e80 [0113.575] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x2222eb0 [0113.576] lstrlenA (lpString="VB") returned 2 [0113.576] lstrlenA (lpString="TextBox") returned 7 [0113.576] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xb) returned 0x2222fd0 [0113.576] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x38) returned 0x2222fe8 [0113.576] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x120) returned 0x2223028 [0113.576] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x60) returned 0x2223150 [0113.576] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x250) returned 0x22231b8 [0113.576] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2223410 [0113.576] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x2223430 [0113.576] lstrlenA (lpString="VB") returned 2 [0113.576] lstrlenA (lpString="Timer") returned 5 [0113.576] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x9) returned 0x2223550 [0113.576] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xc) returned 0x2223568 [0113.576] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x30) returned 0x2223580 [0113.576] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x4) returned 0x22235b8 [0113.577] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x9c) returned 0x22235c8 [0113.577] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2223670 [0113.577] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x2223690 [0113.577] lstrlenA (lpString="VB") returned 2 [0113.577] lstrlenA (lpString="Printer") returned 7 [0113.577] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xb) returned 0x22237b0 [0113.577] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xdc) returned 0x22237c8 [0113.577] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x22238b0 [0113.577] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x22238d0 [0113.577] lstrlenA (lpString="VB") returned 2 [0113.577] lstrlenA (lpString="Form") returned 4 [0113.577] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x8) returned 0x22239f0 [0113.577] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x184) returned 0x2223a00 [0113.577] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x7c) returned 0x2223b90 [0113.578] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2f8) returned 0x2223c18 [0113.578] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2223f18 [0113.578] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x2223f38 [0113.578] lstrlenA (lpString="VB") returned 2 [0113.578] lstrlenA (lpString="Screen") returned 6 [0113.578] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xa) returned 0x2224058 [0113.578] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x2c) returned 0x2224070 [0113.578] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xa0) returned 0x22240a8 [0113.578] RtlReAllocateHeap (Heap=0x2220000, Flags=0x0, Ptr=0x2222e30, Size=0x50) returned 0x2224150 [0113.579] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2222e30 [0113.579] RtlReAllocateHeap (Heap=0x2220000, Flags=0x0, Ptr=0x2222e80, Size=0x50) returned 0x22241a8 [0113.579] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x2224200 [0113.579] lstrlenA (lpString="VB") returned 2 [0113.579] lstrlenA (lpString="Clipboard") returned 9 [0113.579] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xd) returned 0x2222e80 [0113.579] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x1c) returned 0x2224320 [0113.579] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x68) returned 0x2224348 [0113.579] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x22243b8 [0113.579] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x22243d8 [0113.579] lstrlenA (lpString="VB") returned 2 [0113.579] lstrlenA (lpString="MDIForm") returned 7 [0113.580] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xb) returned 0x2222e98 [0113.580] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x184) returned 0x22244f8 [0113.580] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x7c) returned 0x2224688 [0113.580] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2f8) returned 0x2224710 [0113.580] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2224a10 [0113.580] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x2224a30 [0113.580] lstrlenA (lpString="VB") returned 2 [0113.580] lstrlenA (lpString="App") returned 3 [0113.580] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x7) returned 0x2222e50 [0113.580] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x84) returned 0x2224b50 [0113.580] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x148) returned 0x2224be0 [0113.580] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2224d30 [0113.580] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x2224d50 [0113.580] lstrlenA (lpString="VB") returned 2 [0113.580] lstrlenA (lpString="UserControl") returned 11 [0113.581] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xf) returned 0x2224e70 [0113.581] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x1e4) returned 0x2224e88 [0113.581] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xb0) returned 0x2225078 [0113.581] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x3a4) returned 0x2225130 [0113.581] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x22254e0 [0113.581] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x2225500 [0113.581] lstrlenA (lpString="VB") returned 2 [0113.581] lstrlenA (lpString="PropertyPage") returned 12 [0113.581] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x10) returned 0x2225620 [0113.581] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x190) returned 0x2225638 [0113.582] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x88) returned 0x22257d0 [0113.582] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x310) returned 0x2225860 [0113.582] RtlReAllocateHeap (Heap=0x2220000, Flags=0x0, Ptr=0x2224150, Size=0x78) returned 0x2225b78 [0113.582] lstrcmpiA (lpString1="VB.MDIForm", lpString2="VB.PropertyPage") returned -1 [0113.582] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2224150 [0113.582] RtlReAllocateHeap (Heap=0x2220000, Flags=0x0, Ptr=0x22241a8, Size=0x78) returned 0x2225bf8 [0113.582] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x2225c78 [0113.582] lstrlenA (lpString="VB") returned 2 [0113.582] lstrlenA (lpString="UserDocument") returned 12 [0113.582] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x10) returned 0x2224170 [0113.582] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x1c8) returned 0x2225d98 [0113.582] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xa8) returned 0x2225f68 [0113.583] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x370) returned 0x2226018 [0113.584] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2224188 [0113.584] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x20) returned 0x22241a8 [0113.584] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x8, Size=0x30) returned 0x4e06d8 [0113.584] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xa0) returned 0x2226390 [0113.584] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x28) returned 0x22241d0 [0113.585] GetCurrentThreadId () returned 0x17e4 [0113.585] GetCurrentThreadId () returned 0x17e4 [0113.585] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x10) returned 0x2226438 [0113.585] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x2226450 [0113.585] lstrlenA (lpString="VB") returned 2 [0113.585] lstrlenA (lpString="PictureBox") returned 10 [0113.585] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x2226570 [0113.585] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x16c) returned 0x2226588 [0113.585] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x68) returned 0x2226700 [0113.585] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2c8) returned 0x2226770 [0113.585] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2226a40 [0113.585] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x2226a60 [0113.585] lstrlenA (lpString="VB") returned 2 [0113.585] lstrlenA (lpString="Frame") returned 5 [0113.585] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x9) returned 0x2226b80 [0113.585] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x24) returned 0x22204b0 [0113.587] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xb0) returned 0x22204e0 [0113.587] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x34) returned 0x2229ac8 [0113.587] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x184) returned 0x2229b08 [0113.587] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2220598 [0113.587] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x2229c98 [0113.587] lstrlenA (lpString="VB") returned 2 [0113.587] lstrlenA (lpString="CommandButton") returned 13 [0113.587] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x11) returned 0x2229e20 [0113.587] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x28) returned 0x222a5c0 [0113.588] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xd4) returned 0x222a5f0 [0113.588] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x44) returned 0x222a6d0 [0113.588] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1c8) returned 0x222a720 [0113.588] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2229f60 [0113.588] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x222a8f0 [0113.588] lstrlenA (lpString="VB") returned 2 [0113.588] lstrlenA (lpString="CheckBox") returned 8 [0113.588] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xc) returned 0x222aa10 [0113.588] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x28) returned 0x222aa28 [0113.588] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xec) returned 0x222aa58 [0113.588] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x48) returned 0x222ab50 [0113.588] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1f8) returned 0x222aba0 [0113.588] RtlReAllocateHeap (Heap=0x2220000, Flags=0x0, Ptr=0x2225b78, Size=0xa0) returned 0x222ada0 [0113.588] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2229f40 [0113.589] RtlReAllocateHeap (Heap=0x2220000, Flags=0x0, Ptr=0x2225bf8, Size=0xa0) returned 0x222ae48 [0113.589] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x222aef0 [0113.589] lstrlenA (lpString="VB") returned 2 [0113.589] lstrlenA (lpString="OptionButton") returned 12 [0113.589] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x10) returned 0x222b158 [0113.589] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x28) returned 0x2225b78 [0113.589] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xd4) returned 0x222b218 [0113.589] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x4c) returned 0x2225ba8 [0113.589] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1c8) returned 0x222b2f8 [0113.590] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x222a180 [0113.590] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x222b740 [0113.590] lstrlenA (lpString="VB") returned 2 [0113.590] lstrlenA (lpString="ComboBox") returned 8 [0113.590] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xc) returned 0x222b0b0 [0113.590] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x108) returned 0x222c4d0 [0113.590] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x4c) returned 0x222ca28 [0113.590] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x230) returned 0x222cde8 [0113.590] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2229f00 [0113.590] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x222be30 [0113.590] lstrlenA (lpString="VB") returned 2 [0113.590] lstrlenA (lpString="ListBox") returned 7 [0113.590] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xb) returned 0x222b140 [0113.591] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x108) returned 0x222d020 [0113.591] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x54) returned 0x2225c00 [0113.591] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x230) returned 0x222d130 [0113.591] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2229fa0 [0113.591] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x222bbe0 [0113.591] lstrlenA (lpString="VB") returned 2 [0113.591] lstrlenA (lpString="HScrollBar") returned 10 [0113.591] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b170 [0113.591] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x24) returned 0x222d368 [0113.591] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x90) returned 0x222d398 [0113.591] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x28) returned 0x222d430 [0113.591] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x144) returned 0x222d460 [0113.591] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2229e40 [0113.591] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x222bf58 [0113.592] lstrlenA (lpString="VB") returned 2 [0113.592] lstrlenA (lpString="VScrollBar") returned 10 [0113.592] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b098 [0113.592] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x24) returned 0x222d5b0 [0113.592] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x90) returned 0x222d5e0 [0113.592] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x28) returned 0x222d678 [0113.592] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x144) returned 0x222d6a8 [0113.592] RtlReAllocateHeap (Heap=0x2220000, Flags=0x0, Ptr=0x222ada0, Size=0xc8) returned 0x222d7f8 [0113.592] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2229e60 [0113.592] RtlReAllocateHeap (Heap=0x2220000, Flags=0x0, Ptr=0x222ae48, Size=0xc8) returned 0x222d8c8 [0113.592] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x222b868 [0113.592] lstrlenA (lpString="VB") returned 2 [0113.592] lstrlenA (lpString="DriveListBox") returned 12 [0113.592] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x10) returned 0x222b0c8 [0113.592] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x28) returned 0x222ada0 [0113.592] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xc0) returned 0x222add0 [0113.592] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x40) returned 0x222ae98 [0113.592] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1a0) returned 0x222d998 [0113.593] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x222a100 [0113.593] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x222b990 [0113.593] lstrlenA (lpString="VB") returned 2 [0113.593] lstrlenA (lpString="DirListBox") returned 10 [0113.593] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b1b8 [0113.593] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x28) returned 0x222db40 [0113.593] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xc8) returned 0x222db70 [0113.593] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x50) returned 0x222c660 [0113.593] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b0) returned 0x222dc40 [0113.593] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2229f80 [0113.593] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x222bd08 [0113.593] lstrlenA (lpString="VB") returned 2 [0113.593] lstrlenA (lpString="FileListBox") returned 11 [0113.593] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xf) returned 0x222b1a0 [0113.593] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x28) returned 0x222ddf8 [0113.593] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xec) returned 0x222de28 [0113.593] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x58) returned 0x222df20 [0113.593] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1f8) returned 0x222df80 [0113.594] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2229fc0 [0113.594] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x222c080 [0113.594] lstrlenA (lpString="VB") returned 2 [0113.594] lstrlenA (lpString="Menu") returned 4 [0113.594] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x8) returned 0x222aee0 [0113.594] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x38) returned 0x222e180 [0113.594] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x4) returned 0x2225c60 [0113.594] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xb8) returned 0x222e1c0 [0113.595] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x222a140 [0113.596] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x222b4f0 [0113.596] lstrlenA (lpString="VB") returned 2 [0113.596] lstrlenA (lpString="Shape") returned 5 [0113.596] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x9) returned 0x222b080 [0113.596] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x1c) returned 0x222e280 [0113.596] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x68) returned 0x222e2a8 [0113.596] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xfc) returned 0x222e318 [0113.596] RtlReAllocateHeap (Heap=0x2220000, Flags=0x0, Ptr=0x222d7f8, Size=0xf0) returned 0x222e420 [0113.596] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2229fe0 [0113.596] RtlReAllocateHeap (Heap=0x2220000, Flags=0x0, Ptr=0x222d8c8, Size=0xf0) returned 0x222e518 [0113.596] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x222c1a8 [0113.596] lstrlenA (lpString="VB") returned 2 [0113.596] lstrlenA (lpString="Line") returned 4 [0113.596] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x8) returned 0x222d7f8 [0113.596] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x18) returned 0x2229e00 [0113.596] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x50) returned 0x222c9d0 [0113.596] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xd0) returned 0x222d808 [0113.597] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x222a000 [0113.597] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x222bab8 [0113.597] lstrlenA (lpString="VB") returned 2 [0113.597] lstrlenA (lpString="Image") returned 5 [0113.597] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x9) returned 0x222b188 [0113.597] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x24) returned 0x222d8e0 [0113.597] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x98) returned 0x222e610 [0113.597] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x34) returned 0x222d910 [0113.597] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x154) returned 0x222e6b0 [0113.597] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x222a060 [0113.597] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x222c2d0 [0113.597] lstrlenA (lpString="VB") returned 2 [0113.597] lstrlenA (lpString="Data") returned 4 [0113.597] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x8) returned 0x222d950 [0113.597] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xd8) returned 0x222e810 [0113.597] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x3c) returned 0x222e8f0 [0113.598] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1d8) returned 0x222e938 [0113.598] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x222a080 [0113.598] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x114) returned 0x222b618 [0113.598] lstrlenA (lpString="VB") returned 2 [0113.598] lstrlenA (lpString="OLE") returned 3 [0113.598] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x7) returned 0x222d960 [0113.598] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x17c) returned 0x222eb18 [0113.598] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x40) returned 0x222eca0 [0113.598] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2f0) returned 0x222ece8 [0113.598] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x222a120 [0113.704] IMalloc:Alloc (This=0x7627fec4, cb=0x64) returned 0x5a0828 [0113.704] IMalloc:Alloc (This=0x7627fec4, cb=0xc) returned 0x5b4b18 [0113.704] IMalloc:Alloc (This=0x7627fec4, cb=0x2c) returned 0x5a9000 [0113.704] IMalloc:GetSize (This=0x7627fec4, pv=0x5a9000) returned 0x2c [0113.704] IMalloc:Alloc (This=0x7627fec4, cb=0x20) returned 0x5a9d60 [0113.704] GetCurrentThreadId () returned 0x17e4 [0113.704] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x54) returned 0x2a40048 [0113.705] GetCurrentThreadId () returned 0x17e4 [0113.705] IMalloc:Alloc (This=0x7627fec4, cb=0x1c) returned 0x5a9ba8 [0113.705] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x104) returned 0x2a400a8 [0113.705] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x6f8) returned 0x2a401b8 [0113.705] VirtualProtect (in: lpAddress=0x4c0000, dwSize=0x6000, flNewProtect=0x4, lpflOldProtect=0x19fde0 | out: lpflOldProtect=0x19fde0*=0x20) returned 1 [0113.706] GetCurrentProcess () returned 0xffffffff [0113.706] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x4c0000, dwSize=0x6000) returned 1 [0113.706] VirtualAlloc (lpAddress=0x4c0000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x4c0000 [0113.706] VirtualAlloc (lpAddress=0x4c0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x4c0000 [0113.706] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xd4) returned 0x2a408b8 [0113.706] VirtualAlloc (lpAddress=0x4c0000, dwSize=0x9000, flAllocationType=0x1000, flProtect=0x4) returned 0x4c0000 [0113.707] VirtualAlloc (lpAddress=0x4c0000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0x4c0000 [0113.707] VirtualProtect (in: lpAddress=0x4c0000, dwSize=0xa000, flNewProtect=0x20, lpflOldProtect=0x19fde0 | out: lpflOldProtect=0x19fde0*=0x4) returned 1 [0113.712] GetCurrentProcess () returned 0xffffffff [0113.712] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x4c0000, dwSize=0xa000) returned 1 [0113.712] GetCurrentThreadId () returned 0x17e4 [0113.712] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x23ec) returned 0x2a40998 [0113.722] GetCurrentThreadId () returned 0x17e4 [0113.723] SetWindowTextA (hWnd=0x40330, lpString="Kawaii-Unicorn") returned 1 [0113.723] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0xc, wParam=0x0, lParam=0x19fd54) returned 0x1 [0113.725] RegOpenKeyA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\VBA\\Monitors", phkResult=0x19fd3c | out: phkResult=0x19fd3c*=0x0) returned 0x2 [0113.726] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0113.726] VirtualQuery (in: lpAddress=0x19f768, lpBuffer=0x19f74c, dwLength=0x1c | out: lpBuffer=0x19f74c*(BaseAddress=0x19f000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0113.726] IMalloc:Alloc (This=0x7627fec4, cb=0x50) returned 0x5a0d18 [0113.726] IMalloc:GetSize (This=0x7627fec4, pv=0x5a0d18) returned 0x50 [0113.726] GetCurrentThreadId () returned 0x17e4 [0113.726] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x104) returned 0x2a42d90 [0113.726] GetCurrentThreadId () returned 0x17e4 [0113.726] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xc4) returned 0x2a42ea0 [0113.726] GetCurrentThreadId () returned 0x17e4 [0113.727] GetCurrentThreadId () returned 0x17e4 [0113.727] GetCurrentThreadId () returned 0x17e4 [0113.727] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x140) returned 0x2a42f70 [0113.727] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x10) returned 0x222b1d0 [0113.727] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x434) returned 0x2a430b8 [0113.727] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1ac [0113.727] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x198) returned 0x2a434f8 [0113.727] GetVersionExA (in: lpVersionInformation=0x19fa64*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x19fabc, dwMinorVersion=0x2a42eb0, dwBuildNumber=0x2220000, dwPlatformId=0x3e6, szCSDVersion="^\x03") | out: lpVersionInformation=0x19fa64*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0113.727] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0113.727] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x222a0e0 [0113.728] lstrlenA (lpString="vb6chs.dll") returned 10 [0113.728] lstrlenA (lpString="C:\\Windows\\SYSTEM32\\") returned 20 [0113.728] lstrcpyA (in: lpString1=0x19f9c8, lpString2="C:\\Windows\\SYSTEM32\\" | out: lpString1="C:\\Windows\\SYSTEM32\\") returned="C:\\Windows\\SYSTEM32\\" [0113.728] lstrcatA (in: lpString1="C:\\Windows\\SYSTEM32\\", lpString2="vb6chs.dll" | out: lpString1="C:\\Windows\\SYSTEM32\\vb6chs.dll") returned="C:\\Windows\\SYSTEM32\\vb6chs.dll" [0113.728] LoadLibraryA (lpLibFileName="C:\\Windows\\SYSTEM32\\vb6chs.dll") returned 0x0 [0113.728] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x14) returned 0x2229de0 [0113.728] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x80) returned 0x2a43698 [0113.729] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43698 | out: hHeap=0x2220000) returned 1 [0113.729] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="MS Sans Serif", cbMultiByte=-1, lpWideCharStr=0x19fa8c, cchWideChar=14 | out: lpWideCharStr="MS Sans Serif") returned 14 [0113.729] OleCreateFontIndirect () returned 0x0 [0113.730] CFont::SetRatio () returned 0x0 [0113.730] CFont::get_hFont () returned 0x0 [0113.731] CFont::Clone () returned 0x0 [0113.731] CFont::SetRatio () returned 0x0 [0113.731] lstrlenA (lpString="I'm Unicorn") returned 11 [0113.731] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xc) returned 0x222b1e8 [0113.731] OleTranslateColor () returned 0x0 [0113.732] OleLoadPictureEx () returned 0x0 [0114.249] CPicture::get_Type () returned 0x0 [0114.249] CPicture::QueryInterface () returned 0x0 [0114.249] CPicture::AddRef () returned 0x3 [0114.249] CPicture::Release () returned 0x2 [0114.249] CPicture::Release () returned 0x1 [0114.249] lstrlenA (lpString="Form1") returned 5 [0114.249] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x6) returned 0x222d970 [0114.249] lstrlenA (lpString="ThunderRT6") returned 10 [0114.249] lstrcpyA (in: lpString1=0x19faa0, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0114.250] lstrlenA (lpString="ThunderRT6Form") returned 14 [0114.250] lstrcpynA (in: lpString1=0x19faae, lpString2="DC", iMaxLength=116 | out: lpString1="DC") returned="DC" [0114.250] lstrlenA (lpString="ThunderRT6") returned 10 [0114.250] lstrcpyA (in: lpString1=0x19fa34, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0114.250] GetClassInfoA (in: hInstance=0x860000, lpClassName="ThunderRT6Form", lpWndClass=0x19fa60 | out: lpWndClass=0x19fa60) returned 0 [0114.251] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0114.251] RegisterClassA (lpWndClass=0x19fa60) returned 0xc1cf [0114.251] lstrlenA (lpString="ThunderRT6") returned 10 [0114.251] lstrcpyA (in: lpString1=0x19fa34, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0114.251] lstrlenA (lpString="ThunderRT6Form") returned 14 [0114.251] lstrcpynA (in: lpString1=0x19fa42, lpString2="DC", iMaxLength=29 | out: lpString1="DC") returned="DC" [0114.251] RegisterClassA (lpWndClass=0x19fa60) returned 0xc1ec [0114.252] AdjustWindowRectEx (in: lpRect=0x19fb60, dwStyle=0x2000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19fb60) returned 1 [0114.252] CreateWindowExA (dwExStyle=0x0, lpClassName=0xc1ec, lpWindowName="I'm Unicorn", dwStyle=0x2000000, X=0, Y=0, nWidth=748, nHeight=681, hWndParent=0x40330, hMenu=0x0, hInstance=0x860000, lpParam=0x0) returned 0x301f8 [0114.255] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x81, wParam=0x0, lParam=0x19f618) returned 0x1 [0114.256] SetWindowLongA (hWnd=0x301f8, nIndex=-16, dwNewLong=33554432) returned 113246208 [0114.260] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x7c, wParam=0xfffffff0, lParam=0x19f1ec) returned 0x0 [0114.261] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x7d, wParam=0xfffffff0, lParam=0x19f1ec) returned 0x0 [0114.265] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x83, wParam=0x0, lParam=0x19f604) returned 0x0 [0114.265] GetSystemMenu (hWnd=0x301f8, bRevert=0) returned 0x0 [0114.265] SetWindowContextHelpId (param_1=0x301f8, param_2=0xffffffff) returned 1 [0114.265] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x1, wParam=0x0, lParam=0x19f618) returned 0x0 [0114.267] GetDC (hWnd=0x301f8) returned 0xffffffffdb010907 [0114.267] GetTextMetricsA (in: hdc=0xdb010907, lptm=0x19fa4c | out: lptm=0x19fa4c) returned 1 [0114.267] SetBkMode (hdc=0xdb010907, mode=1) returned 2 [0114.267] OleTranslateColor () returned 0x0 [0114.267] SetBkColor (hdc=0xdb010907, color=0x0) returned 0xffffff [0114.267] OleTranslateColor () returned 0x0 [0114.267] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0114.267] OleTranslateColor () returned 0x0 [0114.267] CreatePen (iStyle=0, cWidth=1, color=0x0) returned 0x4f3006ac [0114.267] SelectObject (hdc=0xdb010907, h=0x4f3006ac) returned 0xb00017 [0114.267] SelectObject (hdc=0xdb010907, h=0x900011) returned 0x900010 [0114.267] ClientToScreen (in: hWnd=0x301f8, lpPoint=0x19fa2c | out: lpPoint=0x19fa2c) returned 1 [0114.267] SetBrushOrgEx (in: hdc=0xdb010907, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0114.267] UnrealizeObject (h=0x900015) returned 1 [0114.268] SelectObject (hdc=0xdb010907, h=0x900015) returned 0x900011 [0114.268] CFont::QueryInterface () returned 0x0 [0114.268] CFont::FindConnectionPoint () returned 0x0 [0114.268] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x14) returned 0x2229e80 [0114.268] CNotifyCP::Advise () returned 0x0 [0114.268] CFont::get_hFont () returned 0x0 [0114.268] CFont::AddRefHfont () returned 0x0 [0114.268] SelectObject (hdc=0xdb010907, h=0x320a08c8) returned 0x58a00b4 [0114.268] GetTextMetricsA (in: hdc=0xdb010907, lptm=0x19f840 | out: lptm=0x19f840) returned 1 [0114.268] CFontEventsCP::Release () returned 0x0 [0114.268] Release () returned 0x1 [0114.268] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xdc) returned 0x2a43698 [0114.268] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x222a020 [0114.268] lstrlenA (lpString="ThunderRT6") returned 10 [0114.268] lstrcpyA (in: lpString1=0x19fa70, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0114.268] lstrlenA (lpString="ThunderRT6") returned 10 [0114.268] lstrcpyA (in: lpString1=0x19fa04, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0114.268] GetClassInfoA (in: hInstance=0x860000, lpClassName="ThunderRT6Timer", lpWndClass=0x19fa30 | out: lpWndClass=0x19fa30) returned 0 [0114.268] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0114.269] RegisterClassA (lpWndClass=0x19fa30) returned 0xc1ed [0114.269] CreateWindowExA (dwExStyle=0x4, lpClassName=0xc1ed, lpWindowName=0x0, dwStyle=0x44010000, X=656, Y=368, nWidth=0, nHeight=0, hWndParent=0x301f8, hMenu=0x1, hInstance=0x860000, lpParam=0x0) returned 0x30378 [0114.269] SetTimer (hWnd=0x30378, nIDEvent=0x30378, uElapse=0x2328, lpTimerFunc=0x0) returned 0x30378 [0114.269] NtdllDefWindowProc_A (hWnd=0x30378, Msg=0x81, wParam=0x0, lParam=0x19f5e8) returned 0x1 [0114.270] NtdllDefWindowProc_A (hWnd=0x30378, Msg=0x83, wParam=0x0, lParam=0x19f5d4) returned 0x0 [0114.270] NtdllDefWindowProc_A (hWnd=0x30378, Msg=0x1, wParam=0x0, lParam=0x19f5e8) returned 0x0 [0114.273] NtdllDefWindowProc_A (hWnd=0x30378, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0114.273] NtdllDefWindowProc_A (hWnd=0x30378, Msg=0x3, wParam=0x0, lParam=0x1700290) returned 0x0 [0114.273] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xf4) returned 0x2a43780 [0114.273] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2229ea0 [0114.274] CFont::Clone () returned 0x0 [0114.274] CFont::SetRatio () returned 0x0 [0114.274] lstrlenA (lpString="0") returned 1 [0114.274] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x222d980 [0114.274] lstrlenA (lpString="ThunderRT6") returned 10 [0114.274] lstrcpyA (in: lpString1=0x19fa70, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0114.274] lstrlenA (lpString="ThunderRT6") returned 10 [0114.274] lstrcpyA (in: lpString1=0x19fa04, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0114.274] GetClassInfoA (in: hInstance=0x0, lpClassName="Edit", lpWndClass=0x19fa30 | out: lpWndClass=0x19fa30) returned 1 [0114.274] GetClassInfoA (in: hInstance=0x860000, lpClassName="ThunderRT6TextBox", lpWndClass=0x19fa30 | out: lpWndClass=0x19fa30) returned 0 [0114.274] RegisterClassA (lpWndClass=0x19fa30) returned 0xc1ee [0114.274] CreateWindowExA (dwExStyle=0x204, lpClassName=0xc1ee, lpWindowName="0", dwStyle=0x440100e0, X=64, Y=48, nWidth=41, nHeight=19, hWndParent=0x301f8, hMenu=0x2, hInstance=0x860000, lpParam=0x0) returned 0x60346 [0114.275] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x81, wParam=0x0, lParam=0x19f5e8) returned 0x1 [0114.276] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x83, wParam=0x0, lParam=0x19f5d4) returned 0x0 [0114.276] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x1, wParam=0x0, lParam=0x19f5e8) returned 0x1 [0114.278] IsWindow (hWnd=0x60346) returned 1 [0114.278] IsWindow (hWnd=0x60346) returned 1 [0114.279] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xcc, wParam=0x0, lParam=0x0) returned 0x1 [0114.281] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x5, wParam=0x0, lParam=0xf0025) returned 0x0 [0114.282] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x3, wParam=0x0, lParam=0x320042) returned 0x0 [0114.282] CFont::QueryInterface () returned 0x0 [0114.282] CFont::FindConnectionPoint () returned 0x0 [0114.282] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x14) returned 0x222a040 [0114.282] CNotifyCP::Advise () returned 0x0 [0114.282] CFont::get_hFont () returned 0x0 [0114.282] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x30, wParam=0x320a08c8, lParam=0x0) returned 0x1 [0114.284] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd3, wParam=0xffff, lParam=0x0) returned 0x0 [0114.284] CFontEventsCP::Release () returned 0x0 [0114.284] Release () returned 0x1 [0114.284] ShowWindow (hWnd=0x60346, nCmdShow=5) returned 0 [0114.285] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0114.285] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xdc) returned 0x2a43880 [0114.285] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x2229ec0 [0114.285] lstrlenA (lpString="ThunderRT6") returned 10 [0114.285] lstrcpyA (in: lpString1=0x19fa70, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0114.285] CreateWindowExA (dwExStyle=0x4, lpClassName=0xc1ed, lpWindowName=0x0, dwStyle=0x44010000, X=576, Y=136, nWidth=0, nHeight=0, hWndParent=0x301f8, hMenu=0x3, hInstance=0x860000, lpParam=0x0) returned 0x30336 [0114.286] SetTimer (hWnd=0x30336, nIDEvent=0x30336, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x30336 [0114.286] NtdllDefWindowProc_A (hWnd=0x30336, Msg=0x81, wParam=0x0, lParam=0x19f5e8) returned 0x1 [0114.287] NtdllDefWindowProc_A (hWnd=0x30336, Msg=0x83, wParam=0x0, lParam=0x19f5d4) returned 0x0 [0114.287] NtdllDefWindowProc_A (hWnd=0x30336, Msg=0x1, wParam=0x0, lParam=0x19f5e8) returned 0x0 [0114.288] NtdllDefWindowProc_A (hWnd=0x30336, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0114.288] NtdllDefWindowProc_A (hWnd=0x30336, Msg=0x3, wParam=0x0, lParam=0x880240) returned 0x0 [0114.288] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xdc) returned 0x2a43968 [0114.288] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x222a0a0 [0114.289] CFont::Clone () returned 0x0 [0114.289] CFont::SetRatio () returned 0x0 [0114.289] lstrlenA (lpString="Unicorn") returned 7 [0114.289] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x8) returned 0x2a43a50 [0114.289] CFont::QueryInterface () returned 0x0 [0114.289] CFont::Load () returned 0x0 [0114.289] Release () returned 0x1 [0114.289] CFont::QueryInterface () returned 0x0 [0114.289] CFont::FindConnectionPoint () returned 0x0 [0114.289] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x14) returned 0x222a0c0 [0114.289] CNotifyCP::Advise () returned 0x0 [0114.289] CFont::get_hFont () returned 0x0 [0114.289] CFontEventsCP::Release () returned 0x0 [0114.290] Release () returned 0x1 [0114.290] GetClientRect (in: hWnd=0x301f8, lpRect=0x19fbe0 | out: lpRect=0x19fbe0) returned 1 [0114.290] MapWindowPoints (in: hWndFrom=0x301f8, hWndTo=0x0, lpPoints=0x19fbe0, cPoints=0x2 | out: lpPoints=0x19fbe0) returned 0 [0114.290] EqualRect (lprc1=0x19fbe0, lprc2=0x19fbc0) returned 1 [0114.290] SetEvent (hEvent=0x1ac) returned 1 [0114.290] CPicture::get_hPal () returned 0x0 [0114.290] CPicture::AddRef () returned 0x2 [0114.290] CPicture::get_Type () returned 0x0 [0114.290] CPicture::get_CurDC () returned 0x0 [0114.290] CPicture::AddRef () returned 0x3 [0114.290] CPicture::Release () returned 0x2 [0114.290] CPicture::get_Type () returned 0x0 [0114.290] CPicture::QueryInterface () returned 0x0 [0114.290] CPicture::FindConnectionPoint () returned 0x0 [0114.290] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x10) returned 0x222b110 [0114.290] CNotifyCP::Advise () returned 0x0 [0114.290] Release () returned 0x2 [0114.290] InvalidateRect (hWnd=0x301f8, lpRect=0x0, bErase=1) returned 1 [0114.290] UpdateWindow (hWnd=0x301f8) returned 1 [0114.291] CPicture::Release () returned 0x1 [0114.291] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xc5, wParam=0x0, lParam=0x0) returned 0x1 [0114.291] GetFocus () returned 0x0 [0114.291] IsIconic (hWnd=0x301f8) returned 0 [0114.291] IsZoomed (hWnd=0x301f8) returned 0 [0114.291] GetClientRect (in: hWnd=0x301f8, lpRect=0x19fbd4 | out: lpRect=0x19fbd4) returned 1 [0114.291] GetWindow (hWnd=0x301f8, uCmd=0x5) returned 0x30378 [0114.291] GetWindow (hWnd=0x30378, uCmd=0x2) returned 0x60346 [0114.291] GetParent (hWnd=0x30378) returned 0x301f8 [0114.291] GetWindow (hWnd=0x60346, uCmd=0x2) returned 0x30336 [0114.291] GetParent (hWnd=0x60346) returned 0x301f8 [0114.291] GetWindow (hWnd=0x30336, uCmd=0x2) returned 0x0 [0114.291] GetParent (hWnd=0x30336) returned 0x301f8 [0114.293] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f930 | out: lpRect=0x19f930) returned 1 [0114.293] OleTranslateColor () returned 0x0 [0114.293] OleTranslateColor () returned 0x0 [0114.293] OleTranslateColor () returned 0x0 [0114.293] OleTranslateColor () returned 0x0 [0114.294] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0114.294] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0114.294] CPicture::get_Type () returned 0x0 [0114.294] CPicture::get_Type () returned 0x0 [0114.294] CPicture::get_Width () returned 0x0 [0114.294] CPicture::get_Height () returned 0x0 [0114.294] CPicture::get_Attributes () returned 0x0 [0114.294] CPicture::Render () returned 0x0 [0114.295] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0114.295] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0114.295] GetClipBox (in: hdc=0xdb010907, lprect=0x19f950 | out: lprect=0x19f950) returned 1 [0114.295] OleTranslateColor () returned 0x0 [0114.295] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0114.295] SetErrorMode (uMode=0x8001) returned 0x8001 [0114.295] LoadLibraryA (lpLibFileName="user32") returned 0x77be0000 [0114.295] SetErrorMode (uMode=0x8001) returned 0x8001 [0114.295] GetProcAddress (hModule=0x77be0000, lpProcName="GetWindowLongA") returned 0x77c11db0 [0114.296] GetWindowLongA (hWnd=0x301f8, nIndex=-20) returned 0 [0114.296] GetLastError () returned 0x0 [0114.296] SetErrorMode (uMode=0x8001) returned 0x8001 [0114.296] LoadLibraryA (lpLibFileName="user32") returned 0x77be0000 [0114.296] SetErrorMode (uMode=0x8001) returned 0x8001 [0114.296] GetProcAddress (hModule=0x77be0000, lpProcName="SetWindowLongA") returned 0x77c051b0 [0114.296] SetWindowLongA (hWnd=0x301f8, nIndex=-20, dwNewLong=524288) returned 0 [0114.296] GetCapture () returned 0x0 [0114.296] GetCapture () returned 0x0 [0114.296] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x7c, wParam=0xffffffec, lParam=0x19f9fc) returned 0x0 [0114.298] GetCapture () returned 0x0 [0114.298] GetCapture () returned 0x0 [0114.298] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x7d, wParam=0xffffffec, lParam=0x19f9fc) returned 0x0 [0114.299] GetLastError () returned 0x0 [0114.299] SetErrorMode (uMode=0x8001) returned 0x8001 [0114.299] LoadLibraryA (lpLibFileName="user32") returned 0x77be0000 [0114.299] SetErrorMode (uMode=0x8001) returned 0x8001 [0114.299] GetProcAddress (hModule=0x77be0000, lpProcName="SetLayeredWindowAttributes") returned 0x77c1f010 [0114.299] SetLayeredWindowAttributes (hwnd=0x301f8, crKey=0xff78ff, bAlpha=0x32, dwFlags=0x2) returned 1 [0114.301] GetLastError () returned 0x0 [0114.301] GetCurrentThreadId () returned 0x17e4 [0114.301] GetWindow (hWnd=0x301f8, uCmd=0x4) returned 0x40330 [0114.301] IsIconic (hWnd=0x40330) returned 0 [0114.301] MonitorFromWindow (hwnd=0x301f8, dwFlags=0x2) returned 0x10001 [0114.301] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x19fb28 | out: lpmi=0x19fb28) returned 1 [0114.301] GetWindowRect (in: hWnd=0x40330, lpRect=0x19fb50 | out: lpRect=0x19fb50) returned 1 [0114.303] SetWindowPos (hWnd=0x301f8, hWndInsertAfter=0x0, X=346, Y=110, cx=0, cy=0, uFlags=0x15) returned 1 [0114.304] GetCapture () returned 0x0 [0114.304] GetCapture () returned 0x0 [0114.304] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x46, wParam=0x0, lParam=0x19fad4) returned 0x0 [0114.305] GetCapture () returned 0x0 [0114.305] GetCapture () returned 0x0 [0114.305] GetParent (hWnd=0x301f8) returned 0x0 [0114.305] GetWindowRect (in: hWnd=0x301f8, lpRect=0x19f680 | out: lpRect=0x19f680) returned 1 [0114.306] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x47, wParam=0x0, lParam=0x19fad4) returned 0x0 [0114.306] GetCapture () returned 0x0 [0114.306] GetCapture () returned 0x0 [0114.306] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x3, wParam=0x0, lParam=0x6e015a) returned 0x0 [0114.306] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 100663296 [0114.306] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f6f0 | out: lpRect=0x19f6f0) returned 1 [0114.306] MapWindowPoints (in: hWndFrom=0x301f8, hWndTo=0x0, lpPoints=0x19f6f0, cPoints=0x2 | out: lpPoints=0x19f6f0) returned 7209306 [0114.306] ShowWindow (hWnd=0x301f8, nCmdShow=1) returned 0 [0114.306] GetCapture () returned 0x0 [0114.306] GetCapture () returned 0x0 [0114.306] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0114.307] GetCapture () returned 0x0 [0114.307] GetCapture () returned 0x0 [0114.307] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x46, wParam=0x0, lParam=0x19fb24) returned 0x0 [0114.313] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x46, wParam=0x0, lParam=0x19fb24) returned 0x0 [0114.320] GetCapture () returned 0x0 [0114.320] GetCapture () returned 0x0 [0114.320] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x46, wParam=0x0, lParam=0x19fb24) returned 0x0 [0114.329] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x46, wParam=0x0, lParam=0x19fb24) returned 0x0 [0114.330] GetWindowLongA (hWnd=0x40340, nIndex=0) returned 35790468 [0114.330] GetCapture () returned 0x0 [0114.330] GetCapture () returned 0x0 [0114.330] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0114.330] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0114.331] GetCapture () returned 0x0 [0114.331] GetCapture () returned 0x0 [0114.331] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1 [0114.332] GetCapture () returned 0x0 [0114.332] GetCapture () returned 0x0 [0114.332] IsIconic (hWnd=0x301f8) returned 0 [0114.332] GetFocus () returned 0x0 [0114.333] GetWindowLongA (hWnd=0x30378, nIndex=-16) returned 1140916224 [0114.333] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0114.333] IsWindowVisible (hWnd=0x60346) returned 1 [0114.333] IsWindowEnabled (hWnd=0x60346) returned 1 [0114.333] GetParent (hWnd=0x60346) returned 0x301f8 [0114.352] IsWindowEnabled (hWnd=0x301f8) returned 1 [0114.352] GetParent (hWnd=0x301f8) returned 0x0 [0114.352] GetWindowLongA (hWnd=0x30336, nIndex=-16) returned 1140916224 [0114.352] GetFocus () returned 0x0 [0114.352] IsWindowEnabled (hWnd=0x60346) returned 1 [0114.352] GetWindowThreadProcessId (in: hWnd=0x60346, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x17e4 [0114.352] GetCurrentThreadId () returned 0x17e4 [0114.352] SetFocus (hWnd=0x60346) returned 0x0 [0114.487] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0114.533] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0114.533] GetFocus () returned 0x60346 [0114.534] GetCaretPos (in: lpPoint=0x19e7d8 | out: lpPoint=0x19e7d8) returned 1 [0114.534] GetFocus () returned 0x60346 [0114.534] GetCaretPos (in: lpPoint=0x19f018 | out: lpPoint=0x19f018) returned 1 [0114.534] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x1 [0114.535] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x282, wParam=0xa, lParam=0x0) returned 0x0 [0114.535] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x282, wParam=0xf, lParam=0x30309) returned 0x0 [0114.536] GetFocus () returned 0x60346 [0114.536] GetCaretPos (in: lpPoint=0x19e318 | out: lpPoint=0x19e318) returned 1 [0114.537] GetFocus () returned 0x60346 [0114.537] GetCaretPos (in: lpPoint=0x19eeb8 | out: lpPoint=0x19eeb8) returned 1 [0114.538] GetCapture () returned 0x0 [0114.538] GetCapture () returned 0x0 [0114.538] IsWindow (hWnd=0x60346) returned 1 [0114.538] OleTranslateColor () returned 0x0 [0114.538] OleTranslateColor () returned 0x0 [0114.538] SetTextColor (hdc=0x400108d1, color=0x0) returned 0x0 [0114.538] SetBkColor (hdc=0x400108d1, color=0xffffff) returned 0xffffff [0114.538] OleTranslateColor () returned 0x0 [0114.667] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x282, wParam=0xb, lParam=0x0) returned 0x0 [0114.667] GetFocus () returned 0x60346 [0114.667] GetCaretPos (in: lpPoint=0x19ee00 | out: lpPoint=0x19ee00) returned 1 [0114.668] GetCapture () returned 0x0 [0114.668] GetCapture () returned 0x0 [0114.668] IsWindow (hWnd=0x60346) returned 1 [0114.668] IsWindow (hWnd=0x60346) returned 1 [0114.668] IsWindowEnabled (hWnd=0x301f8) returned 1 [0114.668] PostMessageA (hWnd=0x301f8, Msg=0x100e, wParam=0xa, lParam=0x0) returned 1 [0114.668] IsIconic (hWnd=0x301f8) returned 0 [0114.669] PostMessageA (hWnd=0x60346, Msg=0x100e, wParam=0x3, lParam=0x0) returned 1 [0114.669] GetFocus () returned 0x60346 [0114.669] GetCaretPos (in: lpPoint=0x19f4ac | out: lpPoint=0x19f4ac) returned 1 [0114.669] PostMessageA (hWnd=0x301f8, Msg=0x105a, wParam=0x0, lParam=0x0) returned 1 [0114.670] GetCapture () returned 0x0 [0114.670] GetCapture () returned 0x0 [0114.670] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0114.670] GetCapture () returned 0x0 [0114.670] GetCapture () returned 0x0 [0114.670] IsIconic (hWnd=0x301f8) returned 0 [0114.670] IsIconic (hWnd=0x301f8) returned 0 [0114.670] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0114.671] GetFocus () returned 0x60346 [0114.671] GetCaretPos (in: lpPoint=0x19f8d4 | out: lpPoint=0x19f8d4) returned 1 [0114.672] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x14, wParam=0x400108d1, lParam=0x0) returned 0x1 [0114.672] GetFocus () returned 0x60346 [0114.672] GetCaretPos (in: lpPoint=0x19f8d4 | out: lpPoint=0x19f8d4) returned 1 [0114.672] GetCapture () returned 0x0 [0114.672] GetCapture () returned 0x0 [0114.672] GetParent (hWnd=0x301f8) returned 0x0 [0114.672] GetWindowRect (in: hWnd=0x301f8, lpRect=0x19f6d0 | out: lpRect=0x19f6d0) returned 1 [0114.672] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x47, wParam=0x0, lParam=0x19fb24) returned 0x0 [0114.672] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0114.672] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f740 | out: lpRect=0x19f740) returned 1 [0114.672] MapWindowPoints (in: hWndFrom=0x301f8, hWndTo=0x0, lpPoints=0x19f740, cPoints=0x2 | out: lpPoints=0x19f740) returned 7209306 [0114.673] GetCapture () returned 0x0 [0114.673] GetCapture () returned 0x0 [0114.673] CPicture::get_Attributes () returned 0x0 [0114.673] IsWindowVisible (hWnd=0x301f8) returned 1 [0114.673] IsIconic (hWnd=0x301f8) returned 0 [0114.673] IsZoomed (hWnd=0x301f8) returned 0 [0114.673] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x5, wParam=0x0, lParam=0x2a902ec) returned 0x0 [0114.673] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f71c | out: lpRect=0x19f71c) returned 1 [0114.673] GetWindow (hWnd=0x301f8, uCmd=0x5) returned 0x30378 [0114.673] GetWindow (hWnd=0x30378, uCmd=0x2) returned 0x60346 [0114.673] GetParent (hWnd=0x30378) returned 0x301f8 [0114.673] GetWindow (hWnd=0x60346, uCmd=0x2) returned 0x30336 [0114.673] GetParent (hWnd=0x60346) returned 0x301f8 [0114.673] GetWindow (hWnd=0x30336, uCmd=0x2) returned 0x0 [0114.673] GetParent (hWnd=0x30336) returned 0x301f8 [0114.674] GetCapture () returned 0x0 [0114.674] GetCapture () returned 0x0 [0114.674] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x3, wParam=0x0, lParam=0x6e015a) returned 0x0 [0114.674] GetCurrentThreadId () returned 0x17e4 [0114.674] PostThreadMessageA (idThread=0x17e4, Msg=0x1069, wParam=0x0, lParam=0x0) returned 1 [0114.674] GetCurrentProcessId () returned 0x17f8 [0114.674] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x18) returned 0x2229ee0 [0114.674] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xc) returned 0x222b050 [0114.674] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0114.675] IsWindow (hWnd=0x301f8) returned 1 [0114.675] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0114.675] IsIconic (hWnd=0x301f8) returned 0 [0114.675] GetParent (hWnd=0x301f8) returned 0x0 [0114.675] TranslateMessage (lpMsg=0x19fe40) returned 0 [0114.675] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0114.675] GetCapture () returned 0x0 [0114.675] GetCapture () returned 0x0 [0114.675] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0114.691] IsWindow (hWnd=0x60346) returned 1 [0114.691] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0114.691] IsIconic (hWnd=0x301f8) returned 0 [0114.691] GetParent (hWnd=0x60346) returned 0x301f8 [0114.691] TranslateMessage (lpMsg=0x19fe40) returned 0 [0114.691] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0114.691] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0114.691] IsWindow (hWnd=0x301f8) returned 1 [0114.691] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0114.691] IsIconic (hWnd=0x301f8) returned 0 [0114.691] GetParent (hWnd=0x301f8) returned 0x0 [0114.691] TranslateMessage (lpMsg=0x19fe40) returned 0 [0114.692] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0114.692] GetCapture () returned 0x0 [0114.692] GetCapture () returned 0x0 [0114.692] GetActiveWindow () returned 0x301f8 [0114.692] GetWindowThreadProcessId (in: hWnd=0x301f8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x17e4 [0114.692] GetFocus () returned 0x60346 [0114.693] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0114.693] TranslateMessage (lpMsg=0x19fe40) returned 0 [0114.693] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0114.693] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0114.694] IsWindow (hWnd=0x301f8) returned 1 [0114.694] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0114.694] IsIconic (hWnd=0x301f8) returned 0 [0114.694] GetParent (hWnd=0x301f8) returned 0x0 [0114.694] TranslateMessage (lpMsg=0x19fe40) returned 0 [0114.694] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0114.694] GetCapture () returned 0x0 [0114.694] GetCapture () returned 0x0 [0114.694] IsIconic (hWnd=0x301f8) returned 0 [0114.694] GetUpdateRect (in: hWnd=0x301f8, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0114.694] BeginPaint (in: hWnd=0x301f8, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0xdb010907 [0114.695] IsIconic (hWnd=0x301f8) returned 0 [0114.695] IsIconic (hWnd=0x301f8) returned 0 [0114.695] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0114.695] OleTranslateColor () returned 0x0 [0114.695] OleTranslateColor () returned 0x0 [0114.695] OleTranslateColor () returned 0x0 [0114.695] OleTranslateColor () returned 0x0 [0114.695] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0114.695] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0114.695] CPicture::get_Type () returned 0x0 [0114.695] CPicture::get_Type () returned 0x0 [0114.695] CPicture::get_Width () returned 0x0 [0114.696] CPicture::get_Height () returned 0x0 [0114.696] CPicture::get_Attributes () returned 0x0 [0114.696] CPicture::Render () returned 0x0 [0114.790] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0114.790] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0114.790] GetClipBox (in: hdc=0xdb010907, lprect=0x19fa20 | out: lprect=0x19fa20) returned 3 [0114.790] SaveDC (hdc=0xdb010907) returned 1 [0114.790] SelectObject (hdc=0xdb010907, h=0x900015) returned 0x900015 [0114.790] SelectObject (hdc=0xdb010907, h=0xb00016) returned 0x4f3006ac [0114.790] SetROP2 (hdc=0xdb010907, rop2=13) returned 13 [0114.790] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0114.790] OleTranslateColor () returned 0x0 [0114.790] OleTranslateColor () returned 0x0 [0114.790] SetTextColor (hdc=0xdb010907, color=0xff00ff) returned 0x0 [0114.791] SetBkColor (hdc=0xdb010907, color=0xf0f0f0) returned 0x0 [0114.791] SetBkMode (hdc=0xdb010907, mode=1) returned 1 [0114.791] SelectObject (hdc=0xdb010907, h=0x580a0902) returned 0x320a08c8 [0114.791] GetViewportExtEx (in: hdc=0xdb010907, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0114.791] GetWindowExtEx (in: hdc=0xdb010907, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0114.791] SaveDC (hdc=0xdb010907) returned 2 [0114.791] IntersectClipRect (hdc=0xdb010907, left=72, top=296, right=769, bottom=385) returned 3 [0114.791] lstrlenA (lpString="Unicorn") returned 7 [0114.791] GetTextMetricsA (in: hdc=0xdb010907, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0114.793] GetTextExtentPointA (in: hdc=0xdb010907, lpString="Unicorn", c=7, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0114.795] TextOutA (hdc=0xdb010907, x=72, y=296, lpString="Unicorn", c=7) returned 1 [0114.795] GetTextExtentPointA (in: hdc=0xdb010907, lpString="Unicorn", c=7, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0114.795] RestoreDC (hdc=0xdb010907, nSavedDC=-1) returned 1 [0114.795] SetTextColor (hdc=0xdb010907, color=0x0) returned 0xff00ff [0114.795] SetBkColor (hdc=0xdb010907, color=0x0) returned 0xf0f0f0 [0114.796] SelectObject (hdc=0xdb010907, h=0x320a08c8) returned 0x580a0902 [0114.796] RestoreDC (hdc=0xdb010907, nSavedDC=1) returned 1 [0114.796] EndPaint (hWnd=0x301f8, lpPaint=0x19fab0) returned 1 [0114.796] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0114.797] IsWindow (hWnd=0x60346) returned 1 [0114.797] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0114.797] IsIconic (hWnd=0x301f8) returned 0 [0114.797] GetParent (hWnd=0x60346) returned 0x301f8 [0114.797] TranslateMessage (lpMsg=0x19fe40) returned 0 [0114.797] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0114.797] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0114.798] GetCapture () returned 0x0 [0114.798] GetCapture () returned 0x0 [0114.798] IsWindow (hWnd=0x60346) returned 1 [0114.798] OleTranslateColor () returned 0x0 [0114.798] OleTranslateColor () returned 0x0 [0114.798] SetTextColor (hdc=0x400108d1, color=0x0) returned 0x0 [0114.798] SetBkColor (hdc=0x400108d1, color=0xffffff) returned 0xffffff [0114.798] OleTranslateColor () returned 0x0 [0114.799] GetCapture () returned 0x0 [0114.799] GetCapture () returned 0x0 [0114.799] IsWindow (hWnd=0x60346) returned 1 [0114.799] OleTranslateColor () returned 0x0 [0114.799] OleTranslateColor () returned 0x0 [0114.799] SetTextColor (hdc=0x400108d1, color=0x0) returned 0x0 [0114.799] SetBkColor (hdc=0x400108d1, color=0xffffff) returned 0xffffff [0114.799] OleTranslateColor () returned 0x0 [0114.800] GetFocus () returned 0x60346 [0114.800] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0114.801] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0114.801] GetTickCount () returned 0x1cc50e1 [0114.801] GetTickCount () returned 0x1cc50e1 [0114.801] GetTickCount () returned 0x1cc50e1 [0114.801] CoFreeUnusedLibraries () [0114.801] GetTickCount () returned 0x1cc50e1 [0114.801] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0114.801] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0114.801] WaitMessage () returned 1 [0114.909] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0114.909] IsWindow (hWnd=0x3033c) returned 1 [0114.909] GetWindowLongA (hWnd=0x3033c, nIndex=-16) returned -1946157056 [0114.910] GetParent (hWnd=0x3033c) returned 0x4032e [0114.910] TranslateMessage (lpMsg=0x19fe40) returned 0 [0114.910] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0114.910] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0114.910] GetTickCount () returned 0x1cc514f [0114.910] GetTickCount () returned 0x1cc514f [0114.910] GetTickCount () returned 0x1cc514f [0114.910] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0114.910] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0114.910] WaitMessage () returned 1 [0115.318] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0115.318] IsWindow (hWnd=0x60346) returned 1 [0115.318] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0115.318] IsIconic (hWnd=0x301f8) returned 0 [0115.319] GetParent (hWnd=0x60346) returned 0x301f8 [0115.319] TranslateMessage (lpMsg=0x19fe40) returned 0 [0115.319] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0115.319] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0115.319] GetTickCount () returned 0x1cc52f4 [0115.319] GetTickCount () returned 0x1cc52f4 [0115.319] GetTickCount () returned 0x1cc52f4 [0115.320] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0115.320] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0115.320] WaitMessage () returned 1 [0115.850] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0115.850] IsWindow (hWnd=0x60346) returned 1 [0115.850] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0115.850] IsIconic (hWnd=0x301f8) returned 0 [0115.850] GetParent (hWnd=0x60346) returned 0x301f8 [0115.850] TranslateMessage (lpMsg=0x19fe40) returned 0 [0115.850] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0115.851] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0115.851] GetTickCount () returned 0x1cc5508 [0115.851] GetTickCount () returned 0x1cc5508 [0115.851] GetTickCount () returned 0x1cc5508 [0115.851] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0115.851] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0115.851] WaitMessage () returned 1 [0116.377] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0116.377] IsWindow (hWnd=0x60346) returned 1 [0116.377] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0116.377] IsIconic (hWnd=0x301f8) returned 0 [0116.377] GetParent (hWnd=0x60346) returned 0x301f8 [0116.377] TranslateMessage (lpMsg=0x19fe40) returned 0 [0116.377] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0116.378] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0116.378] GetTickCount () returned 0x1cc571b [0116.378] GetTickCount () returned 0x1cc571b [0116.378] GetTickCount () returned 0x1cc571b [0116.378] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0116.378] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0116.378] WaitMessage () returned 1 [0116.975] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0116.975] IsWindow (hWnd=0x60346) returned 1 [0116.975] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0116.975] IsIconic (hWnd=0x301f8) returned 0 [0116.975] GetParent (hWnd=0x60346) returned 0x301f8 [0116.976] TranslateMessage (lpMsg=0x19fe40) returned 0 [0116.976] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0116.976] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0116.976] GetTickCount () returned 0x1cc596d [0116.976] GetTickCount () returned 0x1cc596d [0116.976] GetTickCount () returned 0x1cc596d [0116.976] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0116.976] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0116.976] WaitMessage () returned 1 [0117.285] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0117.285] IsWindow (hWnd=0x30336) returned 1 [0117.285] GetWindowLongA (hWnd=0x30336, nIndex=-16) returned 1140916224 [0117.285] IsIconic (hWnd=0x301f8) returned 0 [0117.285] GetParent (hWnd=0x30336) returned 0x301f8 [0117.285] TranslateMessage (lpMsg=0x19fe40) returned 0 [0117.285] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0117.286] KillTimer (hWnd=0x30336, uIDEvent=0x30336) returned 1 [0117.286] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0xa, wMilliseconds=0x388)) [0117.288] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0xfc) returned 0x2a43a60 [0117.288] GetCurrentThreadId () returned 0x17e4 [0117.288] GetCurrentThreadId () returned 0x17e4 [0117.288] GetCurrentThreadId () returned 0x17e4 [0117.288] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xf) returned 0x222b0e0 [0117.288] SetWindowTextA (hWnd=0x40330, lpString="Kawaii-Unicorn") returned 1 [0117.288] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0xc, wParam=0x0, lParam=0x222b0e0) returned 0x1 [0117.290] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1) returned 0x2a43b68 [0117.290] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xf) returned 0x222b200 [0117.290] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xf) returned 0x222b038 [0117.290] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x8, Size=0x15) returned 0x222a160 [0117.290] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0117.292] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0117.292] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0117.292] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0117.293] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0117.293] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0117.294] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43be8 [0117.294] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0117.296] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0117.296] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0117.297] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0117.297] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0117.297] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0117.299] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0117.299] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned 0x2c [0117.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", cchWideChar=45, lpMultiByteStr=0x5c92ac, cbMultiByte=89, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", lpUsedDefaultChar=0x0) returned 45 [0117.299] lstrcmpA (lpString1="Unicorn", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned 1 [0117.300] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned 44 [0117.300] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0117.300] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0117.300] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0117.300] InvalidateRect (hWnd=0x301f8, lpRect=0x19f8e8, bErase=1) returned 1 [0117.300] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0117.300] GetFocus () returned 0x60346 [0117.301] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0117.301] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x2a43a50 [0117.301] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd, wParam=0x2, lParam=0x2a43a50) returned 0x1 [0117.301] GetFocus () returned 0x60346 [0117.301] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0117.301] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="0", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0117.301] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="0", cbMultiByte=-1, lpWideCharStr=0x5a9f94, cchWideChar=2 | out: lpWideCharStr="0") returned 2 [0117.301] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0117.301] GetUserDefaultLCID () returned 0x409 [0117.301] VarR8FromStr (in: strIn="0", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0117.301] GetUserDefaultLCID () returned 0x409 [0117.301] VarBstrFromR8 (in: dblIn=0x0, lcid=0x3ff00000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0117.301] SysStringLen (param_1="1") returned 0x1 [0117.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=2, lpMultiByteStr=0x5c94bc, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="1", lpUsedDefaultChar=0x0) returned 2 [0117.302] SetWindowTextA (hWnd=0x60346, lpString="1") returned 1 [0117.302] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0117.302] GetFocus () returned 0x60346 [0117.302] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0117.302] lstrlenA (lpString="1") returned 1 [0117.302] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x2a43a50 [0117.302] GetWindowTextA (in: hWnd=0x60346, lpString=0x2a43a50, nMaxCount=2 | out: lpString="0") returned 1 [0117.302] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd, wParam=0x2, lParam=0x2a43a50) returned 0x1 [0117.302] GetFocus () returned 0x60346 [0117.302] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0117.302] lstrcmpA (lpString1="0", lpString2="1") returned -1 [0117.302] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0117.302] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xc, wParam=0x0, lParam=0x5c94bc) returned 0x1 [0117.303] GetCapture () returned 0x0 [0117.303] GetCapture () returned 0x0 [0117.303] IsWindow (hWnd=0x60346) returned 1 [0117.303] IsWindow (hWnd=0x60346) returned 1 [0117.303] GetCapture () returned 0x0 [0117.303] GetCapture () returned 0x0 [0117.303] IsWindow (hWnd=0x60346) returned 1 [0117.303] IsWindow (hWnd=0x60346) returned 1 [0117.303] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0xa, wMilliseconds=0x397)) [0117.303] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0117.303] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0117.303] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0117.303] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0117.303] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0117.304] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0117.305] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0117.305] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0117.306] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0117.306] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0117.306] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0117.306] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0117.306] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0117.306] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0117.306] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0117.306] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0117.306] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0117.306] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0117.307] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b0f8 [0117.308] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0117.308] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0117.308] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0117.308] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x5a9cc4, cchWideChar=14 | out: lpWideCharStr="Unicorn-32917") returned 14 [0117.308] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x222b0f8 | out: hHeap=0x2220000) returned 1 [0117.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpUsedDefaultChar=0x0) returned 45 [0117.309] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpFilePart=0x19e9fc*="Unicorn-32917.exe") returned 0x2c [0117.310] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0117.311] GetLastError () returned 0x20 [0117.311] GetLastError () returned 0x20 [0117.311] SetLastError (dwErrCode=0x20) [0117.311] GetLastError () returned 0x20 [0117.312] SetLastError (dwErrCode=0x20) [0117.312] GetLastError () returned 0x20 [0117.312] SetLastError (dwErrCode=0x20) [0117.312] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0117.312] GetLastError () returned 0x20 [0117.312] GetLastError () returned 0x20 [0117.312] SetLastError (dwErrCode=0x20) [0117.312] GetLastError () returned 0x20 [0117.312] SetLastError (dwErrCode=0x20) [0117.312] GetLastError () returned 0x20 [0117.312] SetLastError (dwErrCode=0x20) [0117.312] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0117.313] GetFileType (hFile=0x254) returned 0x1 [0117.313] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x5cd990 [0117.313] IMalloc:Realloc (This=0x7627fec4, pv=0x0, cb=0x60) returned 0x5cda08 [0117.313] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0117.313] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75131 [0117.313] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0117.314] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0117.322] ReadFile (in: hFile=0x254, lpBuffer=0x5cda70, nNumberOfBytesToRead=0x75132, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5cda70*, lpNumberOfBytesRead=0x19eb68*=0x75131, lpOverlapped=0x0) returned 1 [0117.367] CloseHandle (hObject=0x254) returned 1 [0117.368] IMalloc:Free (This=0x7627fec4, pv=0x5cd990) [0117.368] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0117.368] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned 44 [0117.368] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0117.368] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned 44 [0117.368] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0117.368] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", cbMultiByte=-1, lpWideCharStr=0x5c92ac, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned 45 [0117.369] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0117.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", lpUsedDefaultChar=0x0) returned 45 [0117.369] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", lpFilePart=0x19e9fc*="Unicorn-44780.exe") returned 0x2c [0117.369] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-44780.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0117.370] GetFileType (hFile=0x254) returned 0x1 [0117.370] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x5cd990 [0117.371] WriteFile (in: hFile=0x254, lpBuffer=0x5cda70*, nNumberOfBytesToWrite=0x75132, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5cda70*, lpNumberOfBytesWritten=0x19e760*=0x75132, lpOverlapped=0x0) returned 1 [0117.392] CloseHandle (hObject=0x254) returned 1 [0117.581] IMalloc:Free (This=0x7627fec4, pv=0x5cd990) [0117.581] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned 44 [0117.581] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0117.581] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned 44 [0117.581] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0117.581] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", cbMultiByte=-1, lpWideCharStr=0x5c92ac, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned 45 [0117.582] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0117.583] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44 | out: lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", lpProcessInformation=0x19ec44*(hProcess=0x258, hThread=0x254, dwProcessId=0x1524, dwThreadId=0x15c8)) returned 1 [0118.312] GetLastError () returned 0x715 [0118.312] WaitForInputIdle (hProcess=0x258, dwMilliseconds=0x2710) returned 0x0 [0124.515] CloseHandle (hObject=0x254) returned 1 [0124.515] CloseHandle (hObject=0x258) returned 1 [0124.516] SafeArrayDestroyDescriptor (psa=0x5c3ef8) returned 0x0 [0124.517] GetFocus () returned 0x60346 [0124.517] GetCaretPos (in: lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1 [0124.517] SetTimer (hWnd=0x30336, nIDEvent=0x30336, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x30336 [0124.518] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0124.522] GetCapture () returned 0x0 [0124.522] GetCapture () returned 0x0 [0124.522] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0124.523] GetCapture () returned 0x0 [0124.523] GetCapture () returned 0x0 [0124.523] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0124.524] GetCapture () returned 0x0 [0124.524] GetCapture () returned 0x0 [0124.524] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x85, wParam=0x3040961, lParam=0x0) returned 0x0 [0124.524] GetCapture () returned 0x0 [0124.524] GetCapture () returned 0x0 [0124.524] IsIconic (hWnd=0x301f8) returned 0 [0124.524] IsIconic (hWnd=0x301f8) returned 0 [0124.525] GetCapture () returned 0x0 [0124.525] GetCapture () returned 0x0 [0124.525] GetParent (hWnd=0x301f8) returned 0x0 [0124.525] GetWindowRect (in: hWnd=0x301f8, lpRect=0x19f910 | out: lpRect=0x19f910) returned 1 [0124.525] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0124.525] GetCapture () returned 0x0 [0124.525] GetCapture () returned 0x0 [0124.525] CPicture::get_Attributes () returned 0x0 [0124.525] IsWindowVisible (hWnd=0x301f8) returned 1 [0124.525] IsIconic (hWnd=0x301f8) returned 0 [0124.525] IsZoomed (hWnd=0x301f8) returned 0 [0124.525] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x5, wParam=0x0, lParam=0x2a902ec) returned 0x0 [0124.525] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f3f0 | out: lpRect=0x19f3f0) returned 1 [0124.525] GetWindow (hWnd=0x301f8, uCmd=0x5) returned 0x30378 [0124.525] GetWindow (hWnd=0x30378, uCmd=0x2) returned 0x60346 [0124.525] GetParent (hWnd=0x30378) returned 0x301f8 [0124.525] GetWindow (hWnd=0x60346, uCmd=0x2) returned 0x30336 [0124.525] GetParent (hWnd=0x60346) returned 0x301f8 [0124.526] GetWindow (hWnd=0x30336, uCmd=0x2) returned 0x0 [0124.526] GetParent (hWnd=0x30336) returned 0x301f8 [0124.526] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0124.526] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f980 | out: lpRect=0x19f980) returned 1 [0124.526] MapWindowPoints (in: hWndFrom=0x301f8, hWndTo=0x0, lpPoints=0x19f980, cPoints=0x2 | out: lpPoints=0x19f980) returned 7209306 [0124.554] GetCapture () returned 0x0 [0124.554] GetCapture () returned 0x0 [0124.554] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0124.554] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0124.554] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0124.555] GetCapture () returned 0x0 [0124.555] GetCapture () returned 0x0 [0124.555] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0124.555] GetCapture () returned 0x0 [0124.555] GetCapture () returned 0x0 [0124.555] IsIconic (hWnd=0x301f8) returned 0 [0124.555] IsIconic (hWnd=0x301f8) returned 0 [0124.555] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0124.556] GetFocus () returned 0x60346 [0124.556] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0124.556] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x14, wParam=0x400108d1, lParam=0x0) returned 0x1 [0124.556] GetFocus () returned 0x60346 [0124.556] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0124.557] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0124.557] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0124.571] IsWindow (hWnd=0x301f8) returned 1 [0124.571] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0124.571] IsIconic (hWnd=0x301f8) returned 0 [0124.571] GetParent (hWnd=0x301f8) returned 0x0 [0124.571] TranslateMessage (lpMsg=0x19fe40) returned 0 [0124.571] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0124.571] GetCapture () returned 0x0 [0124.571] GetCapture () returned 0x0 [0124.571] IsIconic (hWnd=0x301f8) returned 0 [0124.571] GetUpdateRect (in: hWnd=0x301f8, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0124.572] BeginPaint (in: hWnd=0x301f8, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0xdb010907 [0124.572] IsIconic (hWnd=0x301f8) returned 0 [0124.572] IsIconic (hWnd=0x301f8) returned 0 [0124.572] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0124.572] OleTranslateColor () returned 0x0 [0124.572] OleTranslateColor () returned 0x0 [0124.572] OleTranslateColor () returned 0x0 [0124.572] OleTranslateColor () returned 0x0 [0124.572] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0124.572] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0124.572] CPicture::get_Type () returned 0x0 [0124.572] CPicture::get_Type () returned 0x0 [0124.572] CPicture::get_Width () returned 0x0 [0124.572] CPicture::get_Height () returned 0x0 [0124.572] CPicture::get_Attributes () returned 0x0 [0124.572] CPicture::Render () returned 0x0 [0124.584] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0124.584] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0124.584] GetClipBox (in: hdc=0xdb010907, lprect=0x19fa20 | out: lprect=0x19fa20) returned 3 [0124.584] SaveDC (hdc=0xdb010907) returned 1 [0124.584] SelectObject (hdc=0xdb010907, h=0x900015) returned 0x900015 [0124.584] SelectObject (hdc=0xdb010907, h=0xb00016) returned 0x4f3006ac [0124.584] SetROP2 (hdc=0xdb010907, rop2=13) returned 13 [0124.584] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0124.584] OleTranslateColor () returned 0x0 [0124.584] OleTranslateColor () returned 0x0 [0124.584] SetTextColor (hdc=0xdb010907, color=0xff00ff) returned 0x0 [0124.584] SetBkColor (hdc=0xdb010907, color=0xf0f0f0) returned 0x0 [0124.584] SetBkMode (hdc=0xdb010907, mode=1) returned 1 [0124.584] SelectObject (hdc=0xdb010907, h=0x580a0902) returned 0x320a08c8 [0124.584] GetViewportExtEx (in: hdc=0xdb010907, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0124.584] GetWindowExtEx (in: hdc=0xdb010907, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0124.584] SaveDC (hdc=0xdb010907) returned 2 [0124.584] IntersectClipRect (hdc=0xdb010907, left=72, top=296, right=769, bottom=385) returned 3 [0124.584] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned 44 [0124.584] GetTextMetricsA (in: hdc=0xdb010907, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0124.587] GetTextExtentPointA (in: hdc=0xdb010907, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0124.587] TextOutA (hdc=0xdb010907, x=72, y=296, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", c=44) returned 1 [0124.587] GetTextExtentPointA (in: hdc=0xdb010907, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0124.587] RestoreDC (hdc=0xdb010907, nSavedDC=-1) returned 1 [0124.590] SetTextColor (hdc=0xdb010907, color=0x0) returned 0xff00ff [0124.590] SetBkColor (hdc=0xdb010907, color=0x0) returned 0xf0f0f0 [0124.590] SelectObject (hdc=0xdb010907, h=0x320a08c8) returned 0x580a0902 [0124.590] RestoreDC (hdc=0xdb010907, nSavedDC=1) returned 1 [0124.590] EndPaint (hWnd=0x301f8, lpPaint=0x19fab0) returned 1 [0124.590] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0124.590] IsWindow (hWnd=0x60346) returned 1 [0124.590] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0124.590] IsIconic (hWnd=0x301f8) returned 0 [0124.590] GetParent (hWnd=0x60346) returned 0x301f8 [0124.591] TranslateMessage (lpMsg=0x19fe40) returned 0 [0124.591] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0124.591] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0124.591] GetCapture () returned 0x0 [0124.591] GetCapture () returned 0x0 [0124.591] IsWindow (hWnd=0x60346) returned 1 [0124.591] OleTranslateColor () returned 0x0 [0124.591] OleTranslateColor () returned 0x0 [0124.591] SetTextColor (hdc=0x400108d1, color=0x0) returned 0x0 [0124.591] SetBkColor (hdc=0x400108d1, color=0xffffff) returned 0xffffff [0124.591] OleTranslateColor () returned 0x0 [0124.591] GetCapture () returned 0x0 [0124.591] GetCapture () returned 0x0 [0124.591] IsWindow (hWnd=0x60346) returned 1 [0124.591] OleTranslateColor () returned 0x0 [0124.591] OleTranslateColor () returned 0x0 [0124.591] SetTextColor (hdc=0x400108d1, color=0x0) returned 0x0 [0124.591] SetBkColor (hdc=0x400108d1, color=0xffffff) returned 0xffffff [0124.591] OleTranslateColor () returned 0x0 [0124.592] GetFocus () returned 0x60346 [0124.592] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0124.592] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0124.593] IsWindow (hWnd=0x30378) returned 1 [0124.593] GetWindowLongA (hWnd=0x30378, nIndex=-16) returned 1140916224 [0124.593] IsIconic (hWnd=0x301f8) returned 0 [0124.593] GetParent (hWnd=0x30378) returned 0x301f8 [0124.593] TranslateMessage (lpMsg=0x19fe40) returned 0 [0124.593] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0124.593] KillTimer (hWnd=0x30378, uIDEvent=0x30378) returned 1 [0124.593] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0124.593] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0124.593] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0124.593] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0124.593] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0124.594] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0124.594] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0124.594] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0124.595] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0124.595] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0124.595] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0124.595] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0124.595] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0124.595] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0124.595] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0124.595] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0124.595] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0124.595] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0124.595] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b0f8 [0124.595] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0124.596] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0124.596] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0124.596] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x5a9cc4, cchWideChar=14 | out: lpWideCharStr="Unicorn-32917") returned 14 [0124.596] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x222b0f8 | out: hHeap=0x2220000) returned 1 [0124.597] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0124.597] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5c94bc, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0124.597] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0124.598] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x963caf, ExceptionRecord=0x0, ReturnValue=0x0) [0124.598] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0124.598] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5a9cc4, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0124.598] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0124.599] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x963caf, ExceptionRecord=0x0, ReturnValue=0x0) [0124.599] SetTimer (hWnd=0x30378, nIDEvent=0x30378, uElapse=0x2328, lpTimerFunc=0x0) returned 0x30378 [0124.599] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0124.599] GetTickCount () returned 0x1cc7726 [0124.599] GetTickCount () returned 0x1cc7726 [0124.599] GetTickCount () returned 0x1cc7726 [0124.599] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0124.599] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0124.599] WaitMessage () returned 1 [0125.123] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0125.123] IsWindow (hWnd=0x60346) returned 1 [0125.123] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0125.123] IsIconic (hWnd=0x301f8) returned 0 [0125.123] GetParent (hWnd=0x60346) returned 0x301f8 [0125.123] TranslateMessage (lpMsg=0x19fe40) returned 0 [0125.123] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0125.123] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0125.123] GetTickCount () returned 0x1cc7939 [0125.123] GetTickCount () returned 0x1cc7939 [0125.123] GetTickCount () returned 0x1cc7939 [0125.123] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0125.124] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0125.124] WaitMessage () returned 1 [0125.656] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0125.656] IsWindow (hWnd=0x60346) returned 1 [0125.656] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0125.657] IsIconic (hWnd=0x301f8) returned 0 [0125.657] GetParent (hWnd=0x60346) returned 0x301f8 [0125.657] TranslateMessage (lpMsg=0x19fe40) returned 0 [0125.657] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0125.657] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0125.657] GetTickCount () returned 0x1cc7b4d [0125.657] GetTickCount () returned 0x1cc7b4d [0125.657] GetTickCount () returned 0x1cc7b4d [0125.657] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0125.657] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0125.657] WaitMessage () returned 1 [0126.175] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0126.175] IsWindow (hWnd=0x60346) returned 1 [0126.175] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0126.175] IsIconic (hWnd=0x301f8) returned 0 [0126.175] GetParent (hWnd=0x60346) returned 0x301f8 [0126.176] TranslateMessage (lpMsg=0x19fe40) returned 0 [0126.176] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0126.176] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0126.176] GetTickCount () returned 0x1cc7d60 [0126.176] GetTickCount () returned 0x1cc7d60 [0126.176] GetTickCount () returned 0x1cc7d60 [0126.176] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0126.176] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0126.176] WaitMessage () returned 1 [0126.701] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0126.701] IsWindow (hWnd=0x60346) returned 1 [0126.701] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0126.701] IsIconic (hWnd=0x301f8) returned 0 [0126.701] GetParent (hWnd=0x60346) returned 0x301f8 [0126.701] TranslateMessage (lpMsg=0x19fe40) returned 0 [0126.701] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0126.702] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0126.702] GetTickCount () returned 0x1cc7f73 [0126.702] GetTickCount () returned 0x1cc7f73 [0126.702] GetTickCount () returned 0x1cc7f73 [0126.702] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0126.702] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0126.702] WaitMessage () returned 1 [0127.254] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0127.255] IsWindow (hWnd=0x60346) returned 1 [0127.255] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0127.255] IsIconic (hWnd=0x301f8) returned 0 [0127.255] GetParent (hWnd=0x60346) returned 0x301f8 [0127.255] TranslateMessage (lpMsg=0x19fe40) returned 0 [0127.255] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0127.255] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0127.256] GetTickCount () returned 0x1cc8196 [0127.256] GetTickCount () returned 0x1cc8196 [0127.256] GetTickCount () returned 0x1cc8196 [0127.256] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0127.256] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0127.256] WaitMessage () returned 1 [0127.524] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0127.524] IsWindow (hWnd=0x30336) returned 1 [0127.524] GetWindowLongA (hWnd=0x30336, nIndex=-16) returned 1140916224 [0127.524] IsIconic (hWnd=0x301f8) returned 0 [0127.524] GetParent (hWnd=0x30336) returned 0x301f8 [0127.524] TranslateMessage (lpMsg=0x19fe40) returned 0 [0127.524] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0127.525] KillTimer (hWnd=0x30336, uIDEvent=0x30336) returned 1 [0127.525] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0x15, wMilliseconds=0x83)) [0127.526] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0127.527] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0127.527] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0127.527] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0127.527] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0127.528] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0127.528] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0127.528] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0127.529] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0127.529] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0127.529] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0127.529] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0127.529] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0127.529] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0127.529] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe") returned 0x2b [0127.529] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe", cchWideChar=44, lpMultiByteStr=0x5c9244, cbMultiByte=87, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe", lpUsedDefaultChar=0x0) returned 44 [0127.529] lstrcmpA (lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe") returned -1 [0127.530] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe") returned 43 [0127.530] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2c) returned 0x2a43bb0 [0127.530] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0127.530] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0127.530] InvalidateRect (hWnd=0x301f8, lpRect=0x19f8e8, bErase=1) returned 1 [0127.531] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0127.531] GetFocus () returned 0x60346 [0127.531] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0127.531] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x2a43a50 [0127.531] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd, wParam=0x2, lParam=0x2a43a50) returned 0x1 [0127.531] GetFocus () returned 0x60346 [0127.531] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0127.531] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0127.531] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="1", cbMultiByte=-1, lpWideCharStr=0x5a9cc4, cchWideChar=2 | out: lpWideCharStr="1") returned 2 [0127.531] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0127.532] GetUserDefaultLCID () returned 0x409 [0127.532] VarR8FromStr (in: strIn="1", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0127.532] GetUserDefaultLCID () returned 0x409 [0127.532] VarBstrFromR8 (in: dblIn=0x0, lcid=0x40000000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0127.532] SysStringLen (param_1="2") returned 0x1 [0127.532] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="2", cchWideChar=2, lpMultiByteStr=0x5a9f94, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="2", lpUsedDefaultChar=0x0) returned 2 [0127.532] SetWindowTextA (hWnd=0x60346, lpString="2") returned 1 [0127.532] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0127.532] GetFocus () returned 0x60346 [0127.532] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0127.532] lstrlenA (lpString="2") returned 1 [0127.532] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x2a43a50 [0127.532] GetWindowTextA (in: hWnd=0x60346, lpString=0x2a43a50, nMaxCount=2 | out: lpString="1") returned 1 [0127.532] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd, wParam=0x2, lParam=0x2a43a50) returned 0x1 [0127.532] GetFocus () returned 0x60346 [0127.532] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0127.533] lstrcmpA (lpString1="1", lpString2="2") returned -1 [0127.533] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0127.533] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xc, wParam=0x0, lParam=0x5a9f94) returned 0x1 [0127.533] GetCapture () returned 0x0 [0127.533] GetCapture () returned 0x0 [0127.533] IsWindow (hWnd=0x60346) returned 1 [0127.533] IsWindow (hWnd=0x60346) returned 1 [0127.534] GetCapture () returned 0x0 [0127.534] GetCapture () returned 0x0 [0127.534] IsWindow (hWnd=0x60346) returned 1 [0127.534] IsWindow (hWnd=0x60346) returned 1 [0127.534] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0x15, wMilliseconds=0x93)) [0127.534] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0127.534] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0127.534] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0127.534] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0127.534] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0127.534] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0127.534] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0127.535] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0127.536] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0127.536] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0127.536] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0127.536] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0127.536] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0127.536] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0127.536] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0127.536] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0127.536] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0127.536] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0127.536] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b0f8 [0127.537] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0127.537] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0127.537] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0127.537] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x5a9db4, cchWideChar=14 | out: lpWideCharStr="Unicorn-32917") returned 14 [0127.537] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x222b0f8 | out: hHeap=0x2220000) returned 1 [0127.537] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpUsedDefaultChar=0x0) returned 45 [0127.537] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpFilePart=0x19e9fc*="Unicorn-32917.exe") returned 0x2c [0127.538] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0127.539] GetLastError () returned 0x20 [0127.539] GetLastError () returned 0x20 [0127.539] SetLastError (dwErrCode=0x20) [0127.539] GetLastError () returned 0x20 [0127.539] SetLastError (dwErrCode=0x20) [0127.539] GetLastError () returned 0x20 [0127.539] SetLastError (dwErrCode=0x20) [0127.539] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0127.539] GetLastError () returned 0x20 [0127.539] GetLastError () returned 0x20 [0127.540] SetLastError (dwErrCode=0x20) [0127.540] GetLastError () returned 0x20 [0127.540] SetLastError (dwErrCode=0x20) [0127.540] GetLastError () returned 0x20 [0127.540] SetLastError (dwErrCode=0x20) [0127.540] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0127.540] GetFileType (hFile=0x258) returned 0x1 [0127.540] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x5cd990 [0127.541] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0127.541] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75131 [0127.541] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0127.541] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0127.544] ReadFile (in: hFile=0x258, lpBuffer=0x5cda70, nNumberOfBytesToRead=0x75132, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5cda70*, lpNumberOfBytesRead=0x19eb68*=0x75131, lpOverlapped=0x0) returned 1 [0127.562] CloseHandle (hObject=0x258) returned 1 [0127.562] IMalloc:Free (This=0x7627fec4, pv=0x5cd990) [0127.562] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0127.562] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe") returned 43 [0127.562] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2c) returned 0x2a43b78 [0127.562] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe") returned 43 [0127.562] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 44 [0127.562] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe", cbMultiByte=-1, lpWideCharStr=0x5c9244, cchWideChar=44 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe") returned 44 [0127.563] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0127.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe", lpUsedDefaultChar=0x0) returned 44 [0127.563] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe", lpFilePart=0x19e9fc*="Unicorn-7945.exe") returned 0x2b [0127.564] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-7945.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0127.565] GetFileType (hFile=0x258) returned 0x1 [0127.565] IMalloc:Alloc (This=0x7627fec4, cb=0x68) returned 0x5cd990 [0127.565] WriteFile (in: hFile=0x258, lpBuffer=0x5cda70*, nNumberOfBytesToWrite=0x75132, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5cda70*, lpNumberOfBytesWritten=0x19e760*=0x75132, lpOverlapped=0x0) returned 1 [0127.582] CloseHandle (hObject=0x258) returned 1 [0127.917] IMalloc:Free (This=0x7627fec4, pv=0x5cd990) [0127.918] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe") returned 43 [0127.918] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2c) returned 0x2a43b78 [0127.918] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe") returned 43 [0127.918] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 44 [0127.918] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe", cbMultiByte=-1, lpWideCharStr=0x5c9244, cchWideChar=44 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe") returned 44 [0127.919] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0127.919] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44 | out: lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe", lpProcessInformation=0x19ec44*(hProcess=0x254, hThread=0x258, dwProcessId=0x1428, dwThreadId=0x14b8)) returned 1 [0128.234] GetLastError () returned 0x715 [0128.234] WaitForInputIdle (hProcess=0x254, dwMilliseconds=0x2710) returned 0x0 [0139.467] CloseHandle (hObject=0x258) returned 1 [0139.467] CloseHandle (hObject=0x254) returned 1 [0139.468] SafeArrayDestroyDescriptor (psa=0x5c3b68) returned 0x0 [0139.468] GetFocus () returned 0x60346 [0139.468] GetCaretPos (in: lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1 [0139.469] SetTimer (hWnd=0x30336, nIDEvent=0x30336, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x30336 [0139.469] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0139.514] GetCapture () returned 0x0 [0139.514] GetCapture () returned 0x0 [0139.514] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0139.515] GetCapture () returned 0x0 [0139.515] GetCapture () returned 0x0 [0139.515] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0139.516] GetCapture () returned 0x0 [0139.516] GetCapture () returned 0x0 [0139.516] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x85, wParam=0x8040a34, lParam=0x0) returned 0x0 [0139.516] GetCapture () returned 0x0 [0139.516] GetCapture () returned 0x0 [0139.517] IsIconic (hWnd=0x301f8) returned 0 [0139.517] IsIconic (hWnd=0x301f8) returned 0 [0139.517] GetCapture () returned 0x0 [0139.517] GetCapture () returned 0x0 [0139.517] GetParent (hWnd=0x301f8) returned 0x0 [0139.517] GetWindowRect (in: hWnd=0x301f8, lpRect=0x19f910 | out: lpRect=0x19f910) returned 1 [0139.517] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0139.517] GetCapture () returned 0x0 [0139.517] GetCapture () returned 0x0 [0139.517] CPicture::get_Attributes () returned 0x0 [0139.517] IsWindowVisible (hWnd=0x301f8) returned 1 [0139.517] IsIconic (hWnd=0x301f8) returned 0 [0139.517] IsZoomed (hWnd=0x301f8) returned 0 [0139.517] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x5, wParam=0x0, lParam=0x2a902ec) returned 0x0 [0139.517] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f3f0 | out: lpRect=0x19f3f0) returned 1 [0139.517] GetWindow (hWnd=0x301f8, uCmd=0x5) returned 0x30378 [0139.517] GetWindow (hWnd=0x30378, uCmd=0x2) returned 0x60346 [0139.517] GetParent (hWnd=0x30378) returned 0x301f8 [0139.547] GetWindow (hWnd=0x60346, uCmd=0x2) returned 0x30336 [0139.547] GetParent (hWnd=0x60346) returned 0x301f8 [0139.547] GetWindow (hWnd=0x30336, uCmd=0x2) returned 0x0 [0139.547] GetParent (hWnd=0x30336) returned 0x301f8 [0139.547] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0139.547] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f980 | out: lpRect=0x19f980) returned 1 [0139.547] MapWindowPoints (in: hWndFrom=0x301f8, hWndTo=0x0, lpPoints=0x19f980, cPoints=0x2 | out: lpPoints=0x19f980) returned 7209306 [0139.559] GetCapture () returned 0x0 [0139.559] GetCapture () returned 0x0 [0139.559] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0139.559] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0139.559] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0139.561] GetCapture () returned 0x0 [0139.561] GetCapture () returned 0x0 [0139.561] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0139.561] GetCapture () returned 0x0 [0139.561] GetCapture () returned 0x0 [0139.561] IsIconic (hWnd=0x301f8) returned 0 [0139.561] IsIconic (hWnd=0x301f8) returned 0 [0139.561] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0139.562] GetFocus () returned 0x60346 [0139.562] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0139.562] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x14, wParam=0x3010a55, lParam=0x0) returned 0x1 [0139.562] GetFocus () returned 0x60346 [0139.562] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0139.563] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0139.563] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0139.566] IsWindow (hWnd=0x301f8) returned 1 [0139.566] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0139.567] IsIconic (hWnd=0x301f8) returned 0 [0139.567] GetParent (hWnd=0x301f8) returned 0x0 [0139.567] TranslateMessage (lpMsg=0x19fe40) returned 0 [0139.567] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0139.567] GetCapture () returned 0x0 [0139.567] GetCapture () returned 0x0 [0139.567] IsIconic (hWnd=0x301f8) returned 0 [0139.567] GetUpdateRect (in: hWnd=0x301f8, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0139.567] BeginPaint (in: hWnd=0x301f8, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0xdb010907 [0139.567] IsIconic (hWnd=0x301f8) returned 0 [0139.567] IsIconic (hWnd=0x301f8) returned 0 [0139.567] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0139.567] OleTranslateColor () returned 0x0 [0139.567] OleTranslateColor () returned 0x0 [0139.567] OleTranslateColor () returned 0x0 [0139.567] OleTranslateColor () returned 0x0 [0139.568] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0139.568] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0139.568] CPicture::get_Type () returned 0x0 [0139.568] CPicture::get_Type () returned 0x0 [0139.568] CPicture::get_Width () returned 0x0 [0139.568] CPicture::get_Height () returned 0x0 [0139.568] CPicture::get_Attributes () returned 0x0 [0139.568] CPicture::Render () returned 0x0 [0139.575] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0139.575] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0139.575] GetClipBox (in: hdc=0xdb010907, lprect=0x19fa20 | out: lprect=0x19fa20) returned 3 [0139.575] SaveDC (hdc=0xdb010907) returned 1 [0139.575] SelectObject (hdc=0xdb010907, h=0x900015) returned 0x900015 [0139.575] SelectObject (hdc=0xdb010907, h=0xb00016) returned 0x4f3006ac [0139.575] SetROP2 (hdc=0xdb010907, rop2=13) returned 13 [0139.575] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0139.575] OleTranslateColor () returned 0x0 [0139.575] OleTranslateColor () returned 0x0 [0139.575] SetTextColor (hdc=0xdb010907, color=0xff00ff) returned 0x0 [0139.575] SetBkColor (hdc=0xdb010907, color=0xf0f0f0) returned 0x0 [0139.575] SetBkMode (hdc=0xdb010907, mode=1) returned 1 [0139.575] SelectObject (hdc=0xdb010907, h=0x580a0902) returned 0x320a08c8 [0139.575] GetViewportExtEx (in: hdc=0xdb010907, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0139.575] GetWindowExtEx (in: hdc=0xdb010907, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0139.575] SaveDC (hdc=0xdb010907) returned 2 [0139.575] IntersectClipRect (hdc=0xdb010907, left=72, top=296, right=769, bottom=385) returned 3 [0139.576] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe") returned 43 [0139.576] GetTextMetricsA (in: hdc=0xdb010907, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0139.576] GetTextExtentPointA (in: hdc=0xdb010907, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe", c=43, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0139.576] TextOutA (hdc=0xdb010907, x=72, y=296, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe", c=43) returned 1 [0139.576] GetTextExtentPointA (in: hdc=0xdb010907, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe", c=43, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0139.576] RestoreDC (hdc=0xdb010907, nSavedDC=-1) returned 1 [0139.576] SetTextColor (hdc=0xdb010907, color=0x0) returned 0xff00ff [0139.576] SetBkColor (hdc=0xdb010907, color=0x0) returned 0xf0f0f0 [0139.576] SelectObject (hdc=0xdb010907, h=0x320a08c8) returned 0x580a0902 [0139.576] RestoreDC (hdc=0xdb010907, nSavedDC=1) returned 1 [0139.576] EndPaint (hWnd=0x301f8, lpPaint=0x19fab0) returned 1 [0139.577] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0139.577] IsWindow (hWnd=0x60346) returned 1 [0139.577] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0139.577] IsIconic (hWnd=0x301f8) returned 0 [0139.577] GetParent (hWnd=0x60346) returned 0x301f8 [0139.577] TranslateMessage (lpMsg=0x19fe40) returned 0 [0139.577] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0139.577] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0139.578] GetCapture () returned 0x0 [0139.578] GetCapture () returned 0x0 [0139.578] IsWindow (hWnd=0x60346) returned 1 [0139.578] OleTranslateColor () returned 0x0 [0139.578] OleTranslateColor () returned 0x0 [0139.578] SetTextColor (hdc=0x3010a55, color=0x0) returned 0x0 [0139.578] SetBkColor (hdc=0x3010a55, color=0xffffff) returned 0xffffff [0139.578] OleTranslateColor () returned 0x0 [0139.578] GetCapture () returned 0x0 [0139.578] GetCapture () returned 0x0 [0139.578] IsWindow (hWnd=0x60346) returned 1 [0139.578] OleTranslateColor () returned 0x0 [0139.578] OleTranslateColor () returned 0x0 [0139.578] SetTextColor (hdc=0x3010a55, color=0x0) returned 0x0 [0139.578] SetBkColor (hdc=0x3010a55, color=0xffffff) returned 0xffffff [0139.578] OleTranslateColor () returned 0x0 [0139.579] GetFocus () returned 0x60346 [0139.579] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0139.579] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0139.579] IsWindow (hWnd=0x30378) returned 1 [0139.580] GetWindowLongA (hWnd=0x30378, nIndex=-16) returned 1140916224 [0139.580] IsIconic (hWnd=0x301f8) returned 0 [0139.580] GetParent (hWnd=0x30378) returned 0x301f8 [0139.580] TranslateMessage (lpMsg=0x19fe40) returned 0 [0139.580] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0139.580] KillTimer (hWnd=0x30378, uIDEvent=0x30378) returned 1 [0139.584] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0139.584] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0139.584] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0139.584] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0139.584] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0139.584] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0139.584] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0139.584] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0139.585] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0139.585] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0139.585] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0139.585] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0139.585] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0139.585] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0139.585] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0139.585] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0139.585] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0139.585] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0139.585] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b068 [0139.585] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0139.586] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0139.586] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0139.586] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x5a9db4, cchWideChar=14 | out: lpWideCharStr="Unicorn-32917") returned 14 [0139.586] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x222b068 | out: hHeap=0x2220000) returned 1 [0139.587] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0139.587] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5a9f94, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0139.587] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0139.587] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x963caf, ExceptionRecord=0x0, ReturnValue=0x0) [0139.588] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0139.588] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5a9db4, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0139.588] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0139.588] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x963caf, ExceptionRecord=0x0, ReturnValue=0x0) [0139.588] SetTimer (hWnd=0x30378, nIDEvent=0x30378, uElapse=0x2328, lpTimerFunc=0x0) returned 0x30378 [0139.589] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0139.589] IsWindow (hWnd=0x30336) returned 1 [0139.589] GetWindowLongA (hWnd=0x30336, nIndex=-16) returned 1140916224 [0139.589] IsIconic (hWnd=0x301f8) returned 0 [0139.589] GetParent (hWnd=0x30336) returned 0x301f8 [0139.589] TranslateMessage (lpMsg=0x19fe40) returned 0 [0139.589] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0139.589] KillTimer (hWnd=0x30336, uIDEvent=0x30336) returned 1 [0139.589] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0x21, wMilliseconds=0xc9)) [0139.590] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0139.590] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0139.590] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0139.590] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0139.590] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0139.590] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0139.590] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0139.590] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0139.591] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0139.591] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0139.591] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0139.591] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0139.591] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0139.591] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0139.591] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe") returned 0x2b [0139.591] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe", cchWideChar=44, lpMultiByteStr=0x5c91dc, cbMultiByte=87, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe", lpUsedDefaultChar=0x0) returned 44 [0139.591] lstrcmpA (lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7945.exe", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe") returned 1 [0139.591] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe") returned 43 [0139.591] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2c) returned 0x2a43b78 [0139.592] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0139.592] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0139.592] InvalidateRect (hWnd=0x301f8, lpRect=0x19f8e8, bErase=1) returned 1 [0139.592] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0139.592] GetFocus () returned 0x60346 [0139.592] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0139.592] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x2a43a50 [0139.592] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd, wParam=0x2, lParam=0x2a43a50) returned 0x1 [0139.592] GetFocus () returned 0x60346 [0139.592] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0139.592] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="2", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0139.593] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="2", cbMultiByte=-1, lpWideCharStr=0x5a9db4, cchWideChar=2 | out: lpWideCharStr="2") returned 2 [0139.593] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0139.593] GetUserDefaultLCID () returned 0x409 [0139.593] VarR8FromStr (in: strIn="2", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0139.593] GetUserDefaultLCID () returned 0x409 [0139.593] VarBstrFromR8 (in: dblIn=0x0, lcid=0x40080000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0139.593] SysStringLen (param_1="3") returned 0x1 [0139.593] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="3", cchWideChar=2, lpMultiByteStr=0x5a9cc4, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3", lpUsedDefaultChar=0x0) returned 2 [0139.593] SetWindowTextA (hWnd=0x60346, lpString="3") returned 1 [0139.593] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0139.593] GetFocus () returned 0x60346 [0139.593] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0139.593] lstrlenA (lpString="3") returned 1 [0139.593] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x2a43a50 [0139.593] GetWindowTextA (in: hWnd=0x60346, lpString=0x2a43a50, nMaxCount=2 | out: lpString="2") returned 1 [0139.593] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd, wParam=0x2, lParam=0x2a43a50) returned 0x1 [0139.593] GetFocus () returned 0x60346 [0139.593] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0139.594] lstrcmpA (lpString1="2", lpString2="3") returned -1 [0139.594] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0139.594] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xc, wParam=0x0, lParam=0x5a9cc4) returned 0x1 [0139.594] GetCapture () returned 0x0 [0139.594] GetCapture () returned 0x0 [0139.594] IsWindow (hWnd=0x60346) returned 1 [0139.594] IsWindow (hWnd=0x60346) returned 1 [0139.594] GetCapture () returned 0x0 [0139.594] GetCapture () returned 0x0 [0139.594] IsWindow (hWnd=0x60346) returned 1 [0139.594] IsWindow (hWnd=0x60346) returned 1 [0139.594] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0x21, wMilliseconds=0xc9)) [0139.595] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0139.595] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0139.595] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0139.595] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0139.595] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0139.595] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0139.595] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0139.595] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0139.595] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0139.596] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0139.596] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0139.596] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0139.596] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0140.189] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0140.189] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0140.189] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0140.189] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0140.189] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0140.189] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b0f8 [0140.190] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0140.238] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0140.238] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0140.238] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x5a9fbc, cchWideChar=14 | out: lpWideCharStr="Unicorn-32917") returned 14 [0140.238] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x222b0f8 | out: hHeap=0x2220000) returned 1 [0140.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpUsedDefaultChar=0x0) returned 45 [0140.238] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpFilePart=0x19e9fc*="Unicorn-32917.exe") returned 0x2c [0140.238] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0140.239] GetLastError () returned 0x20 [0140.239] GetLastError () returned 0x20 [0140.239] SetLastError (dwErrCode=0x20) [0140.239] GetLastError () returned 0x20 [0140.239] SetLastError (dwErrCode=0x20) [0140.239] GetLastError () returned 0x20 [0140.239] SetLastError (dwErrCode=0x20) [0140.239] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0140.239] GetLastError () returned 0x20 [0140.239] GetLastError () returned 0x20 [0140.239] SetLastError (dwErrCode=0x20) [0140.239] GetLastError () returned 0x20 [0140.239] SetLastError (dwErrCode=0x20) [0140.239] GetLastError () returned 0x20 [0140.240] SetLastError (dwErrCode=0x20) [0140.240] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0140.240] GetFileType (hFile=0x254) returned 0x1 [0140.240] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x5cd990 [0140.240] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0140.240] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75131 [0140.240] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0140.240] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0140.242] ReadFile (in: hFile=0x254, lpBuffer=0x5cda70, nNumberOfBytesToRead=0x75132, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5cda70*, lpNumberOfBytesRead=0x19eb68*=0x75131, lpOverlapped=0x0) returned 1 [0140.259] CloseHandle (hObject=0x254) returned 1 [0140.260] IMalloc:Free (This=0x7627fec4, pv=0x5cd990) [0140.260] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0140.260] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe") returned 43 [0140.260] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2c) returned 0x2a43bb0 [0140.260] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe") returned 43 [0140.260] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 44 [0140.260] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe", cbMultiByte=-1, lpWideCharStr=0x5c91dc, cchWideChar=44 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe") returned 44 [0140.261] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0140.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe", lpUsedDefaultChar=0x0) returned 44 [0140.261] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe", lpFilePart=0x19e9fc*="Unicorn-7332.exe") returned 0x2b [0140.261] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-7332.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0140.262] GetFileType (hFile=0x254) returned 0x1 [0140.263] IMalloc:Alloc (This=0x7627fec4, cb=0x68) returned 0x5cd990 [0140.263] WriteFile (in: hFile=0x254, lpBuffer=0x5cda70*, nNumberOfBytesToWrite=0x75132, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5cda70*, lpNumberOfBytesWritten=0x19e760*=0x75132, lpOverlapped=0x0) returned 1 [0140.922] CloseHandle (hObject=0x254) returned 1 [0141.270] IMalloc:Free (This=0x7627fec4, pv=0x5cd990) [0141.270] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe") returned 43 [0141.270] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2c) returned 0x2a43bb0 [0141.270] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe") returned 43 [0141.270] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 44 [0141.271] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe", cbMultiByte=-1, lpWideCharStr=0x5c91dc, cchWideChar=44 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe") returned 44 [0141.271] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0141.271] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44 | out: lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe", lpProcessInformation=0x19ec44*(hProcess=0x258, hThread=0x254, dwProcessId=0x1498, dwThreadId=0x1490)) returned 1 [0141.990] GetLastError () returned 0x715 [0141.990] WaitForInputIdle (hProcess=0x258, dwMilliseconds=0x2710) returned 0x102 [0155.994] CloseHandle (hObject=0x254) returned 1 [0155.994] CloseHandle (hObject=0x258) returned 1 [0155.995] SafeArrayDestroyDescriptor (psa=0x5c3a48) returned 0x0 [0155.996] GetFocus () returned 0x60346 [0155.996] GetCaretPos (in: lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1 [0155.996] SetTimer (hWnd=0x30336, nIDEvent=0x30336, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x30336 [0155.997] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0156.003] GetCapture () returned 0x0 [0156.003] GetCapture () returned 0x0 [0156.003] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0156.003] GetCapture () returned 0x0 [0156.003] GetCapture () returned 0x0 [0156.003] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0156.006] GetCapture () returned 0x0 [0156.006] GetCapture () returned 0x0 [0156.006] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x85, wParam=0x3040ae4, lParam=0x0) returned 0x0 [0156.007] GetCapture () returned 0x0 [0156.007] GetCapture () returned 0x0 [0156.007] IsIconic (hWnd=0x301f8) returned 0 [0156.007] IsIconic (hWnd=0x301f8) returned 0 [0156.007] GetCapture () returned 0x0 [0156.008] GetCapture () returned 0x0 [0156.008] GetParent (hWnd=0x301f8) returned 0x0 [0156.008] GetWindowRect (in: hWnd=0x301f8, lpRect=0x19f910 | out: lpRect=0x19f910) returned 1 [0156.008] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0156.008] GetCapture () returned 0x0 [0156.008] GetCapture () returned 0x0 [0156.008] CPicture::get_Attributes () returned 0x0 [0156.008] IsWindowVisible (hWnd=0x301f8) returned 1 [0156.008] IsIconic (hWnd=0x301f8) returned 0 [0156.008] IsZoomed (hWnd=0x301f8) returned 0 [0156.008] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x5, wParam=0x0, lParam=0x2a902ec) returned 0x0 [0156.008] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f3f0 | out: lpRect=0x19f3f0) returned 1 [0156.008] GetWindow (hWnd=0x301f8, uCmd=0x5) returned 0x30378 [0156.008] GetWindow (hWnd=0x30378, uCmd=0x2) returned 0x60346 [0156.008] GetParent (hWnd=0x30378) returned 0x301f8 [0156.008] GetWindow (hWnd=0x60346, uCmd=0x2) returned 0x30336 [0156.008] GetParent (hWnd=0x60346) returned 0x301f8 [0156.009] GetWindow (hWnd=0x30336, uCmd=0x2) returned 0x0 [0156.009] GetParent (hWnd=0x30336) returned 0x301f8 [0156.009] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0156.009] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f980 | out: lpRect=0x19f980) returned 1 [0156.009] MapWindowPoints (in: hWndFrom=0x301f8, hWndTo=0x0, lpPoints=0x19f980, cPoints=0x2 | out: lpPoints=0x19f980) returned 7209306 [0156.016] GetCapture () returned 0x0 [0156.016] GetCapture () returned 0x0 [0156.016] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0156.016] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0156.016] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0156.017] GetCapture () returned 0x0 [0156.017] GetCapture () returned 0x0 [0156.017] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0156.017] GetCapture () returned 0x0 [0156.017] GetCapture () returned 0x0 [0156.017] IsIconic (hWnd=0x301f8) returned 0 [0156.017] IsIconic (hWnd=0x301f8) returned 0 [0156.017] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0156.018] GetFocus () returned 0x60346 [0156.018] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0156.018] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x14, wParam=0x220109e0, lParam=0x0) returned 0x1 [0156.018] GetFocus () returned 0x60346 [0156.018] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0156.019] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0156.019] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0156.204] IsWindow (hWnd=0x301f8) returned 1 [0156.204] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0156.204] IsIconic (hWnd=0x301f8) returned 0 [0156.204] GetParent (hWnd=0x301f8) returned 0x0 [0156.204] TranslateMessage (lpMsg=0x19fe40) returned 0 [0156.204] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0156.206] GetCapture () returned 0x0 [0156.207] GetCapture () returned 0x0 [0156.207] IsIconic (hWnd=0x301f8) returned 0 [0156.207] GetUpdateRect (in: hWnd=0x301f8, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0156.207] BeginPaint (in: hWnd=0x301f8, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0xdb010907 [0156.207] IsIconic (hWnd=0x301f8) returned 0 [0156.207] IsIconic (hWnd=0x301f8) returned 0 [0156.207] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0156.207] OleTranslateColor () returned 0x0 [0156.207] OleTranslateColor () returned 0x0 [0156.207] OleTranslateColor () returned 0x0 [0156.207] OleTranslateColor () returned 0x0 [0156.207] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0156.207] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0156.207] CPicture::get_Type () returned 0x0 [0156.207] CPicture::get_Type () returned 0x0 [0156.208] CPicture::get_Width () returned 0x0 [0156.208] CPicture::get_Height () returned 0x0 [0156.208] CPicture::get_Attributes () returned 0x0 [0156.208] CPicture::Render () returned 0x0 [0156.226] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0156.226] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0156.226] GetClipBox (in: hdc=0xdb010907, lprect=0x19fa20 | out: lprect=0x19fa20) returned 3 [0156.226] SaveDC (hdc=0xdb010907) returned 1 [0156.227] SelectObject (hdc=0xdb010907, h=0x900015) returned 0x900015 [0156.227] SelectObject (hdc=0xdb010907, h=0xb00016) returned 0x4f3006ac [0156.227] SetROP2 (hdc=0xdb010907, rop2=13) returned 13 [0156.227] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0156.227] OleTranslateColor () returned 0x0 [0156.227] OleTranslateColor () returned 0x0 [0156.227] SetTextColor (hdc=0xdb010907, color=0xff00ff) returned 0x0 [0156.227] SetBkColor (hdc=0xdb010907, color=0xf0f0f0) returned 0x0 [0156.227] SetBkMode (hdc=0xdb010907, mode=1) returned 1 [0156.227] SelectObject (hdc=0xdb010907, h=0x580a0902) returned 0x320a08c8 [0156.227] GetViewportExtEx (in: hdc=0xdb010907, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0156.227] GetWindowExtEx (in: hdc=0xdb010907, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0156.227] SaveDC (hdc=0xdb010907) returned 2 [0156.227] IntersectClipRect (hdc=0xdb010907, left=72, top=296, right=769, bottom=385) returned 3 [0156.227] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe") returned 43 [0156.227] GetTextMetricsA (in: hdc=0xdb010907, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0156.227] GetTextExtentPointA (in: hdc=0xdb010907, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe", c=43, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0156.228] TextOutA (hdc=0xdb010907, x=72, y=296, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe", c=43) returned 1 [0156.228] GetTextExtentPointA (in: hdc=0xdb010907, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe", c=43, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0156.228] RestoreDC (hdc=0xdb010907, nSavedDC=-1) returned 1 [0156.228] SetTextColor (hdc=0xdb010907, color=0x0) returned 0xff00ff [0156.228] SetBkColor (hdc=0xdb010907, color=0x0) returned 0xf0f0f0 [0156.228] SelectObject (hdc=0xdb010907, h=0x320a08c8) returned 0x580a0902 [0156.228] RestoreDC (hdc=0xdb010907, nSavedDC=1) returned 1 [0156.228] EndPaint (hWnd=0x301f8, lpPaint=0x19fab0) returned 1 [0156.229] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0156.229] IsWindow (hWnd=0x60346) returned 1 [0156.229] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0156.229] IsIconic (hWnd=0x301f8) returned 0 [0156.229] GetParent (hWnd=0x60346) returned 0x301f8 [0156.229] TranslateMessage (lpMsg=0x19fe40) returned 0 [0156.229] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0156.229] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0156.230] GetCapture () returned 0x0 [0156.230] GetCapture () returned 0x0 [0156.230] IsWindow (hWnd=0x60346) returned 1 [0156.230] OleTranslateColor () returned 0x0 [0156.230] OleTranslateColor () returned 0x0 [0156.230] SetTextColor (hdc=0x220109e0, color=0x0) returned 0x0 [0156.230] SetBkColor (hdc=0x220109e0, color=0xffffff) returned 0xffffff [0156.230] OleTranslateColor () returned 0x0 [0156.230] GetCapture () returned 0x0 [0156.230] GetCapture () returned 0x0 [0156.230] IsWindow (hWnd=0x60346) returned 1 [0156.230] OleTranslateColor () returned 0x0 [0156.230] OleTranslateColor () returned 0x0 [0156.230] SetTextColor (hdc=0x220109e0, color=0x0) returned 0x0 [0156.230] SetBkColor (hdc=0x220109e0, color=0xffffff) returned 0xffffff [0156.230] OleTranslateColor () returned 0x0 [0159.146] GetFocus () returned 0x60346 [0159.146] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0159.147] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0159.147] IsWindow (hWnd=0x30378) returned 1 [0159.147] GetWindowLongA (hWnd=0x30378, nIndex=-16) returned 1140916224 [0159.147] IsIconic (hWnd=0x301f8) returned 0 [0159.147] GetParent (hWnd=0x30378) returned 0x301f8 [0159.147] TranslateMessage (lpMsg=0x19fe40) returned 0 [0159.147] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0159.147] KillTimer (hWnd=0x30378, uIDEvent=0x30378) returned 1 [0159.148] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0159.148] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0159.148] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0159.148] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0159.148] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0159.148] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0159.148] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0159.149] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0159.149] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0159.149] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0159.149] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0159.149] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0159.149] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0159.149] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0159.150] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0159.150] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0159.150] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0159.150] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0159.150] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b068 [0159.150] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0159.150] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0159.150] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0159.150] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x5a9fbc, cchWideChar=14 | out: lpWideCharStr="Unicorn-32917") returned 14 [0159.151] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x222b068 | out: hHeap=0x2220000) returned 1 [0159.151] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0159.151] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5a9cc4, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0159.151] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0159.152] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x963caf, ExceptionRecord=0x0, ReturnValue=0x0) [0159.152] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0159.152] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5a9fbc, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0159.152] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0159.153] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x963caf, ExceptionRecord=0x0, ReturnValue=0x0) [0159.153] SetTimer (hWnd=0x30378, nIDEvent=0x30378, uElapse=0x2328, lpTimerFunc=0x0) returned 0x30378 [0159.153] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0159.153] IsWindow (hWnd=0x30336) returned 1 [0159.153] GetWindowLongA (hWnd=0x30336, nIndex=-16) returned 1140916224 [0159.153] IsIconic (hWnd=0x301f8) returned 0 [0159.153] GetParent (hWnd=0x30336) returned 0x301f8 [0159.153] TranslateMessage (lpMsg=0x19fe40) returned 0 [0159.153] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0159.154] KillTimer (hWnd=0x30336, uIDEvent=0x30336) returned 1 [0159.154] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0x34, wMilliseconds=0x2fc)) [0159.154] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0159.154] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0159.154] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0159.154] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0159.154] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0159.154] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0159.154] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0159.155] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0159.155] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0159.155] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0159.155] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0159.155] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0159.156] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0159.156] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0159.156] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe") returned 0x2c [0159.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe", cchWideChar=45, lpMultiByteStr=0x5c92ac, cbMultiByte=89, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe", lpUsedDefaultChar=0x0) returned 45 [0159.156] lstrcmpA (lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-7332.exe", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe") returned 1 [0159.156] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe") returned 44 [0159.156] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0159.156] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0159.156] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0159.156] InvalidateRect (hWnd=0x301f8, lpRect=0x19f8e8, bErase=1) returned 1 [0159.157] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0159.157] GetFocus () returned 0x60346 [0159.157] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0159.157] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x2a43a50 [0159.157] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd, wParam=0x2, lParam=0x2a43a50) returned 0x1 [0159.157] GetFocus () returned 0x60346 [0159.157] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0159.157] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="3", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0159.157] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="3", cbMultiByte=-1, lpWideCharStr=0x5a9fbc, cchWideChar=2 | out: lpWideCharStr="3") returned 2 [0159.157] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0159.157] GetUserDefaultLCID () returned 0x409 [0159.157] VarR8FromStr (in: strIn="3", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0159.157] GetUserDefaultLCID () returned 0x409 [0159.157] VarBstrFromR8 (in: dblIn=0x0, lcid=0x40100000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0159.158] SysStringLen (param_1="4") returned 0x1 [0159.158] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="4", cchWideChar=2, lpMultiByteStr=0x5a9db4, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4", lpUsedDefaultChar=0x0) returned 2 [0159.158] SetWindowTextA (hWnd=0x60346, lpString="4") returned 1 [0159.158] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0159.158] GetFocus () returned 0x60346 [0159.158] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0159.158] lstrlenA (lpString="4") returned 1 [0159.158] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x2a43a50 [0159.158] GetWindowTextA (in: hWnd=0x60346, lpString=0x2a43a50, nMaxCount=2 | out: lpString="3") returned 1 [0159.158] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd, wParam=0x2, lParam=0x2a43a50) returned 0x1 [0159.158] GetFocus () returned 0x60346 [0159.158] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0159.158] lstrcmpA (lpString1="3", lpString2="4") returned -1 [0159.158] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0159.158] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xc, wParam=0x0, lParam=0x5a9db4) returned 0x1 [0159.159] GetCapture () returned 0x0 [0159.159] GetCapture () returned 0x0 [0159.159] IsWindow (hWnd=0x60346) returned 1 [0159.159] IsWindow (hWnd=0x60346) returned 1 [0159.160] GetCapture () returned 0x0 [0159.160] GetCapture () returned 0x0 [0159.160] IsWindow (hWnd=0x60346) returned 1 [0159.160] IsWindow (hWnd=0x60346) returned 1 [0159.160] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0x34, wMilliseconds=0x30b)) [0159.160] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0159.160] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0159.160] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0159.161] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0159.161] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0159.161] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0159.161] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0159.161] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0159.161] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0159.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0159.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0159.161] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0159.162] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0159.162] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0159.162] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0159.162] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0159.162] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0159.162] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0159.162] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b068 [0159.162] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0159.162] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0159.162] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0159.163] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x5a9f94, cchWideChar=14 | out: lpWideCharStr="Unicorn-32917") returned 14 [0159.163] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x222b068 | out: hHeap=0x2220000) returned 1 [0159.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpUsedDefaultChar=0x0) returned 45 [0159.163] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpFilePart=0x19e9fc*="Unicorn-32917.exe") returned 0x2c [0159.163] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0159.164] GetLastError () returned 0x20 [0159.164] GetLastError () returned 0x20 [0159.164] SetLastError (dwErrCode=0x20) [0159.164] GetLastError () returned 0x20 [0159.164] SetLastError (dwErrCode=0x20) [0159.164] GetLastError () returned 0x20 [0159.164] SetLastError (dwErrCode=0x20) [0159.164] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0159.164] GetLastError () returned 0x20 [0159.164] GetLastError () returned 0x20 [0159.164] SetLastError (dwErrCode=0x20) [0159.165] GetLastError () returned 0x20 [0159.165] SetLastError (dwErrCode=0x20) [0159.165] GetLastError () returned 0x20 [0159.165] SetLastError (dwErrCode=0x20) [0159.165] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0159.165] GetFileType (hFile=0x258) returned 0x1 [0159.165] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x642df0 [0159.165] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0159.166] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75131 [0159.166] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0159.166] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0159.168] ReadFile (in: hFile=0x258, lpBuffer=0x5cda70, nNumberOfBytesToRead=0x75132, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5cda70*, lpNumberOfBytesRead=0x19eb68*=0x75131, lpOverlapped=0x0) returned 1 [0159.176] CloseHandle (hObject=0x258) returned 1 [0159.177] IMalloc:Free (This=0x7627fec4, pv=0x642df0) [0159.177] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0159.177] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe") returned 44 [0159.177] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0159.177] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe") returned 44 [0159.177] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0159.177] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe", cbMultiByte=-1, lpWideCharStr=0x5c92ac, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe") returned 45 [0159.178] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0159.178] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe", lpUsedDefaultChar=0x0) returned 45 [0159.178] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe", lpFilePart=0x19e9fc*="Unicorn-60201.exe") returned 0x2c [0159.178] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-60201.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0159.441] GetFileType (hFile=0x258) returned 0x1 [0159.441] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x642df0 [0159.441] WriteFile (in: hFile=0x258, lpBuffer=0x5cda70*, nNumberOfBytesToWrite=0x75132, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5cda70*, lpNumberOfBytesWritten=0x19e760*=0x75132, lpOverlapped=0x0) returned 1 [0159.465] CloseHandle (hObject=0x258) returned 1 [0159.527] IMalloc:Free (This=0x7627fec4, pv=0x642df0) [0159.527] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe") returned 44 [0159.527] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0159.527] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe") returned 44 [0159.527] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0159.527] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe", cbMultiByte=-1, lpWideCharStr=0x5c92ac, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe") returned 45 [0159.528] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0159.528] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44 | out: lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe", lpProcessInformation=0x19ec44*(hProcess=0x254, hThread=0x258, dwProcessId=0x105c, dwThreadId=0x10cc)) returned 1 [0161.232] GetLastError () returned 0x715 [0161.232] WaitForInputIdle (hProcess=0x254, dwMilliseconds=0x2710) returned 0x102 [0174.353] CloseHandle (hObject=0x258) returned 1 [0174.354] CloseHandle (hObject=0x254) returned 1 [0174.354] SafeArrayDestroyDescriptor (psa=0x5c3f28) returned 0x0 [0174.355] GetFocus () returned 0x60346 [0174.356] GetCaretPos (in: lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1 [0174.356] SetTimer (hWnd=0x30336, nIDEvent=0x30336, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x30336 [0174.357] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0174.364] GetCapture () returned 0x0 [0174.364] GetCapture () returned 0x0 [0174.364] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0174.364] GetCapture () returned 0x0 [0174.364] GetCapture () returned 0x0 [0174.364] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0174.366] GetCapture () returned 0x0 [0174.366] GetCapture () returned 0x0 [0174.366] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x85, wParam=0xe040c00, lParam=0x0) returned 0x0 [0174.367] GetCapture () returned 0x0 [0174.367] GetCapture () returned 0x0 [0174.367] IsIconic (hWnd=0x301f8) returned 0 [0174.367] IsIconic (hWnd=0x301f8) returned 0 [0174.367] GetCapture () returned 0x0 [0174.367] GetCapture () returned 0x0 [0174.367] GetParent (hWnd=0x301f8) returned 0x0 [0174.367] GetWindowRect (in: hWnd=0x301f8, lpRect=0x19f910 | out: lpRect=0x19f910) returned 1 [0174.367] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0174.367] GetCapture () returned 0x0 [0174.367] GetCapture () returned 0x0 [0174.368] CPicture::get_Attributes () returned 0x0 [0174.368] IsWindowVisible (hWnd=0x301f8) returned 1 [0174.368] IsIconic (hWnd=0x301f8) returned 0 [0174.368] IsZoomed (hWnd=0x301f8) returned 0 [0174.368] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x5, wParam=0x0, lParam=0x2a902ec) returned 0x0 [0174.368] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f3f0 | out: lpRect=0x19f3f0) returned 1 [0174.368] GetWindow (hWnd=0x301f8, uCmd=0x5) returned 0x30378 [0174.368] GetWindow (hWnd=0x30378, uCmd=0x2) returned 0x60346 [0174.368] GetParent (hWnd=0x30378) returned 0x301f8 [0174.368] GetWindow (hWnd=0x60346, uCmd=0x2) returned 0x30336 [0174.368] GetParent (hWnd=0x60346) returned 0x301f8 [0174.368] GetWindow (hWnd=0x30336, uCmd=0x2) returned 0x0 [0174.368] GetParent (hWnd=0x30336) returned 0x301f8 [0174.368] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0174.368] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f980 | out: lpRect=0x19f980) returned 1 [0174.368] MapWindowPoints (in: hWndFrom=0x301f8, hWndTo=0x0, lpPoints=0x19f980, cPoints=0x2 | out: lpPoints=0x19f980) returned 7209306 [0174.442] GetCapture () returned 0x0 [0174.442] GetCapture () returned 0x0 [0174.442] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0174.442] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0174.442] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0174.443] GetCapture () returned 0x0 [0174.443] GetCapture () returned 0x0 [0174.444] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0174.444] GetCapture () returned 0x0 [0174.444] GetCapture () returned 0x0 [0174.444] IsIconic (hWnd=0x301f8) returned 0 [0174.444] IsIconic (hWnd=0x301f8) returned 0 [0174.444] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0174.445] GetFocus () returned 0x60346 [0174.445] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0174.445] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x14, wParam=0x3f010964, lParam=0x0) returned 0x1 [0174.445] GetFocus () returned 0x60346 [0174.446] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0174.446] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0174.446] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0174.450] IsWindow (hWnd=0x301f8) returned 1 [0174.450] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0174.450] IsIconic (hWnd=0x301f8) returned 0 [0174.451] GetParent (hWnd=0x301f8) returned 0x0 [0174.451] TranslateMessage (lpMsg=0x19fe40) returned 0 [0174.451] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0174.451] GetCapture () returned 0x0 [0174.451] GetCapture () returned 0x0 [0174.451] IsIconic (hWnd=0x301f8) returned 0 [0174.451] GetUpdateRect (in: hWnd=0x301f8, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0174.451] BeginPaint (in: hWnd=0x301f8, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0xdb010907 [0174.451] IsIconic (hWnd=0x301f8) returned 0 [0174.451] IsIconic (hWnd=0x301f8) returned 0 [0174.451] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0174.451] OleTranslateColor () returned 0x0 [0174.451] OleTranslateColor () returned 0x0 [0174.451] OleTranslateColor () returned 0x0 [0174.451] OleTranslateColor () returned 0x0 [0174.451] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0174.452] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0174.452] CPicture::get_Type () returned 0x0 [0174.452] CPicture::get_Type () returned 0x0 [0174.452] CPicture::get_Width () returned 0x0 [0174.452] CPicture::get_Height () returned 0x0 [0174.452] CPicture::get_Attributes () returned 0x0 [0174.452] CPicture::Render () returned 0x0 [0176.450] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0176.450] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0176.450] GetClipBox (in: hdc=0xdb010907, lprect=0x19fa20 | out: lprect=0x19fa20) returned 3 [0176.450] SaveDC (hdc=0xdb010907) returned 1 [0176.450] SelectObject (hdc=0xdb010907, h=0x900015) returned 0x900015 [0176.450] SelectObject (hdc=0xdb010907, h=0xb00016) returned 0x4f3006ac [0176.450] SetROP2 (hdc=0xdb010907, rop2=13) returned 13 [0176.450] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0176.450] OleTranslateColor () returned 0x0 [0176.450] OleTranslateColor () returned 0x0 [0176.450] SetTextColor (hdc=0xdb010907, color=0xff00ff) returned 0x0 [0176.450] SetBkColor (hdc=0xdb010907, color=0xf0f0f0) returned 0x0 [0176.450] SetBkMode (hdc=0xdb010907, mode=1) returned 1 [0176.450] SelectObject (hdc=0xdb010907, h=0x580a0902) returned 0x320a08c8 [0176.451] GetViewportExtEx (in: hdc=0xdb010907, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0176.451] GetWindowExtEx (in: hdc=0xdb010907, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0176.451] SaveDC (hdc=0xdb010907) returned 2 [0176.451] IntersectClipRect (hdc=0xdb010907, left=72, top=296, right=769, bottom=385) returned 3 [0176.451] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe") returned 44 [0176.451] GetTextMetricsA (in: hdc=0xdb010907, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0176.451] GetTextExtentPointA (in: hdc=0xdb010907, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0176.451] TextOutA (hdc=0xdb010907, x=72, y=296, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe", c=44) returned 1 [0176.451] GetTextExtentPointA (in: hdc=0xdb010907, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0176.451] RestoreDC (hdc=0xdb010907, nSavedDC=-1) returned 1 [0176.451] SetTextColor (hdc=0xdb010907, color=0x0) returned 0xff00ff [0176.452] SetBkColor (hdc=0xdb010907, color=0x0) returned 0xf0f0f0 [0176.452] SelectObject (hdc=0xdb010907, h=0x320a08c8) returned 0x580a0902 [0176.452] RestoreDC (hdc=0xdb010907, nSavedDC=1) returned 1 [0176.452] EndPaint (hWnd=0x301f8, lpPaint=0x19fab0) returned 1 [0176.452] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0176.452] IsWindow (hWnd=0x60346) returned 1 [0176.452] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0176.452] IsIconic (hWnd=0x301f8) returned 0 [0176.452] GetParent (hWnd=0x60346) returned 0x301f8 [0176.452] TranslateMessage (lpMsg=0x19fe40) returned 0 [0176.452] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0176.453] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0176.453] GetCapture () returned 0x0 [0176.453] GetCapture () returned 0x0 [0176.453] IsWindow (hWnd=0x60346) returned 1 [0176.453] OleTranslateColor () returned 0x0 [0176.453] OleTranslateColor () returned 0x0 [0176.453] SetTextColor (hdc=0xc6010ad6, color=0x0) returned 0x0 [0176.453] SetBkColor (hdc=0xc6010ad6, color=0xffffff) returned 0xffffff [0176.453] OleTranslateColor () returned 0x0 [0176.453] GetCapture () returned 0x0 [0176.453] GetCapture () returned 0x0 [0176.453] IsWindow (hWnd=0x60346) returned 1 [0176.453] OleTranslateColor () returned 0x0 [0176.453] OleTranslateColor () returned 0x0 [0176.453] SetTextColor (hdc=0xc6010ad6, color=0x0) returned 0x0 [0176.453] SetBkColor (hdc=0xc6010ad6, color=0xffffff) returned 0xffffff [0176.453] OleTranslateColor () returned 0x0 [0176.454] GetFocus () returned 0x60346 [0176.454] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0176.454] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0176.455] IsWindow (hWnd=0x30378) returned 1 [0176.455] GetWindowLongA (hWnd=0x30378, nIndex=-16) returned 1140916224 [0176.455] IsIconic (hWnd=0x301f8) returned 0 [0176.455] GetParent (hWnd=0x30378) returned 0x301f8 [0176.455] TranslateMessage (lpMsg=0x19fe40) returned 0 [0176.455] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0176.455] KillTimer (hWnd=0x30378, uIDEvent=0x30378) returned 1 [0176.455] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0176.455] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0176.455] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0176.455] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0176.455] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0176.456] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0176.456] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0176.456] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0176.456] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0176.457] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0176.457] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0176.457] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0176.457] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0176.457] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0176.457] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0176.457] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0176.457] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0176.457] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0176.457] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b068 [0176.457] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0176.458] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0176.458] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0176.458] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x5a9f94, cchWideChar=14 | out: lpWideCharStr="Unicorn-32917") returned 14 [0176.458] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x222b068 | out: hHeap=0x2220000) returned 1 [0176.458] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0176.458] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5a9db4, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0176.458] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0176.459] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x963caf, ExceptionRecord=0x0, ReturnValue=0x0) [0176.459] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0176.459] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5a9f94, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0176.459] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0176.460] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x963caf, ExceptionRecord=0x0, ReturnValue=0x0) [0176.460] SetTimer (hWnd=0x30378, nIDEvent=0x30378, uElapse=0x2328, lpTimerFunc=0x0) returned 0x30378 [0176.460] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0176.460] IsWindow (hWnd=0x30336) returned 1 [0176.460] GetWindowLongA (hWnd=0x30336, nIndex=-16) returned 1140916224 [0176.460] IsIconic (hWnd=0x301f8) returned 0 [0176.460] GetParent (hWnd=0x30336) returned 0x301f8 [0176.460] TranslateMessage (lpMsg=0x19fe40) returned 0 [0176.460] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0176.460] KillTimer (hWnd=0x30336, uIDEvent=0x30336) returned 1 [0176.460] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x21, wSecond=0xa, wMilliseconds=0x43)) [0176.461] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0176.461] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0176.461] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0176.461] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0176.461] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0176.461] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0176.461] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0176.462] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0176.462] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0176.462] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0176.462] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0176.462] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0176.470] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0176.470] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0176.470] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe") returned 0x2c [0176.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe", cchWideChar=45, lpMultiByteStr=0x5c9244, cbMultiByte=89, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe", lpUsedDefaultChar=0x0) returned 45 [0176.470] lstrcmpA (lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-60201.exe", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe") returned 1 [0176.471] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe") returned 44 [0176.471] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0176.471] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0176.471] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0176.471] InvalidateRect (hWnd=0x301f8, lpRect=0x19f8e8, bErase=1) returned 1 [0176.472] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0176.475] GetFocus () returned 0x60346 [0176.475] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0176.475] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x2a43a50 [0176.475] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd, wParam=0x2, lParam=0x2a43a50) returned 0x1 [0176.475] GetFocus () returned 0x60346 [0176.475] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0176.475] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="4", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0176.476] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="4", cbMultiByte=-1, lpWideCharStr=0x5a9f94, cchWideChar=2 | out: lpWideCharStr="4") returned 2 [0176.476] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0176.476] GetUserDefaultLCID () returned 0x409 [0176.476] VarR8FromStr (in: strIn="4", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0176.476] GetUserDefaultLCID () returned 0x409 [0176.476] VarBstrFromR8 (in: dblIn=0x0, lcid=0x40140000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0176.476] SysStringLen (param_1="5") returned 0x1 [0176.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5", cchWideChar=2, lpMultiByteStr=0x5a9fbc, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="5", lpUsedDefaultChar=0x0) returned 2 [0176.476] SetWindowTextA (hWnd=0x60346, lpString="5") returned 1 [0176.476] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0176.476] GetFocus () returned 0x60346 [0176.476] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0176.476] lstrlenA (lpString="5") returned 1 [0176.476] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x2a43a50 [0176.476] GetWindowTextA (in: hWnd=0x60346, lpString=0x2a43a50, nMaxCount=2 | out: lpString="4") returned 1 [0176.477] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd, wParam=0x2, lParam=0x2a43a50) returned 0x1 [0176.477] GetFocus () returned 0x60346 [0176.478] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0176.478] lstrcmpA (lpString1="4", lpString2="5") returned -1 [0176.478] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0176.478] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xc, wParam=0x0, lParam=0x5a9fbc) returned 0x1 [0176.478] GetCapture () returned 0x0 [0176.478] GetCapture () returned 0x0 [0176.478] IsWindow (hWnd=0x60346) returned 1 [0176.478] IsWindow (hWnd=0x60346) returned 1 [0176.479] GetCapture () returned 0x0 [0176.479] GetCapture () returned 0x0 [0176.479] IsWindow (hWnd=0x60346) returned 1 [0176.479] IsWindow (hWnd=0x60346) returned 1 [0176.479] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x21, wSecond=0xa, wMilliseconds=0x62)) [0176.479] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0176.479] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0176.479] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0176.479] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0176.479] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0176.479] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0176.479] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0176.480] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0176.486] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0176.486] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0176.486] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0176.486] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0176.486] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0176.486] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0176.486] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0176.486] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0176.486] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0176.486] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0176.487] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b0f8 [0176.487] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0176.487] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0176.487] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0176.489] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x5a9cc4, cchWideChar=14 | out: lpWideCharStr="Unicorn-32917") returned 14 [0176.489] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x222b0f8 | out: hHeap=0x2220000) returned 1 [0176.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpUsedDefaultChar=0x0) returned 45 [0176.489] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpFilePart=0x19e9fc*="Unicorn-32917.exe") returned 0x2c [0176.490] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0176.490] GetLastError () returned 0x20 [0176.490] GetLastError () returned 0x20 [0176.491] SetLastError (dwErrCode=0x20) [0176.491] GetLastError () returned 0x20 [0176.491] SetLastError (dwErrCode=0x20) [0176.491] GetLastError () returned 0x20 [0176.491] SetLastError (dwErrCode=0x20) [0176.491] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0176.491] GetLastError () returned 0x20 [0176.491] GetLastError () returned 0x20 [0176.491] SetLastError (dwErrCode=0x20) [0176.491] GetLastError () returned 0x20 [0176.491] SetLastError (dwErrCode=0x20) [0176.491] GetLastError () returned 0x20 [0176.492] SetLastError (dwErrCode=0x20) [0176.492] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0176.492] GetFileType (hFile=0x254) returned 0x1 [0176.492] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x642df0 [0176.492] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0176.492] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75131 [0176.493] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0176.493] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0176.495] ReadFile (in: hFile=0x254, lpBuffer=0x5cda70, nNumberOfBytesToRead=0x75132, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5cda70*, lpNumberOfBytesRead=0x19eb68*=0x75131, lpOverlapped=0x0) returned 1 [0176.498] CloseHandle (hObject=0x254) returned 1 [0176.501] IMalloc:Free (This=0x7627fec4, pv=0x642df0) [0176.501] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0176.501] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe") returned 44 [0176.501] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0176.501] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe") returned 44 [0176.501] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0176.501] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe", cbMultiByte=-1, lpWideCharStr=0x5c9244, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe") returned 45 [0176.502] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0176.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe", lpUsedDefaultChar=0x0) returned 45 [0176.502] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe", lpFilePart=0x19e9fc*="Unicorn-14432.exe") returned 0x2c [0176.502] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-14432.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0177.015] GetFileType (hFile=0x254) returned 0x1 [0177.015] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x642df0 [0177.016] WriteFile (in: hFile=0x254, lpBuffer=0x5cda70*, nNumberOfBytesToWrite=0x75132, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5cda70*, lpNumberOfBytesWritten=0x19e760*=0x75132, lpOverlapped=0x0) returned 1 [0177.025] CloseHandle (hObject=0x254) returned 1 [0177.037] IMalloc:Free (This=0x7627fec4, pv=0x642df0) [0177.037] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe") returned 44 [0177.037] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0177.037] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe") returned 44 [0177.037] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0177.037] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe", cbMultiByte=-1, lpWideCharStr=0x5c9244, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe") returned 45 [0177.038] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0177.038] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44 | out: lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe", lpProcessInformation=0x19ec44*(hProcess=0x258, hThread=0x254, dwProcessId=0x1100, dwThreadId=0x1148)) returned 1 [0182.531] GetLastError () returned 0x715 [0182.531] WaitForInputIdle (hProcess=0x258, dwMilliseconds=0x2710) returned 0x102 [0195.773] CloseHandle (hObject=0x254) returned 1 [0195.773] CloseHandle (hObject=0x258) returned 1 [0195.774] SafeArrayDestroyDescriptor (psa=0x5c3f28) returned 0x0 [0195.777] GetFocus () returned 0x60346 [0195.777] GetCaretPos (in: lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1 [0195.778] SetTimer (hWnd=0x30336, nIDEvent=0x30336, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x30336 [0195.778] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0195.783] GetCapture () returned 0x0 [0195.784] GetCapture () returned 0x0 [0195.784] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0195.784] GetCapture () returned 0x0 [0195.784] GetCapture () returned 0x0 [0195.784] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0195.786] GetCapture () returned 0x0 [0195.786] GetCapture () returned 0x0 [0195.786] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x85, wParam=0x3040d42, lParam=0x0) returned 0x0 [0195.786] GetCapture () returned 0x0 [0195.786] GetCapture () returned 0x0 [0195.786] IsIconic (hWnd=0x301f8) returned 0 [0195.786] IsIconic (hWnd=0x301f8) returned 0 [0195.789] GetCapture () returned 0x0 [0195.789] GetCapture () returned 0x0 [0195.789] GetParent (hWnd=0x301f8) returned 0x0 [0195.789] GetWindowRect (in: hWnd=0x301f8, lpRect=0x19f910 | out: lpRect=0x19f910) returned 1 [0195.789] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0195.789] GetCapture () returned 0x0 [0195.789] GetCapture () returned 0x0 [0195.789] CPicture::get_Attributes () returned 0x0 [0195.789] IsWindowVisible (hWnd=0x301f8) returned 1 [0195.789] IsIconic (hWnd=0x301f8) returned 0 [0195.789] IsZoomed (hWnd=0x301f8) returned 0 [0195.789] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x5, wParam=0x0, lParam=0x2a902ec) returned 0x0 [0195.790] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f3f0 | out: lpRect=0x19f3f0) returned 1 [0195.790] GetWindow (hWnd=0x301f8, uCmd=0x5) returned 0x30378 [0195.790] GetWindow (hWnd=0x30378, uCmd=0x2) returned 0x60346 [0195.790] GetParent (hWnd=0x30378) returned 0x301f8 [0195.790] GetWindow (hWnd=0x60346, uCmd=0x2) returned 0x30336 [0195.790] GetParent (hWnd=0x60346) returned 0x301f8 [0195.790] GetWindow (hWnd=0x30336, uCmd=0x2) returned 0x0 [0195.790] GetParent (hWnd=0x30336) returned 0x301f8 [0195.790] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0195.791] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f980 | out: lpRect=0x19f980) returned 1 [0195.791] MapWindowPoints (in: hWndFrom=0x301f8, hWndTo=0x0, lpPoints=0x19f980, cPoints=0x2 | out: lpPoints=0x19f980) returned 7209306 [0195.801] GetCapture () returned 0x0 [0195.801] GetCapture () returned 0x0 [0195.801] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0195.801] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0195.801] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0195.802] GetCapture () returned 0x0 [0195.802] GetCapture () returned 0x0 [0195.802] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0195.803] GetCapture () returned 0x0 [0195.803] GetCapture () returned 0x0 [0195.803] IsIconic (hWnd=0x301f8) returned 0 [0195.803] IsIconic (hWnd=0x301f8) returned 0 [0195.803] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0195.804] GetFocus () returned 0x60346 [0195.804] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0195.804] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x14, wParam=0x3010a55, lParam=0x0) returned 0x1 [0195.804] GetFocus () returned 0x60346 [0195.804] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0195.804] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0195.805] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0195.831] IsWindow (hWnd=0x301f8) returned 1 [0195.831] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0195.832] IsIconic (hWnd=0x301f8) returned 0 [0195.832] GetParent (hWnd=0x301f8) returned 0x0 [0195.832] TranslateMessage (lpMsg=0x19fe40) returned 0 [0195.832] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0195.832] GetCapture () returned 0x0 [0195.832] GetCapture () returned 0x0 [0195.832] IsIconic (hWnd=0x301f8) returned 0 [0195.832] GetUpdateRect (in: hWnd=0x301f8, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0195.832] BeginPaint (in: hWnd=0x301f8, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0xdb010907 [0195.832] IsIconic (hWnd=0x301f8) returned 0 [0195.832] IsIconic (hWnd=0x301f8) returned 0 [0195.832] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0195.832] OleTranslateColor () returned 0x0 [0195.832] OleTranslateColor () returned 0x0 [0195.832] OleTranslateColor () returned 0x0 [0195.833] OleTranslateColor () returned 0x0 [0195.833] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0195.833] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0195.833] CPicture::get_Type () returned 0x0 [0195.833] CPicture::get_Type () returned 0x0 [0195.833] CPicture::get_Width () returned 0x0 [0195.833] CPicture::get_Height () returned 0x0 [0195.833] CPicture::get_Attributes () returned 0x0 [0195.833] CPicture::Render () returned 0x0 [0195.926] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0195.926] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0195.926] GetClipBox (in: hdc=0xdb010907, lprect=0x19fa20 | out: lprect=0x19fa20) returned 3 [0195.926] SaveDC (hdc=0xdb010907) returned 1 [0195.926] SelectObject (hdc=0xdb010907, h=0x900015) returned 0x900015 [0195.926] SelectObject (hdc=0xdb010907, h=0xb00016) returned 0x4f3006ac [0195.926] SetROP2 (hdc=0xdb010907, rop2=13) returned 13 [0195.926] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0195.926] OleTranslateColor () returned 0x0 [0195.926] OleTranslateColor () returned 0x0 [0195.926] SetTextColor (hdc=0xdb010907, color=0xff00ff) returned 0x0 [0195.926] SetBkColor (hdc=0xdb010907, color=0xf0f0f0) returned 0x0 [0195.926] SetBkMode (hdc=0xdb010907, mode=1) returned 1 [0195.926] SelectObject (hdc=0xdb010907, h=0x580a0902) returned 0x320a08c8 [0195.926] GetViewportExtEx (in: hdc=0xdb010907, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0195.926] GetWindowExtEx (in: hdc=0xdb010907, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0195.927] SaveDC (hdc=0xdb010907) returned 2 [0195.927] IntersectClipRect (hdc=0xdb010907, left=72, top=296, right=769, bottom=385) returned 3 [0195.927] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe") returned 44 [0195.927] GetTextMetricsA (in: hdc=0xdb010907, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0195.927] GetTextExtentPointA (in: hdc=0xdb010907, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0195.927] TextOutA (hdc=0xdb010907, x=72, y=296, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe", c=44) returned 1 [0195.927] GetTextExtentPointA (in: hdc=0xdb010907, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0195.927] RestoreDC (hdc=0xdb010907, nSavedDC=-1) returned 1 [0195.928] SetTextColor (hdc=0xdb010907, color=0x0) returned 0xff00ff [0195.928] SetBkColor (hdc=0xdb010907, color=0x0) returned 0xf0f0f0 [0195.928] SelectObject (hdc=0xdb010907, h=0x320a08c8) returned 0x580a0902 [0195.928] RestoreDC (hdc=0xdb010907, nSavedDC=1) returned 1 [0195.928] EndPaint (hWnd=0x301f8, lpPaint=0x19fab0) returned 1 [0195.928] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0195.929] IsWindow (hWnd=0x60346) returned 1 [0195.929] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0195.929] IsIconic (hWnd=0x301f8) returned 0 [0195.929] GetParent (hWnd=0x60346) returned 0x301f8 [0195.929] TranslateMessage (lpMsg=0x19fe40) returned 0 [0195.929] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0195.929] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0195.929] GetCapture () returned 0x0 [0195.929] GetCapture () returned 0x0 [0195.929] IsWindow (hWnd=0x60346) returned 1 [0195.929] OleTranslateColor () returned 0x0 [0195.929] OleTranslateColor () returned 0x0 [0195.929] SetTextColor (hdc=0x3010a55, color=0x0) returned 0x0 [0195.929] SetBkColor (hdc=0x3010a55, color=0xffffff) returned 0xffffff [0195.929] OleTranslateColor () returned 0x0 [0195.930] GetCapture () returned 0x0 [0195.930] GetCapture () returned 0x0 [0195.930] IsWindow (hWnd=0x60346) returned 1 [0195.930] OleTranslateColor () returned 0x0 [0195.930] OleTranslateColor () returned 0x0 [0195.930] SetTextColor (hdc=0x3010a55, color=0x0) returned 0x0 [0195.930] SetBkColor (hdc=0x3010a55, color=0xffffff) returned 0xffffff [0195.930] OleTranslateColor () returned 0x0 [0208.553] GetFocus () returned 0x60346 [0208.553] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0208.553] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0208.553] IsWindow (hWnd=0x30378) returned 1 [0208.553] GetWindowLongA (hWnd=0x30378, nIndex=-16) returned 1140916224 [0208.553] IsIconic (hWnd=0x301f8) returned 0 [0208.554] GetParent (hWnd=0x30378) returned 0x301f8 [0208.554] TranslateMessage (lpMsg=0x19fe40) returned 0 [0208.554] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0208.554] KillTimer (hWnd=0x30378, uIDEvent=0x30378) returned 1 [0208.554] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0208.554] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0208.555] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0208.555] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0208.555] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0208.555] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0208.555] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0208.555] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0208.556] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0208.556] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0208.556] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0208.556] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0208.556] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0208.556] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0208.556] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0208.556] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0208.556] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0208.556] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0208.556] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b068 [0208.557] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0208.557] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0208.557] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0208.557] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x5a9cc4, cchWideChar=14 | out: lpWideCharStr="Unicorn-32917") returned 14 [0208.557] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x222b068 | out: hHeap=0x2220000) returned 1 [0208.558] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0208.558] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5a9fbc, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0208.558] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0208.558] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x963caf, ExceptionRecord=0x0, ReturnValue=0x0) [0208.559] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0208.559] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5a9cc4, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0208.559] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0208.559] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x963caf, ExceptionRecord=0x0, ReturnValue=0x0) [0208.559] SetTimer (hWnd=0x30378, nIDEvent=0x30378, uElapse=0x2328, lpTimerFunc=0x0) returned 0x30378 [0208.559] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0208.560] IsWindow (hWnd=0x30336) returned 1 [0208.560] GetWindowLongA (hWnd=0x30336, nIndex=-16) returned 1140916224 [0208.560] IsIconic (hWnd=0x301f8) returned 0 [0208.560] GetParent (hWnd=0x30336) returned 0x301f8 [0208.560] TranslateMessage (lpMsg=0x19fe40) returned 0 [0208.560] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0208.560] KillTimer (hWnd=0x30336, uIDEvent=0x30336) returned 1 [0208.560] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x21, wSecond=0x2a, wMilliseconds=0xab)) [0208.561] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0208.561] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0208.561] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0208.561] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0208.561] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0208.561] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0208.561] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0208.561] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0208.562] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0208.562] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0208.562] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0208.562] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0208.562] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0208.562] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0208.562] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe") returned 0x2c [0208.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe", cchWideChar=45, lpMultiByteStr=0x5c91dc, cbMultiByte=89, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe", lpUsedDefaultChar=0x0) returned 45 [0208.562] lstrcmpA (lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-14432.exe", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe") returned -1 [0208.562] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe") returned 44 [0208.562] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0208.563] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0208.563] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0208.563] InvalidateRect (hWnd=0x301f8, lpRect=0x19f8e8, bErase=1) returned 1 [0208.563] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0208.563] GetFocus () returned 0x60346 [0208.563] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0208.563] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x2a43a50 [0208.563] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd, wParam=0x2, lParam=0x2a43a50) returned 0x1 [0208.563] GetFocus () returned 0x60346 [0208.563] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0208.564] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="5", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0208.564] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="5", cbMultiByte=-1, lpWideCharStr=0x5a9cc4, cchWideChar=2 | out: lpWideCharStr="5") returned 2 [0208.564] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0208.564] GetUserDefaultLCID () returned 0x409 [0208.564] VarR8FromStr (in: strIn="5", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0208.564] GetUserDefaultLCID () returned 0x409 [0208.564] VarBstrFromR8 (in: dblIn=0x0, lcid=0x40180000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0208.564] SysStringLen (param_1="6") returned 0x1 [0208.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="6", cchWideChar=2, lpMultiByteStr=0x5a9f94, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="6", lpUsedDefaultChar=0x0) returned 2 [0208.564] SetWindowTextA (hWnd=0x60346, lpString="6") returned 1 [0208.564] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0208.564] GetFocus () returned 0x60346 [0208.564] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0208.564] lstrlenA (lpString="6") returned 1 [0208.564] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x2a43a50 [0208.564] GetWindowTextA (in: hWnd=0x60346, lpString=0x2a43a50, nMaxCount=2 | out: lpString="5") returned 1 [0208.564] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd, wParam=0x2, lParam=0x2a43a50) returned 0x1 [0208.564] GetFocus () returned 0x60346 [0208.564] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0208.565] lstrcmpA (lpString1="5", lpString2="6") returned -1 [0208.565] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0208.565] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xc, wParam=0x0, lParam=0x5a9f94) returned 0x1 [0208.565] GetCapture () returned 0x0 [0208.565] GetCapture () returned 0x0 [0208.565] IsWindow (hWnd=0x60346) returned 1 [0208.565] IsWindow (hWnd=0x60346) returned 1 [0208.565] GetCapture () returned 0x0 [0208.565] GetCapture () returned 0x0 [0208.565] IsWindow (hWnd=0x60346) returned 1 [0208.565] IsWindow (hWnd=0x60346) returned 1 [0208.565] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x21, wSecond=0x2a, wMilliseconds=0xab)) [0208.566] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0208.566] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0208.566] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0208.566] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0208.566] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0208.566] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0208.566] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0208.566] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0208.567] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0208.567] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0208.567] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0208.567] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0208.567] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0208.567] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0208.567] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0208.567] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0208.567] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0208.567] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0208.567] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b068 [0208.568] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0208.568] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0208.568] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0208.568] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x5a9db4, cchWideChar=14 | out: lpWideCharStr="Unicorn-32917") returned 14 [0208.568] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x222b068 | out: hHeap=0x2220000) returned 1 [0208.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpUsedDefaultChar=0x0) returned 45 [0208.569] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpFilePart=0x19e9fc*="Unicorn-32917.exe") returned 0x2c [0208.569] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0208.569] GetLastError () returned 0x20 [0208.570] GetLastError () returned 0x20 [0208.570] SetLastError (dwErrCode=0x20) [0208.570] GetLastError () returned 0x20 [0208.570] SetLastError (dwErrCode=0x20) [0208.570] GetLastError () returned 0x20 [0208.570] SetLastError (dwErrCode=0x20) [0208.570] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0208.570] GetLastError () returned 0x20 [0208.570] GetLastError () returned 0x20 [0208.570] SetLastError (dwErrCode=0x20) [0208.570] GetLastError () returned 0x20 [0208.570] SetLastError (dwErrCode=0x20) [0208.570] GetLastError () returned 0x20 [0208.570] SetLastError (dwErrCode=0x20) [0208.570] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0208.571] GetFileType (hFile=0x258) returned 0x1 [0208.571] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x642df0 [0208.571] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.571] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75131 [0208.571] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0208.571] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0208.573] ReadFile (in: hFile=0x258, lpBuffer=0x5cda70, nNumberOfBytesToRead=0x75132, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5cda70*, lpNumberOfBytesRead=0x19eb68*=0x75131, lpOverlapped=0x0) returned 1 [0208.576] CloseHandle (hObject=0x258) returned 1 [0208.577] IMalloc:Free (This=0x7627fec4, pv=0x642df0) [0208.577] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0208.577] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe") returned 44 [0208.577] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0208.577] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe") returned 44 [0208.577] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0208.577] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe", cbMultiByte=-1, lpWideCharStr=0x5c91dc, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe") returned 45 [0208.577] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0208.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe", lpUsedDefaultChar=0x0) returned 45 [0208.578] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe", lpFilePart=0x19e9fc*="Unicorn-48133.exe") returned 0x2c [0208.578] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-48133.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0208.578] GetFileType (hFile=0x258) returned 0x1 [0208.578] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x642df0 [0208.578] WriteFile (in: hFile=0x258, lpBuffer=0x5cda70*, nNumberOfBytesToWrite=0x75132, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5cda70*, lpNumberOfBytesWritten=0x19e760*=0x75132, lpOverlapped=0x0) returned 1 [0208.588] CloseHandle (hObject=0x258) returned 1 [0209.751] IMalloc:Free (This=0x7627fec4, pv=0x642df0) [0209.751] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe") returned 44 [0209.751] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0209.751] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe") returned 44 [0209.751] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0209.751] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe", cbMultiByte=-1, lpWideCharStr=0x5c91dc, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe") returned 45 [0209.751] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0209.751] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44 | out: lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe", lpProcessInformation=0x19ec44*(hProcess=0x254, hThread=0x258, dwProcessId=0x1700, dwThreadId=0x132c)) returned 1 [0211.216] GetLastError () returned 0x715 [0211.216] WaitForInputIdle (hProcess=0x254, dwMilliseconds=0x2710) returned 0x102 [0226.582] CloseHandle (hObject=0x258) returned 1 [0226.582] CloseHandle (hObject=0x254) returned 1 [0226.583] SafeArrayDestroyDescriptor (psa=0x5c3f28) returned 0x0 [0226.584] GetFocus () returned 0x60346 [0226.585] GetCaretPos (in: lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1 [0226.585] SetTimer (hWnd=0x30336, nIDEvent=0x30336, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x30336 [0226.586] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0226.592] GetCapture () returned 0x0 [0226.592] GetCapture () returned 0x0 [0226.592] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0226.593] GetCapture () returned 0x0 [0226.593] GetCapture () returned 0x0 [0226.593] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0226.753] GetCapture () returned 0x0 [0226.753] GetCapture () returned 0x0 [0226.753] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x85, wParam=0x30410bd, lParam=0x0) returned 0x0 [0226.754] GetCapture () returned 0x0 [0226.754] GetCapture () returned 0x0 [0226.754] IsIconic (hWnd=0x301f8) returned 0 [0226.754] IsIconic (hWnd=0x301f8) returned 0 [0226.754] GetCapture () returned 0x0 [0226.754] GetCapture () returned 0x0 [0226.754] GetParent (hWnd=0x301f8) returned 0x0 [0226.754] GetWindowRect (in: hWnd=0x301f8, lpRect=0x19f910 | out: lpRect=0x19f910) returned 1 [0226.755] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0226.755] GetCapture () returned 0x0 [0226.755] GetCapture () returned 0x0 [0226.755] CPicture::get_Attributes () returned 0x0 [0226.755] IsWindowVisible (hWnd=0x301f8) returned 1 [0226.755] IsIconic (hWnd=0x301f8) returned 0 [0226.755] IsZoomed (hWnd=0x301f8) returned 0 [0226.755] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x5, wParam=0x0, lParam=0x2a902ec) returned 0x0 [0226.755] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f3f0 | out: lpRect=0x19f3f0) returned 1 [0226.755] GetWindow (hWnd=0x301f8, uCmd=0x5) returned 0x30378 [0226.755] GetWindow (hWnd=0x30378, uCmd=0x2) returned 0x60346 [0226.755] GetParent (hWnd=0x30378) returned 0x301f8 [0226.755] GetWindow (hWnd=0x60346, uCmd=0x2) returned 0x30336 [0226.755] GetParent (hWnd=0x60346) returned 0x301f8 [0226.755] GetWindow (hWnd=0x30336, uCmd=0x2) returned 0x0 [0226.755] GetParent (hWnd=0x30336) returned 0x301f8 [0226.755] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0226.755] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f980 | out: lpRect=0x19f980) returned 1 [0226.755] MapWindowPoints (in: hWndFrom=0x301f8, hWndTo=0x0, lpPoints=0x19f980, cPoints=0x2 | out: lpPoints=0x19f980) returned 7209306 [0226.760] GetCapture () returned 0x0 [0226.760] GetCapture () returned 0x0 [0226.760] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0226.760] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0226.760] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0226.761] GetCapture () returned 0x0 [0226.761] GetCapture () returned 0x0 [0226.761] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0226.762] GetCapture () returned 0x0 [0226.762] GetCapture () returned 0x0 [0226.762] IsIconic (hWnd=0x301f8) returned 0 [0226.762] IsIconic (hWnd=0x301f8) returned 0 [0226.762] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0226.762] GetFocus () returned 0x60346 [0226.763] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0226.763] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x14, wParam=0xa010ed4, lParam=0x0) returned 0x1 [0226.763] GetFocus () returned 0x60346 [0226.763] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0226.763] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0226.763] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0226.766] IsWindow (hWnd=0x301f8) returned 1 [0226.766] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0226.766] IsIconic (hWnd=0x301f8) returned 0 [0226.766] GetParent (hWnd=0x301f8) returned 0x0 [0226.766] TranslateMessage (lpMsg=0x19fe40) returned 0 [0226.766] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0226.766] GetCapture () returned 0x0 [0226.766] GetCapture () returned 0x0 [0226.766] IsIconic (hWnd=0x301f8) returned 0 [0226.766] GetUpdateRect (in: hWnd=0x301f8, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0226.766] BeginPaint (in: hWnd=0x301f8, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0xdb010907 [0226.766] IsIconic (hWnd=0x301f8) returned 0 [0226.766] IsIconic (hWnd=0x301f8) returned 0 [0226.769] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0226.770] OleTranslateColor () returned 0x0 [0226.770] OleTranslateColor () returned 0x0 [0226.770] OleTranslateColor () returned 0x0 [0226.770] OleTranslateColor () returned 0x0 [0226.770] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0226.770] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0226.770] CPicture::get_Type () returned 0x0 [0226.770] CPicture::get_Type () returned 0x0 [0226.770] CPicture::get_Width () returned 0x0 [0226.770] CPicture::get_Height () returned 0x0 [0226.770] CPicture::get_Attributes () returned 0x0 [0226.770] CPicture::Render () returned 0x0 [0230.588] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0230.588] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0230.588] GetClipBox (in: hdc=0xdb010907, lprect=0x19fa20 | out: lprect=0x19fa20) returned 3 [0230.588] SaveDC (hdc=0xdb010907) returned 1 [0230.588] SelectObject (hdc=0xdb010907, h=0x900015) returned 0x900015 [0230.588] SelectObject (hdc=0xdb010907, h=0xb00016) returned 0x4f3006ac [0230.588] SetROP2 (hdc=0xdb010907, rop2=13) returned 13 [0230.588] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0230.588] OleTranslateColor () returned 0x0 [0230.588] OleTranslateColor () returned 0x0 [0230.588] SetTextColor (hdc=0xdb010907, color=0xff00ff) returned 0x0 [0230.588] SetBkColor (hdc=0xdb010907, color=0xf0f0f0) returned 0x0 [0230.588] SetBkMode (hdc=0xdb010907, mode=1) returned 1 [0230.588] SelectObject (hdc=0xdb010907, h=0x580a0902) returned 0x320a08c8 [0230.589] GetViewportExtEx (in: hdc=0xdb010907, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0230.589] GetWindowExtEx (in: hdc=0xdb010907, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0230.589] SaveDC (hdc=0xdb010907) returned 2 [0230.589] IntersectClipRect (hdc=0xdb010907, left=72, top=296, right=769, bottom=385) returned 3 [0230.589] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe") returned 44 [0230.589] GetTextMetricsA (in: hdc=0xdb010907, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0230.589] GetTextExtentPointA (in: hdc=0xdb010907, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0230.589] TextOutA (hdc=0xdb010907, x=72, y=296, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe", c=44) returned 1 [0230.589] GetTextExtentPointA (in: hdc=0xdb010907, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0230.589] RestoreDC (hdc=0xdb010907, nSavedDC=-1) returned 1 [0230.590] SetTextColor (hdc=0xdb010907, color=0x0) returned 0xff00ff [0230.590] SetBkColor (hdc=0xdb010907, color=0x0) returned 0xf0f0f0 [0230.590] SelectObject (hdc=0xdb010907, h=0x320a08c8) returned 0x580a0902 [0230.590] RestoreDC (hdc=0xdb010907, nSavedDC=1) returned 1 [0230.590] EndPaint (hWnd=0x301f8, lpPaint=0x19fab0) returned 1 [0230.590] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0230.590] IsWindow (hWnd=0x60346) returned 1 [0230.590] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0230.590] IsIconic (hWnd=0x301f8) returned 0 [0230.590] GetParent (hWnd=0x60346) returned 0x301f8 [0230.590] TranslateMessage (lpMsg=0x19fe40) returned 0 [0230.590] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0230.591] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0230.591] GetCapture () returned 0x0 [0230.591] GetCapture () returned 0x0 [0230.591] IsWindow (hWnd=0x60346) returned 1 [0230.591] OleTranslateColor () returned 0x0 [0230.591] OleTranslateColor () returned 0x0 [0230.591] SetTextColor (hdc=0xcd010de7, color=0x0) returned 0x0 [0230.591] SetBkColor (hdc=0xcd010de7, color=0xffffff) returned 0xffffff [0230.591] OleTranslateColor () returned 0x0 [0230.591] GetCapture () returned 0x0 [0230.591] GetCapture () returned 0x0 [0230.591] IsWindow (hWnd=0x60346) returned 1 [0230.591] OleTranslateColor () returned 0x0 [0230.591] OleTranslateColor () returned 0x0 [0230.591] SetTextColor (hdc=0xcd010de7, color=0x0) returned 0x0 [0230.591] SetBkColor (hdc=0xcd010de7, color=0xffffff) returned 0xffffff [0230.591] OleTranslateColor () returned 0x0 [0243.467] GetFocus () returned 0x60346 [0243.467] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0243.468] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0243.468] IsWindow (hWnd=0x30378) returned 1 [0243.468] GetWindowLongA (hWnd=0x30378, nIndex=-16) returned 1140916224 [0243.468] IsIconic (hWnd=0x301f8) returned 0 [0243.468] GetParent (hWnd=0x30378) returned 0x301f8 [0243.468] TranslateMessage (lpMsg=0x19fe40) returned 0 [0243.468] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0243.468] KillTimer (hWnd=0x30378, uIDEvent=0x30378) returned 1 [0243.469] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0243.469] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0243.469] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0243.469] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0243.469] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0243.469] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0243.469] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0243.470] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0243.470] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0243.470] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0243.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0243.471] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0243.471] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0243.471] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0243.471] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0243.471] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0243.471] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0243.471] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0243.471] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b068 [0243.471] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0243.471] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0243.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0243.472] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x5a9db4, cchWideChar=14 | out: lpWideCharStr="Unicorn-32917") returned 14 [0243.472] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x222b068 | out: hHeap=0x2220000) returned 1 [0243.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0243.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5a9f94, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0243.473] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0243.473] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x963caf, ExceptionRecord=0x0, ReturnValue=0x0) [0243.474] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0243.474] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5a9db4, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0243.474] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0243.474] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x963caf, ExceptionRecord=0x0, ReturnValue=0x0) [0243.474] SetTimer (hWnd=0x30378, nIDEvent=0x30378, uElapse=0x2328, lpTimerFunc=0x0) returned 0x30378 [0243.475] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0243.475] IsWindow (hWnd=0x30336) returned 1 [0243.475] GetWindowLongA (hWnd=0x30336, nIndex=-16) returned 1140916224 [0243.475] IsIconic (hWnd=0x301f8) returned 0 [0243.475] GetParent (hWnd=0x30336) returned 0x301f8 [0243.475] TranslateMessage (lpMsg=0x19fe40) returned 0 [0243.475] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0243.475] KillTimer (hWnd=0x30336, uIDEvent=0x30336) returned 1 [0243.475] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x22, wSecond=0x11, wMilliseconds=0x56)) [0243.476] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0243.476] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0243.476] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0243.476] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0243.476] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0243.476] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0243.476] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0243.476] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0243.477] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0243.477] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0243.477] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0243.477] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0243.477] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0243.477] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0243.477] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe") returned 0x2c [0243.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe", cchWideChar=45, lpMultiByteStr=0x5c92ac, cbMultiByte=89, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe", lpUsedDefaultChar=0x0) returned 45 [0243.477] lstrcmpA (lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-48133.exe", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe") returned 1 [0243.477] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe") returned 44 [0243.477] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0243.478] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0243.478] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0243.478] InvalidateRect (hWnd=0x301f8, lpRect=0x19f8e8, bErase=1) returned 1 [0243.478] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0243.478] GetFocus () returned 0x60346 [0243.478] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0243.479] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x2a43a50 [0243.479] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd, wParam=0x2, lParam=0x2a43a50) returned 0x1 [0243.479] GetFocus () returned 0x60346 [0243.479] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0243.479] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="6", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0243.479] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="6", cbMultiByte=-1, lpWideCharStr=0x5a9db4, cchWideChar=2 | out: lpWideCharStr="6") returned 2 [0243.479] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0243.479] GetUserDefaultLCID () returned 0x409 [0243.479] VarR8FromStr (in: strIn="6", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0243.479] GetUserDefaultLCID () returned 0x409 [0243.479] VarBstrFromR8 (in: dblIn=0x0, lcid=0x401c0000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0243.479] SysStringLen (param_1="7") returned 0x1 [0243.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7", cchWideChar=2, lpMultiByteStr=0x5a9cc4, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7", lpUsedDefaultChar=0x0) returned 2 [0243.479] SetWindowTextA (hWnd=0x60346, lpString="7") returned 1 [0243.479] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0243.479] GetFocus () returned 0x60346 [0243.479] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0243.480] lstrlenA (lpString="7") returned 1 [0243.480] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x2a43a50 [0243.480] GetWindowTextA (in: hWnd=0x60346, lpString=0x2a43a50, nMaxCount=2 | out: lpString="6") returned 1 [0243.480] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd, wParam=0x2, lParam=0x2a43a50) returned 0x1 [0243.480] GetFocus () returned 0x60346 [0243.480] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0243.480] lstrcmpA (lpString1="6", lpString2="7") returned -1 [0243.480] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0243.480] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xc, wParam=0x0, lParam=0x5a9cc4) returned 0x1 [0243.480] GetCapture () returned 0x0 [0243.480] GetCapture () returned 0x0 [0243.480] IsWindow (hWnd=0x60346) returned 1 [0243.480] IsWindow (hWnd=0x60346) returned 1 [0243.480] GetCapture () returned 0x0 [0243.480] GetCapture () returned 0x0 [0243.480] IsWindow (hWnd=0x60346) returned 1 [0243.481] IsWindow (hWnd=0x60346) returned 1 [0243.481] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x22, wSecond=0x11, wMilliseconds=0x56)) [0243.482] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0243.482] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0243.482] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0243.482] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0243.482] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0243.482] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0243.482] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0243.482] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0243.483] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0243.483] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0243.483] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0243.483] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0243.483] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0243.483] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0243.483] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0243.483] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0243.483] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0243.483] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0243.483] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b068 [0243.484] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0243.484] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0243.484] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0243.484] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x5a9fbc, cchWideChar=14 | out: lpWideCharStr="Unicorn-32917") returned 14 [0243.484] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x222b068 | out: hHeap=0x2220000) returned 1 [0243.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpUsedDefaultChar=0x0) returned 45 [0243.484] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpFilePart=0x19e9fc*="Unicorn-32917.exe") returned 0x2c [0243.485] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0243.486] GetLastError () returned 0x20 [0243.486] GetLastError () returned 0x20 [0243.486] SetLastError (dwErrCode=0x20) [0243.486] GetLastError () returned 0x20 [0243.486] SetLastError (dwErrCode=0x20) [0243.486] GetLastError () returned 0x20 [0243.486] SetLastError (dwErrCode=0x20) [0243.486] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0243.486] GetLastError () returned 0x20 [0243.486] GetLastError () returned 0x20 [0243.486] SetLastError (dwErrCode=0x20) [0243.486] GetLastError () returned 0x20 [0243.486] SetLastError (dwErrCode=0x20) [0243.487] GetLastError () returned 0x20 [0243.487] SetLastError (dwErrCode=0x20) [0243.487] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0243.487] GetFileType (hFile=0x254) returned 0x1 [0243.487] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x642df0 [0243.487] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0243.487] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75131 [0243.488] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0243.488] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0243.490] ReadFile (in: hFile=0x254, lpBuffer=0x5cda70, nNumberOfBytesToRead=0x75132, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5cda70*, lpNumberOfBytesRead=0x19eb68*=0x75131, lpOverlapped=0x0) returned 1 [0244.792] CloseHandle (hObject=0x254) returned 1 [0244.792] IMalloc:Free (This=0x7627fec4, pv=0x642df0) [0244.792] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0244.792] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe") returned 44 [0244.792] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0244.792] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe") returned 44 [0244.792] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0244.793] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe", cbMultiByte=-1, lpWideCharStr=0x5c92ac, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe") returned 45 [0244.793] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0244.793] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe", lpUsedDefaultChar=0x0) returned 45 [0244.793] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe", lpFilePart=0x19e9fc*="Unicorn-21549.exe") returned 0x2c [0244.793] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-21549.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0244.794] GetFileType (hFile=0x254) returned 0x1 [0244.795] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x642df0 [0244.795] WriteFile (in: hFile=0x254, lpBuffer=0x5cda70*, nNumberOfBytesToWrite=0x75132, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5cda70*, lpNumberOfBytesWritten=0x19e760*=0x75132, lpOverlapped=0x0) returned 1 [0244.815] CloseHandle (hObject=0x254) returned 1 [0244.829] IMalloc:Free (This=0x7627fec4, pv=0x642df0) [0244.829] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe") returned 44 [0244.829] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0244.829] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe") returned 44 [0244.829] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0244.829] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe", cbMultiByte=-1, lpWideCharStr=0x5c92ac, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe") returned 45 [0244.829] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0244.829] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44 | out: lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe", lpProcessInformation=0x19ec44*(hProcess=0x258, hThread=0x254, dwProcessId=0x1760, dwThreadId=0x172c)) returned 1 [0245.862] GetLastError () returned 0x715 [0245.862] WaitForInputIdle (hProcess=0x258, dwMilliseconds=0x2710) returned 0x102 [0260.038] CloseHandle (hObject=0x254) returned 1 [0260.038] CloseHandle (hObject=0x258) returned 1 [0260.039] SafeArrayDestroyDescriptor (psa=0x5c3b38) returned 0x0 [0260.039] GetFocus () returned 0x60346 [0260.040] GetCaretPos (in: lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1 [0260.040] SetTimer (hWnd=0x30336, nIDEvent=0x30336, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x30336 [0260.041] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0260.041] IsWindow (hWnd=0x301f8) returned 1 [0260.041] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0260.041] IsIconic (hWnd=0x301f8) returned 0 [0260.041] GetParent (hWnd=0x301f8) returned 0x0 [0260.041] TranslateMessage (lpMsg=0x19fe40) returned 0 [0260.041] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0260.041] GetCapture () returned 0x0 [0260.041] GetCapture () returned 0x0 [0260.041] IsIconic (hWnd=0x301f8) returned 0 [0260.041] GetUpdateRect (in: hWnd=0x301f8, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0260.041] BeginPaint (in: hWnd=0x301f8, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0xdb010907 [0260.042] GetCapture () returned 0x0 [0260.042] GetCapture () returned 0x0 [0260.042] IsIconic (hWnd=0x301f8) returned 0 [0260.042] IsIconic (hWnd=0x301f8) returned 0 [0260.042] IsIconic (hWnd=0x301f8) returned 0 [0260.042] IsIconic (hWnd=0x301f8) returned 0 [0260.042] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0260.042] OleTranslateColor () returned 0x0 [0260.042] OleTranslateColor () returned 0x0 [0260.042] OleTranslateColor () returned 0x0 [0260.042] OleTranslateColor () returned 0x0 [0260.042] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0260.042] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0260.042] CPicture::get_Type () returned 0x0 [0260.042] CPicture::get_Type () returned 0x0 [0260.042] CPicture::get_Width () returned 0x0 [0260.042] CPicture::get_Height () returned 0x0 [0260.042] CPicture::get_Attributes () returned 0x0 [0260.042] CPicture::Render () returned 0x0 [0260.044] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0260.044] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0260.044] GetClipBox (in: hdc=0xdb010907, lprect=0x19fa20 | out: lprect=0x19fa20) returned 2 [0260.044] SaveDC (hdc=0xdb010907) returned 1 [0260.044] SelectObject (hdc=0xdb010907, h=0x900015) returned 0x900015 [0260.044] SelectObject (hdc=0xdb010907, h=0xb00016) returned 0x4f3006ac [0260.044] SetROP2 (hdc=0xdb010907, rop2=13) returned 13 [0260.044] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0260.044] OleTranslateColor () returned 0x0 [0260.044] OleTranslateColor () returned 0x0 [0260.044] SetTextColor (hdc=0xdb010907, color=0xff00ff) returned 0x0 [0260.044] SetBkColor (hdc=0xdb010907, color=0xf0f0f0) returned 0x0 [0260.044] SetBkMode (hdc=0xdb010907, mode=1) returned 1 [0260.044] SelectObject (hdc=0xdb010907, h=0x580a0902) returned 0x320a08c8 [0260.044] GetViewportExtEx (in: hdc=0xdb010907, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0260.045] GetWindowExtEx (in: hdc=0xdb010907, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0260.045] SaveDC (hdc=0xdb010907) returned 2 [0260.045] IntersectClipRect (hdc=0xdb010907, left=72, top=296, right=769, bottom=385) returned 3 [0260.045] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe") returned 44 [0260.045] GetTextMetricsA (in: hdc=0xdb010907, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0260.045] GetTextExtentPointA (in: hdc=0xdb010907, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0260.045] TextOutA (hdc=0xdb010907, x=72, y=296, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe", c=44) returned 1 [0260.045] GetTextExtentPointA (in: hdc=0xdb010907, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0260.045] RestoreDC (hdc=0xdb010907, nSavedDC=-1) returned 1 [0260.047] SetTextColor (hdc=0xdb010907, color=0x0) returned 0xff00ff [0260.047] SetBkColor (hdc=0xdb010907, color=0x0) returned 0xf0f0f0 [0260.048] SelectObject (hdc=0xdb010907, h=0x320a08c8) returned 0x580a0902 [0260.048] RestoreDC (hdc=0xdb010907, nSavedDC=1) returned 1 [0260.048] EndPaint (hWnd=0x301f8, lpPaint=0x19fab0) returned 1 [0260.048] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0260.048] IsWindow (hWnd=0x60346) returned 1 [0260.048] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0260.048] IsIconic (hWnd=0x301f8) returned 0 [0260.048] GetParent (hWnd=0x60346) returned 0x301f8 [0260.048] TranslateMessage (lpMsg=0x19fe40) returned 0 [0260.048] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0260.048] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0260.049] GetCapture () returned 0x0 [0260.049] GetCapture () returned 0x0 [0260.049] IsWindow (hWnd=0x60346) returned 1 [0260.049] OleTranslateColor () returned 0x0 [0260.049] OleTranslateColor () returned 0x0 [0260.049] SetTextColor (hdc=0x19011341, color=0x0) returned 0x0 [0260.049] SetBkColor (hdc=0x19011341, color=0xffffff) returned 0xffffff [0260.049] OleTranslateColor () returned 0x0 [0260.049] GetCapture () returned 0x0 [0260.049] GetCapture () returned 0x0 [0260.049] IsWindow (hWnd=0x60346) returned 1 [0260.049] OleTranslateColor () returned 0x0 [0260.049] OleTranslateColor () returned 0x0 [0260.049] SetTextColor (hdc=0x19011341, color=0x0) returned 0x0 [0260.049] SetBkColor (hdc=0x19011341, color=0xffffff) returned 0xffffff [0260.049] OleTranslateColor () returned 0x0 [0275.026] GetFocus () returned 0x60346 [0275.026] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0275.029] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0275.029] IsWindow (hWnd=0x30378) returned 1 [0275.029] GetWindowLongA (hWnd=0x30378, nIndex=-16) returned 1140916224 [0275.030] IsIconic (hWnd=0x301f8) returned 0 [0275.030] GetParent (hWnd=0x30378) returned 0x301f8 [0275.030] TranslateMessage (lpMsg=0x19fe40) returned 0 [0275.030] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0275.030] KillTimer (hWnd=0x30378, uIDEvent=0x30378) returned 1 [0275.031] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0275.031] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0275.031] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0275.031] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0275.031] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0275.031] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0275.031] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0275.032] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0275.032] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0275.032] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0275.032] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0275.032] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0275.032] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0275.032] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0275.032] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0275.032] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0275.032] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0275.032] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0275.033] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b0f8 [0275.033] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0275.033] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0275.033] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0275.033] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x5a9fbc, cchWideChar=14 | out: lpWideCharStr="Unicorn-32917") returned 14 [0275.033] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x222b0f8 | out: hHeap=0x2220000) returned 1 [0275.034] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0275.034] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5a9cc4, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0275.034] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0275.034] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x963caf, ExceptionRecord=0x0, ReturnValue=0x0) [0275.035] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0275.035] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5a9fbc, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0275.035] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0275.035] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x963caf, ExceptionRecord=0x0, ReturnValue=0x0) [0275.036] SetTimer (hWnd=0x30378, nIDEvent=0x30378, uElapse=0x2328, lpTimerFunc=0x0) returned 0x30378 [0275.036] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0275.036] IsWindow (hWnd=0x30336) returned 1 [0275.036] GetWindowLongA (hWnd=0x30336, nIndex=-16) returned 1140916224 [0275.036] IsIconic (hWnd=0x301f8) returned 0 [0275.036] GetParent (hWnd=0x30336) returned 0x301f8 [0275.036] TranslateMessage (lpMsg=0x19fe40) returned 0 [0275.036] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0275.036] KillTimer (hWnd=0x30336, uIDEvent=0x30336) returned 1 [0275.037] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x22, wSecond=0x30, wMilliseconds=0x287)) [0275.037] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0275.037] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0275.037] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0275.037] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0275.037] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0275.037] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0275.037] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0275.038] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0275.038] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0275.038] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0275.038] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0275.038] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0275.038] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0275.038] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0275.038] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe") returned 0x2c [0275.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe", cchWideChar=45, lpMultiByteStr=0x5c9244, cbMultiByte=89, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe", lpUsedDefaultChar=0x0) returned 45 [0275.039] lstrcmpA (lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21549.exe", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe") returned -1 [0275.039] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe") returned 44 [0275.039] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0275.039] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0275.039] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0275.039] InvalidateRect (hWnd=0x301f8, lpRect=0x19f8e8, bErase=1) returned 1 [0275.040] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0275.040] GetFocus () returned 0x60346 [0275.040] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0275.040] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x2a43a50 [0275.040] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd, wParam=0x2, lParam=0x2a43a50) returned 0x1 [0275.040] GetFocus () returned 0x60346 [0275.040] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0275.040] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="7", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0275.040] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="7", cbMultiByte=-1, lpWideCharStr=0x5a9fbc, cchWideChar=2 | out: lpWideCharStr="7") returned 2 [0275.040] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0275.040] GetUserDefaultLCID () returned 0x409 [0275.040] VarR8FromStr (in: strIn="7", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0275.040] GetUserDefaultLCID () returned 0x409 [0275.040] VarBstrFromR8 (in: dblIn=0x0, lcid=0x40200000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0275.040] SysStringLen (param_1="8") returned 0x1 [0275.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="8", cchWideChar=2, lpMultiByteStr=0x5a9db4, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8", lpUsedDefaultChar=0x0) returned 2 [0275.041] SetWindowTextA (hWnd=0x60346, lpString="8") returned 1 [0275.041] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0275.041] GetFocus () returned 0x60346 [0275.041] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0275.041] lstrlenA (lpString="8") returned 1 [0275.041] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x2a43a50 [0275.041] GetWindowTextA (in: hWnd=0x60346, lpString=0x2a43a50, nMaxCount=2 | out: lpString="7") returned 1 [0275.041] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd, wParam=0x2, lParam=0x2a43a50) returned 0x1 [0275.041] GetFocus () returned 0x60346 [0275.041] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0275.041] lstrcmpA (lpString1="7", lpString2="8") returned -1 [0275.041] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0275.041] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xc, wParam=0x0, lParam=0x5a9db4) returned 0x1 [0275.041] GetCapture () returned 0x0 [0275.041] GetCapture () returned 0x0 [0275.041] IsWindow (hWnd=0x60346) returned 1 [0275.042] IsWindow (hWnd=0x60346) returned 1 [0275.042] GetCapture () returned 0x0 [0275.042] GetCapture () returned 0x0 [0275.042] IsWindow (hWnd=0x60346) returned 1 [0275.042] IsWindow (hWnd=0x60346) returned 1 [0275.043] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x22, wSecond=0x30, wMilliseconds=0x297)) [0275.043] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0275.043] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0275.043] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0275.043] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0275.043] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0275.043] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0275.043] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0275.044] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0275.044] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0275.044] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0275.044] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0275.044] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0275.044] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0275.044] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0275.044] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0275.044] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0275.044] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0275.044] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0275.045] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b128 [0275.045] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0275.045] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0275.045] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0275.045] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x5a9f94, cchWideChar=14 | out: lpWideCharStr="Unicorn-32917") returned 14 [0275.045] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x222b128 | out: hHeap=0x2220000) returned 1 [0275.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpUsedDefaultChar=0x0) returned 45 [0275.046] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpFilePart=0x19e9fc*="Unicorn-32917.exe") returned 0x2c [0275.046] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0275.047] GetLastError () returned 0x20 [0275.047] GetLastError () returned 0x20 [0275.047] SetLastError (dwErrCode=0x20) [0275.047] GetLastError () returned 0x20 [0275.047] SetLastError (dwErrCode=0x20) [0275.047] GetLastError () returned 0x20 [0275.047] SetLastError (dwErrCode=0x20) [0275.047] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0275.047] GetLastError () returned 0x20 [0275.047] GetLastError () returned 0x20 [0275.047] SetLastError (dwErrCode=0x20) [0275.047] GetLastError () returned 0x20 [0275.047] SetLastError (dwErrCode=0x20) [0275.047] GetLastError () returned 0x20 [0275.047] SetLastError (dwErrCode=0x20) [0275.048] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0275.048] GetFileType (hFile=0x258) returned 0x1 [0275.048] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x5cd990 [0275.048] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0275.048] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75131 [0275.049] SetFilePointer (in: hFile=0x258, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0275.049] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0275.052] ReadFile (in: hFile=0x258, lpBuffer=0x5cda70, nNumberOfBytesToRead=0x75132, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5cda70*, lpNumberOfBytesRead=0x19eb68*=0x75131, lpOverlapped=0x0) returned 1 [0276.534] CloseHandle (hObject=0x258) returned 1 [0276.534] IMalloc:Free (This=0x7627fec4, pv=0x5cd990) [0276.534] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0276.534] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe") returned 44 [0276.535] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0276.535] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe") returned 44 [0276.535] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0276.535] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe", cbMultiByte=-1, lpWideCharStr=0x5c9244, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe") returned 45 [0276.535] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0276.535] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe", lpUsedDefaultChar=0x0) returned 45 [0276.535] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe", lpFilePart=0x19e9fc*="Unicorn-46820.exe") returned 0x2c [0276.536] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-46820.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0276.700] GetFileType (hFile=0x258) returned 0x1 [0276.700] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x5cd990 [0276.700] WriteFile (in: hFile=0x258, lpBuffer=0x5cda70*, nNumberOfBytesToWrite=0x75132, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5cda70*, lpNumberOfBytesWritten=0x19e760*=0x75132, lpOverlapped=0x0) returned 1 [0276.721] CloseHandle (hObject=0x258) returned 1 [0279.352] IMalloc:Free (This=0x7627fec4, pv=0x5cd990) [0279.352] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe") returned 44 [0279.352] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0279.352] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe") returned 44 [0279.352] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0279.352] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe", cbMultiByte=-1, lpWideCharStr=0x5c9244, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe") returned 45 [0279.352] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0279.353] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44 | out: lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe", lpProcessInformation=0x19ec44*(hProcess=0x254, hThread=0x258, dwProcessId=0xf44, dwThreadId=0x4a4)) returned 1 [0281.696] GetLastError () returned 0x715 [0281.696] WaitForInputIdle (hProcess=0x254, dwMilliseconds=0x2710) returned 0x102 [0298.012] CloseHandle (hObject=0x258) returned 1 [0298.013] CloseHandle (hObject=0x254) returned 1 [0298.013] SafeArrayDestroyDescriptor (psa=0x5c3e08) returned 0x0 [0298.014] GetFocus () returned 0x60346 [0298.016] GetCaretPos (in: lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1 [0298.016] SetTimer (hWnd=0x30336, nIDEvent=0x30336, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x30336 [0298.017] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0298.026] GetCapture () returned 0x0 [0298.026] GetCapture () returned 0x0 [0298.026] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0298.026] GetCapture () returned 0x0 [0298.026] GetCapture () returned 0x0 [0298.026] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0298.491] GetCapture () returned 0x0 [0298.491] GetCapture () returned 0x0 [0298.491] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x85, wParam=0x2e0415ea, lParam=0x0) returned 0x0 [0298.492] GetCapture () returned 0x0 [0298.492] GetCapture () returned 0x0 [0298.492] IsIconic (hWnd=0x301f8) returned 0 [0298.492] IsIconic (hWnd=0x301f8) returned 0 [0298.493] GetCapture () returned 0x0 [0298.493] GetCapture () returned 0x0 [0298.493] GetParent (hWnd=0x301f8) returned 0x0 [0298.493] GetWindowRect (in: hWnd=0x301f8, lpRect=0x19f910 | out: lpRect=0x19f910) returned 1 [0298.493] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0298.493] GetCapture () returned 0x0 [0298.493] GetCapture () returned 0x0 [0298.493] CPicture::get_Attributes () returned 0x0 [0298.493] IsWindowVisible (hWnd=0x301f8) returned 1 [0298.493] IsIconic (hWnd=0x301f8) returned 0 [0298.493] IsZoomed (hWnd=0x301f8) returned 0 [0298.493] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x5, wParam=0x0, lParam=0x2a902ec) returned 0x0 [0298.494] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f3f0 | out: lpRect=0x19f3f0) returned 1 [0298.494] GetWindow (hWnd=0x301f8, uCmd=0x5) returned 0x30378 [0298.494] GetWindow (hWnd=0x30378, uCmd=0x2) returned 0x60346 [0298.494] GetParent (hWnd=0x30378) returned 0x301f8 [0298.494] GetWindow (hWnd=0x60346, uCmd=0x2) returned 0x30336 [0298.494] GetParent (hWnd=0x60346) returned 0x301f8 [0298.494] GetWindow (hWnd=0x30336, uCmd=0x2) returned 0x0 [0298.494] GetParent (hWnd=0x30336) returned 0x301f8 [0298.494] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0298.494] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f980 | out: lpRect=0x19f980) returned 1 [0298.494] MapWindowPoints (in: hWndFrom=0x301f8, hWndTo=0x0, lpPoints=0x19f980, cPoints=0x2 | out: lpPoints=0x19f980) returned 7209306 [0298.503] GetCapture () returned 0x0 [0298.503] GetCapture () returned 0x0 [0298.503] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0298.503] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0298.503] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0298.507] GetCapture () returned 0x0 [0298.507] GetCapture () returned 0x0 [0298.507] NtdllDefWindowProc_A (hWnd=0x301f8, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0298.507] GetCapture () returned 0x0 [0298.507] GetCapture () returned 0x0 [0298.507] IsIconic (hWnd=0x301f8) returned 0 [0298.507] IsIconic (hWnd=0x301f8) returned 0 [0298.507] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0298.508] GetFocus () returned 0x60346 [0298.508] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0298.508] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0x14, wParam=0x3010a55, lParam=0x0) returned 0x1 [0298.508] GetFocus () returned 0x60346 [0298.508] GetCaretPos (in: lpPoint=0x19fb14 | out: lpPoint=0x19fb14) returned 1 [0298.509] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0298.509] NtdllDefWindowProc_A (hWnd=0x40330, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0298.513] IsWindow (hWnd=0x301f8) returned 1 [0298.513] GetWindowLongA (hWnd=0x301f8, nIndex=-16) returned 369098752 [0298.513] IsIconic (hWnd=0x301f8) returned 0 [0298.513] GetParent (hWnd=0x301f8) returned 0x0 [0298.513] TranslateMessage (lpMsg=0x19fe40) returned 0 [0298.513] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0298.514] GetCapture () returned 0x0 [0298.514] GetCapture () returned 0x0 [0298.514] IsIconic (hWnd=0x301f8) returned 0 [0298.514] GetUpdateRect (in: hWnd=0x301f8, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0298.514] BeginPaint (in: hWnd=0x301f8, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0xdb010907 [0298.514] IsIconic (hWnd=0x301f8) returned 0 [0298.515] IsIconic (hWnd=0x301f8) returned 0 [0298.515] GetClientRect (in: hWnd=0x301f8, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0298.515] OleTranslateColor () returned 0x0 [0298.515] OleTranslateColor () returned 0x0 [0298.515] OleTranslateColor () returned 0x0 [0298.515] OleTranslateColor () returned 0x0 [0298.515] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0298.515] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0298.515] CPicture::get_Type () returned 0x0 [0298.515] CPicture::get_Type () returned 0x0 [0298.515] CPicture::get_Width () returned 0x0 [0298.515] CPicture::get_Height () returned 0x0 [0298.515] CPicture::get_Attributes () returned 0x0 [0298.515] CPicture::Render () returned 0x0 [0300.908] SetTextColor (hdc=0xdb010907, color=0x0) returned 0x0 [0300.908] SetBkColor (hdc=0xdb010907, color=0x0) returned 0x0 [0300.908] GetClipBox (in: hdc=0xdb010907, lprect=0x19fa20 | out: lprect=0x19fa20) returned 3 [0300.908] SaveDC (hdc=0xdb010907) returned 1 [0300.908] SelectObject (hdc=0xdb010907, h=0x900015) returned 0x900015 [0300.908] SelectObject (hdc=0xdb010907, h=0xb00016) returned 0x4f3006ac [0300.909] SetROP2 (hdc=0xdb010907, rop2=13) returned 13 [0300.909] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0300.909] OleTranslateColor () returned 0x0 [0300.909] OleTranslateColor () returned 0x0 [0300.909] SetTextColor (hdc=0xdb010907, color=0xff00ff) returned 0x0 [0300.909] SetBkColor (hdc=0xdb010907, color=0xf0f0f0) returned 0x0 [0300.909] SetBkMode (hdc=0xdb010907, mode=1) returned 1 [0300.909] SelectObject (hdc=0xdb010907, h=0x580a0902) returned 0x320a08c8 [0300.909] GetViewportExtEx (in: hdc=0xdb010907, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0300.909] GetWindowExtEx (in: hdc=0xdb010907, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0300.909] SaveDC (hdc=0xdb010907) returned 2 [0300.909] IntersectClipRect (hdc=0xdb010907, left=72, top=296, right=769, bottom=385) returned 3 [0300.909] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe") returned 44 [0300.909] GetTextMetricsA (in: hdc=0xdb010907, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0300.909] GetTextExtentPointA (in: hdc=0xdb010907, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0300.909] TextOutA (hdc=0xdb010907, x=72, y=296, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe", c=44) returned 1 [0300.909] GetTextExtentPointA (in: hdc=0xdb010907, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0300.909] RestoreDC (hdc=0xdb010907, nSavedDC=-1) returned 1 [0308.189] SetTextColor (hdc=0xdb010907, color=0x0) returned 0xff00ff [0308.189] SetBkColor (hdc=0xdb010907, color=0x0) returned 0xf0f0f0 [0308.189] SelectObject (hdc=0xdb010907, h=0x320a08c8) returned 0x580a0902 [0308.189] RestoreDC (hdc=0xdb010907, nSavedDC=1) returned 1 [0308.189] EndPaint (hWnd=0x301f8, lpPaint=0x19fab0) returned 1 [0308.192] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0308.192] IsWindow (hWnd=0x60346) returned 1 [0308.192] GetWindowLongA (hWnd=0x60346, nIndex=-16) returned 1409351872 [0308.193] IsIconic (hWnd=0x301f8) returned 0 [0308.193] GetParent (hWnd=0x60346) returned 0x301f8 [0308.193] TranslateMessage (lpMsg=0x19fe40) returned 0 [0308.193] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0308.193] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0308.193] GetCapture () returned 0x0 [0308.193] GetCapture () returned 0x0 [0308.193] IsWindow (hWnd=0x60346) returned 1 [0308.193] OleTranslateColor () returned 0x0 [0308.193] OleTranslateColor () returned 0x0 [0308.193] SetTextColor (hdc=0x10112f6, color=0x0) returned 0x0 [0308.193] SetBkColor (hdc=0x10112f6, color=0xffffff) returned 0xffffff [0308.193] OleTranslateColor () returned 0x0 [0308.194] GetCapture () returned 0x0 [0308.194] GetCapture () returned 0x0 [0308.194] IsWindow (hWnd=0x60346) returned 1 [0308.194] OleTranslateColor () returned 0x0 [0308.194] OleTranslateColor () returned 0x0 [0308.194] SetTextColor (hdc=0x10112f6, color=0x0) returned 0x0 [0308.194] SetBkColor (hdc=0x10112f6, color=0xffffff) returned 0xffffff [0308.194] OleTranslateColor () returned 0x0 [0329.488] GetFocus () returned 0x60346 [0329.488] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0329.489] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0329.489] IsWindow (hWnd=0x30378) returned 1 [0329.489] GetWindowLongA (hWnd=0x30378, nIndex=-16) returned 1140916224 [0329.490] IsIconic (hWnd=0x301f8) returned 0 [0329.490] GetParent (hWnd=0x30378) returned 0x301f8 [0329.490] TranslateMessage (lpMsg=0x19fe40) returned 0 [0329.490] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0329.490] KillTimer (hWnd=0x30378, uIDEvent=0x30378) returned 1 [0329.491] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0329.491] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0329.491] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0329.491] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0329.491] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0329.491] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0329.491] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0329.492] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0329.493] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0329.493] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0329.493] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0329.493] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0329.493] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0329.493] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0329.494] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0329.494] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0329.494] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0329.494] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0329.494] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b068 [0329.495] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0329.495] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0329.495] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0329.495] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x5a9f94, cchWideChar=14 | out: lpWideCharStr="Unicorn-32917") returned 14 [0329.495] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x222b068 | out: hHeap=0x2220000) returned 1 [0329.496] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0329.496] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5a9db4, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0329.496] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0329.497] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x963caf, ExceptionRecord=0x0, ReturnValue=0x0) [0329.497] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0329.498] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x5a9f94, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0329.498] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0329.498] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x963caf, ExceptionRecord=0x0, ReturnValue=0x0) [0329.498] SetTimer (hWnd=0x30378, nIDEvent=0x30378, uElapse=0x2328, lpTimerFunc=0x0) returned 0x30378 [0329.498] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0329.498] IsWindow (hWnd=0x30336) returned 1 [0329.499] GetWindowLongA (hWnd=0x30336, nIndex=-16) returned 1140916224 [0329.499] IsIconic (hWnd=0x301f8) returned 0 [0329.499] GetParent (hWnd=0x30336) returned 0x301f8 [0329.499] TranslateMessage (lpMsg=0x19fe40) returned 0 [0329.499] DispatchMessageA (lpMsg=0x19fe40) [0329.499] KillTimer (hWnd=0x30336, uIDEvent=0x30336) returned 1 [0329.499] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x23, wSecond=0x2b, wMilliseconds=0x6b)) [0329.499] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0329.500] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0329.500] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0329.500] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0329.500] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0329.500] lstrcpyA (in: lpString1=0x2a43b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0329.500] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0329.500] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0329.501] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43b78 | out: hHeap=0x2220000) returned 1 [0329.501] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0329.501] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0329.501] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0329.501] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0329.501] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0329.501] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe") returned 0x2c [0329.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe", cchWideChar=45, lpMultiByteStr=0x5c91dc, cbMultiByte=89, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe", lpUsedDefaultChar=0x0) returned 45 [0329.501] lstrcmpA (lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-46820.exe", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe") returned 1 [0329.502] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe") returned 44 [0329.502] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43b78 [0329.502] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0329.502] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0329.502] InvalidateRect (hWnd=0x301f8, lpRect=0x19f8e8, bErase=1) returned 1 [0329.503] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0329.504] GetFocus () returned 0x60346 [0329.504] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0329.504] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x2a43a50 [0329.504] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd, wParam=0x2, lParam=0x2a43a50) returned 0x1 [0329.504] GetFocus () returned 0x60346 [0329.504] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0329.504] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="8", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0329.504] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="8", cbMultiByte=-1, lpWideCharStr=0x5a9f94, cchWideChar=2 | out: lpWideCharStr="8") returned 2 [0329.504] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0329.504] GetUserDefaultLCID () returned 0x409 [0329.504] VarR8FromStr (in: strIn="8", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0329.504] GetUserDefaultLCID () returned 0x409 [0329.504] VarBstrFromR8 (in: dblIn=0x0, lcid=0x40220000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0329.504] SysStringLen (param_1="9") returned 0x1 [0329.504] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="9", cchWideChar=2, lpMultiByteStr=0x5a9fbc, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9", lpUsedDefaultChar=0x0) returned 2 [0329.505] SetWindowTextA (hWnd=0x60346, lpString="9") [0329.505] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0329.505] GetFocus () returned 0x60346 [0329.505] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0329.505] lstrlenA (lpString="9") returned 1 [0329.505] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2) returned 0x2a43a50 [0329.505] GetWindowTextA (in: hWnd=0x60346, lpString=0x2a43a50, nMaxCount=2 | out: lpString="8") returned 1 [0329.505] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xd, wParam=0x2, lParam=0x2a43a50) returned 0x1 [0329.505] GetFocus () returned 0x60346 [0329.505] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0329.505] lstrcmpA (lpString1="8", lpString2="9") returned -1 [0329.505] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43a50 | out: hHeap=0x2220000) returned 1 [0329.505] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x60346, Msg=0xc, wParam=0x0, lParam=0x5a9fbc) [0329.506] GetCapture () returned 0x0 [0329.506] GetCapture () returned 0x0 [0329.506] IsWindow (hWnd=0x60346) returned 1 [0329.506] IsWindow (hWnd=0x60346) returned 1 [0329.506] GetCapture () returned 0x0 [0329.506] GetCapture () returned 0x0 [0329.506] IsWindow (hWnd=0x60346) returned 1 [0329.506] IsWindow (hWnd=0x60346) returned 1 [0329.506] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x23, wSecond=0x2b, wMilliseconds=0x7b)) [0329.506] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0329.507] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0329.507] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0329.507] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0329.507] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0329.507] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0329.507] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x1b) returned 0x2a43c20 [0329.507] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0329.507] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0329.508] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0329.508] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x5c52cc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0329.508] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43c20 | out: hHeap=0x2220000) returned 1 [0329.508] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe")) returned 0x2c [0329.508] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0329.508] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned 44 [0329.508] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0329.508] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43be8 [0329.508] lstrcpyA (in: lpString1=0x2a43bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" [0329.508] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0xe) returned 0x222b0f8 [0329.508] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43be8 | out: hHeap=0x2220000) returned 1 [0329.509] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0329.509] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0329.509] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-32917", cbMultiByte=-1, lpWideCharStr=0x5a9cc4, cchWideChar=14 | out: lpWideCharStr="Unicorn-32917") returned 14 [0329.509] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x222b0f8 | out: hHeap=0x2220000) returned 1 [0329.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpUsedDefaultChar=0x0) returned 45 [0329.509] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe", lpFilePart=0x19e9fc*="Unicorn-32917.exe") returned 0x2c [0329.509] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0329.616] GetLastError () returned 0x20 [0329.616] GetLastError () returned 0x20 [0329.616] SetLastError (dwErrCode=0x20) [0329.616] GetLastError () returned 0x20 [0329.616] SetLastError (dwErrCode=0x20) [0329.616] GetLastError () returned 0x20 [0329.616] SetLastError (dwErrCode=0x20) [0329.616] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0329.617] GetLastError () returned 0x20 [0329.617] GetLastError () returned 0x20 [0329.617] SetLastError (dwErrCode=0x20) [0329.617] GetLastError () returned 0x20 [0329.617] SetLastError (dwErrCode=0x20) [0329.617] GetLastError () returned 0x20 [0329.617] SetLastError (dwErrCode=0x20) [0329.617] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-32917.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-32917.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0329.617] GetFileType (hFile=0x254) returned 0x1 [0329.617] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x5cd990 [0329.618] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0329.618] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75131 [0329.618] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0329.618] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0329.621] ReadFile (in: hFile=0x254, lpBuffer=0x5cda70, nNumberOfBytesToRead=0x75132, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x5cda70*, lpNumberOfBytesRead=0x19eb68*=0x75131, lpOverlapped=0x0) returned 1 [0329.624] CloseHandle (hObject=0x254) returned 1 [0329.625] IMalloc:Free (This=0x7627fec4, pv=0x5cd990) [0329.625] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0329.625] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe") returned 44 [0329.625] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0329.625] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe") returned 44 [0329.625] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0329.626] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe", cbMultiByte=-1, lpWideCharStr=0x5c91dc, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe") returned 45 [0329.626] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0329.627] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe", lpUsedDefaultChar=0x0) returned 45 [0329.627] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe", lpFilePart=0x19e9fc*="Unicorn-42288.exe") returned 0x2c [0329.627] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-42288.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0341.373] GetFileType (hFile=0x254) returned 0x1 [0341.373] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x5cd990 [0341.375] WriteFile (in: hFile=0x254, lpBuffer=0x5cda70*, nNumberOfBytesToWrite=0x75132, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x5cda70*, lpNumberOfBytesWritten=0x19e760*=0x75132, lpOverlapped=0x0) returned 1 [0341.389] CloseHandle (hObject=0x254) returned 1 [0341.406] IMalloc:Free (This=0x7627fec4, pv=0x5cd990) [0341.407] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe") returned 44 [0341.407] RtlAllocateHeap (HeapHandle=0x2220000, Flags=0x0, Size=0x2d) returned 0x2a43bb0 [0341.407] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe") returned 44 [0341.407] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0341.407] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe", cbMultiByte=-1, lpWideCharStr=0x5c91dc, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe") returned 45 [0341.408] HeapFree (in: hHeap=0x2220000, dwFlags=0x0, lpMem=0x2a43bb0 | out: hHeap=0x2220000) returned 1 [0341.408] CreateProcessW (lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-42288.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44) Thread: id = 4 os_tid = 0x14fc Thread: id = 36 os_tid = 0x1644 [0145.693] GetCurrentThreadId () returned 0x1644 [0250.015] GetCurrentThreadId () returned 0x1644 Thread: id = 37 os_tid = 0xdc8 [0146.546] GetCurrentThreadId () returned 0xdc8 [0250.014] GetCurrentThreadId () returned 0xdc8 Process: id = "3" image_name = "unicorn-44780.exe" filename = "c:\\users\\oqxzraykm\\desktop\\unicorn-44780.exe" page_root = "0x493e4000" os_pid = "0x1524" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x17f8" cmd_line = "C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" cur_dir = "C:\\Users\\OqXZRaykm\\Desktop\\" os_username = "PXTHFFRYO7\\OqXZRaykm" bitness = "32" os_groups = "PXTHFFRYO7\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001df9c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 493 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 494 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 495 start_va = 0x40000 end_va = 0x5cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 496 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 497 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 498 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 499 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 500 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 501 start_va = 0x400000 end_va = 0x474fff monitored = 1 entry_point = 0x4013d4 region_type = mapped_file name = "unicorn-44780.exe" filename = "\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-44780.exe") Region: id = 502 start_va = 0x77df0000 end_va = 0x77f91fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 503 start_va = 0x7ffa0000 end_va = 0x7ffa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffa0000" filename = "" Region: id = 504 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 505 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 506 start_va = 0x7fff0000 end_va = 0xffffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 507 start_va = 0x7ff8805b0000 end_va = 0x7ff8807a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 524 start_va = 0x7ff90000 end_va = 0x7ff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff90000" filename = "" Region: id = 525 start_va = 0x7ff70000 end_va = 0x7ff80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff70000" filename = "" Region: id = 526 start_va = 0x480000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 527 start_va = 0x7ff87eee0000 end_va = 0x7ff87ef38fff monitored = 0 entry_point = 0x7ff87eef8ff0 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 528 start_va = 0x7ff87f5e0000 end_va = 0x7ff87f662fff monitored = 0 entry_point = 0x7ff87f5efb00 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 529 start_va = 0x77de0000 end_va = 0x77de9fff monitored = 0 entry_point = 0x77de12e0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 530 start_va = 0x7ff60000 end_va = 0x7ff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff60000" filename = "" Region: id = 531 start_va = 0x7ff50000 end_va = 0x7ff58fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff50000" filename = "" Region: id = 532 start_va = 0x5e0000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 533 start_va = 0x77990000 end_va = 0x77a7ffff monitored = 0 entry_point = 0x779af5a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 534 start_va = 0x75e20000 end_va = 0x76032fff monitored = 0 entry_point = 0x75f34030 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 550 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 551 start_va = 0x7fe50000 end_va = 0x7ff4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fe50000" filename = "" Region: id = 552 start_va = 0x480000 end_va = 0x548fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 553 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 554 start_va = 0x75c30000 end_va = 0x75ccefff monitored = 0 entry_point = 0x75c685c0 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 555 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 556 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 563 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 564 start_va = 0x760000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 565 start_va = 0x860000 end_va = 0x9b2fff monitored = 1 entry_point = 0x861af8 region_type = mapped_file name = "msvbvm60.dll" filename = "\\Windows\\SysWOW64\\msvbvm60.dll" (normalized: "c:\\windows\\syswow64\\msvbvm60.dll") Region: id = 575 start_va = 0x77be0000 end_va = 0x77d73fff monitored = 0 entry_point = 0x77c19860 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 576 start_va = 0x77390000 end_va = 0x773a7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\SysWOW64\\win32u.dll" (normalized: "c:\\windows\\syswow64\\win32u.dll") Region: id = 577 start_va = 0x77050000 end_va = 0x77072fff monitored = 0 entry_point = 0x770573c0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 578 start_va = 0x75cd0000 end_va = 0x75daafff monitored = 0 entry_point = 0x75d2fc10 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\SysWOW64\\gdi32full.dll" (normalized: "c:\\windows\\syswow64\\gdi32full.dll") Region: id = 579 start_va = 0x77310000 end_va = 0x7738afff monitored = 0 entry_point = 0x77327800 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\SysWOW64\\msvcp_win.dll" (normalized: "c:\\windows\\syswow64\\msvcp_win.dll") Region: id = 580 start_va = 0x77100000 end_va = 0x7721ffff monitored = 0 entry_point = 0x7712b170 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\SysWOW64\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll") Region: id = 581 start_va = 0x76670000 end_va = 0x766e8fff monitored = 0 entry_point = 0x76681a00 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 582 start_va = 0x77220000 end_va = 0x772defff monitored = 0 entry_point = 0x77255ac0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 583 start_va = 0x77080000 end_va = 0x770f4fff monitored = 0 entry_point = 0x7709f710 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 584 start_va = 0x773b0000 end_va = 0x77469fff monitored = 0 entry_point = 0x773ea2c0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 585 start_va = 0x76340000 end_va = 0x76422fff monitored = 0 entry_point = 0x7636c600 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 586 start_va = 0x76040000 end_va = 0x762bffff monitored = 0 entry_point = 0x7617a960 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 587 start_va = 0x76890000 end_va = 0x7692afff monitored = 0 entry_point = 0x768c5a20 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 599 start_va = 0x30000 end_va = 0x37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 600 start_va = 0x550000 end_va = 0x572fff monitored = 0 entry_point = 0x554410 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 601 start_va = 0x9c0000 end_va = 0xbbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009c0000" filename = "" Region: id = 602 start_va = 0x772e0000 end_va = 0x77304fff monitored = 0 entry_point = 0x772e4410 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 603 start_va = 0xbc0000 end_va = 0xd40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bc0000" filename = "" Region: id = 604 start_va = 0xd50000 end_va = 0x2150fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d50000" filename = "" Region: id = 605 start_va = 0x2160000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 606 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 607 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 608 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 609 start_va = 0x2160000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 610 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 611 start_va = 0x2320000 end_va = 0x271ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 616 start_va = 0x2720000 end_va = 0x2a57fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 617 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 618 start_va = 0x2210000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 619 start_va = 0x759a0000 end_va = 0x759aefff monitored = 0 entry_point = 0x759a4830 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 620 start_va = 0x762e0000 end_va = 0x7633bfff monitored = 0 entry_point = 0x76310900 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 621 start_va = 0x74f30000 end_va = 0x74fa3fff monitored = 0 entry_point = 0x74f67550 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 622 start_va = 0x2160000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 623 start_va = 0x2200000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 630 start_va = 0x2210000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 631 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 632 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 638 start_va = 0x717c0000 end_va = 0x71847fff monitored = 0 entry_point = 0x717db9a0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 639 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 640 start_va = 0x77470000 end_va = 0x77541fff monitored = 0 entry_point = 0x774bd9d0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 641 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 642 start_va = 0x5c0000 end_va = 0x5c3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 643 start_va = 0x2a60000 end_va = 0x2b5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a60000" filename = "" Region: id = 649 start_va = 0x71580000 end_va = 0x71595fff monitored = 0 entry_point = 0x71590a40 region_type = mapped_file name = "asycfilt.dll" filename = "\\Windows\\SysWOW64\\asycfilt.dll" (normalized: "c:\\windows\\syswow64\\asycfilt.dll") Region: id = 656 start_va = 0x5e0000 end_va = 0x5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 657 start_va = 0x660000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 658 start_va = 0x2b60000 end_va = 0x2d1dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b60000" filename = "" Region: id = 659 start_va = 0x2d20000 end_va = 0x2e01fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d20000" filename = "" Region: id = 660 start_va = 0x5e0000 end_va = 0x5e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 661 start_va = 0x5f0000 end_va = 0x5f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 662 start_va = 0x2160000 end_va = 0x21dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 663 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 664 start_va = 0x2e10000 end_va = 0x3002fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002e10000" filename = "" Region: id = 665 start_va = 0x600000 end_va = 0x600fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 666 start_va = 0x6fa60000 end_va = 0x6fb18fff monitored = 0 entry_point = 0x6fa9fcd0 region_type = mapped_file name = "textinputframework.dll" filename = "\\Windows\\SysWOW64\\TextInputFramework.dll" (normalized: "c:\\windows\\syswow64\\textinputframework.dll") Region: id = 667 start_va = 0x6f740000 end_va = 0x6f9bdfff monitored = 0 entry_point = 0x6f79e8f0 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\SysWOW64\\CoreUIComponents.dll" (normalized: "c:\\windows\\syswow64\\coreuicomponents.dll") Region: id = 668 start_va = 0x77b30000 end_va = 0x77bb6fff monitored = 0 entry_point = 0x77b72d70 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 669 start_va = 0x6f9c0000 end_va = 0x6fa5afff monitored = 0 entry_point = 0x6fa20d90 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\SysWOW64\\CoreMessaging.dll" (normalized: "c:\\windows\\syswow64\\coremessaging.dll") Region: id = 679 start_va = 0x6f710000 end_va = 0x6f738fff monitored = 0 entry_point = 0x6f717e90 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 680 start_va = 0x75db0000 end_va = 0x75e12fff monitored = 0 entry_point = 0x75db4b40 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 681 start_va = 0x71d90000 end_va = 0x71e6cfff monitored = 0 entry_point = 0x71e07530 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 682 start_va = 0x600000 end_va = 0x603fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 693 start_va = 0x3010000 end_va = 0x426ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 694 start_va = 0x70870000 end_va = 0x70904fff monitored = 0 entry_point = 0x708ffe80 region_type = mapped_file name = "textshaping.dll" filename = "\\Windows\\SysWOW64\\TextShaping.dll" (normalized: "c:\\windows\\syswow64\\textshaping.dll") Region: id = 724 start_va = 0x4270000 end_va = 0x4761fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004270000" filename = "" Region: id = 725 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 1268 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 1982 start_va = 0x610000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 1983 start_va = 0x2210000 end_va = 0x224ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 1984 start_va = 0x22a0000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1985 start_va = 0x4270000 end_va = 0x436ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004270000" filename = "" Region: id = 1986 start_va = 0x4370000 end_va = 0x446ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004370000" filename = "" Region: id = 1987 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 3899 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 5546 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 7090 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 9117 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 5 os_tid = 0x15c8 [0119.610] GetVersion () returned 0x23f00206 [0119.610] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77990000 [0119.610] GetProcAddress (hModule=0x77990000, lpProcName="IsTNT") returned 0x0 [0119.610] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x2200000 [0119.611] VirtualAlloc (lpAddress=0x0, dwSize=0x400000, flAllocationType=0x2000, flProtect=0x4) returned 0x2320000 [0119.611] VirtualAlloc (lpAddress=0x2320000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x2320000 [0119.708] GetCurrentThreadId () returned 0x15c8 [0119.708] GetCommandLineA () returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" [0119.708] GetEnvironmentStringsW () returned 0x67b4e0* [0119.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1566, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1566 [0119.709] RtlAllocateHeap (HeapHandle=0x2200000, Flags=0x0, Size=0x620) returned 0x22005b8 [0119.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1566, lpMultiByteStr=0x22005b8, cbMultiByte=1566, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1566 [0119.709] FreeEnvironmentStringsW (penv=0x67b4e0) returned 1 [0119.709] RtlAllocateHeap (HeapHandle=0x2200000, Flags=0x0, Size=0x480) returned 0x2200be0 [0119.709] GetStartupInfoA (in: lpStartupInfo=0x19f8a0 | out: lpStartupInfo=0x19f8a0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0119.709] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0119.709] GetFileType (hFile=0x0) returned 0x0 [0119.709] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0119.709] GetFileType (hFile=0x0) returned 0x0 [0119.709] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0119.709] GetFileType (hFile=0x0) returned 0x0 [0119.709] SetHandleCount (uNumber=0x20) returned 0x20 [0119.709] GetACP () returned 0x4e4 [0119.709] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f8c8 | out: lpCPInfo=0x19f8c8) returned 1 [0119.710] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x96c528, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-44780.exe")) returned 0x2c [0119.716] HeapFree (in: hHeap=0x2200000, dwFlags=0x0, lpMem=0x22005b8 | out: hHeap=0x2200000) returned 1 [0119.716] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x77990000 [0119.716] GetProcAddress (hModule=0x77990000, lpProcName="IsProcessorFeaturePresent") returned 0x779b0ad0 [0119.716] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0119.716] RtlAllocateHeap (HeapHandle=0x2200000, Flags=0x8, Size=0x800) returned 0x2201068 [0119.717] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x170 [0119.717] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x174 [0119.717] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0119.717] GetModuleFileNameA (in: hModule=0x860000, lpFilename=0x96e6c8, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL" (normalized: "c:\\windows\\syswow64\\msvbvm60.dll")) returned 0x20 [0119.717] GetVersion () returned 0x23f00206 [0119.717] lstrcmpiW (lpString1="A", lpString2="B") returned -1 [0119.721] GetUserDefaultLCID () returned 0x409 [0119.721] CompareStringW (Locale=0x409, dwCmpFlags=0x30001, lpString1="A", cchCount1=-1, lpString2="B", cchCount2=-1) returned 1 [0119.721] GetSystemMetrics (nIndex=5) returned 1 [0119.721] GetSystemMetrics (nIndex=6) returned 1 [0119.721] GetSystemMetrics (nIndex=11) returned 32 [0119.722] GetSystemMetrics (nIndex=12) returned 32 [0119.722] GetSystemMetrics (nIndex=34) returned 136 [0119.722] GetSystemMetrics (nIndex=35) returned 39 [0119.722] GetSystemMetrics (nIndex=0) returned 1440 [0119.722] GetSystemMetrics (nIndex=1) returned 900 [0119.722] GetSystemMetrics (nIndex=32) returned 8 [0119.722] GetSystemMetrics (nIndex=33) returned 8 [0119.722] GetSystemMetrics (nIndex=42) returned 0 [0119.722] GetStockObject (i=15) returned 0x88000b [0119.722] GetStockObject (i=7) returned 0xb00017 [0119.722] GetStockObject (i=6) returned 0xb00018 [0119.723] GetStockObject (i=8) returned 0xb00016 [0119.723] GetStockObject (i=4) returned 0x900011 [0119.723] GetStockObject (i=2) returned 0x900012 [0119.723] GetStockObject (i=0) returned 0x900010 [0119.723] GetStockObject (i=5) returned 0x900015 [0119.723] GetStockObject (i=13) returned 0x58a00b4 [0119.723] GetDC (hWnd=0x0) returned 0x3b010920 [0119.724] GetTextExtentPointA (in: hdc=0x3b010920, lpString="0", c=1, lpsz=0x19f8c4 | out: lpsz=0x19f8c4) returned 1 [0119.726] GetDeviceCaps (hdc=0x3b010920, index=14) returned 1 [0119.726] GetDeviceCaps (hdc=0x3b010920, index=12) returned 32 [0119.726] GetDeviceCaps (hdc=0x3b010920, index=88) returned 96 [0119.726] GetDeviceCaps (hdc=0x3b010920, index=90) returned 96 [0119.726] GetDeviceCaps (hdc=0x3b010920, index=38) returned 32409 [0119.726] ReleaseDC (hWnd=0x0, hDC=0x3b010920) returned 1 [0119.726] HeapCreate (flOptions=0x0, dwInitialSize=0x0, dwMaximumSize=0x0) returned 0x22e0000 [0119.727] CoGetMalloc (in: dwMemContext=0x1, ppMalloc=0x96e7d0 | out: ppMalloc=0x96e7d0*=0x7627fec4) returned 0x0 [0119.727] GetCurrentThreadId () returned 0x15c8 [0119.728] GetStartupInfoA (in: lpStartupInfo=0x19ff08 | out: lpStartupInfo=0x19ff08*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0119.728] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x104) returned 0x22e05b8 [0119.728] GetCurrentThreadId () returned 0x15c8 [0119.728] GetCurrentThreadId () returned 0x15c8 [0119.728] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xec8) returned 0x22e06c8 [0119.728] GetCommandLineA () returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" [0119.729] lstrlenA (lpString="") returned 0 [0119.729] lstrcpyA (in: lpString1=0x19fe94, lpString2="" | out: lpString1="") returned="" [0119.729] SetErrorMode (uMode=0x8001) returned 0x8001 [0119.729] GetModuleFileNameA (in: hModule=0x860000, lpFilename=0x19fb50, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL" (normalized: "c:\\windows\\syswow64\\msvbvm60.dll")) returned 0x20 [0119.729] GetUserDefaultLCID () returned 0x409 [0119.729] GetUserDefaultLCID () returned 0x409 [0119.729] LoadStringA (in: hInstance=0x860000, uID=0x7d1, lpBuffer=0x19fc54, cchBufferMax=8 | out: lpBuffer="409") returned 0x3 [0119.729] GetSystemDefaultLCID () returned 0x409 [0119.729] GetUserDefaultLCID () returned 0x409 [0119.729] GetLocaleInfoA (in: Locale=0x400, LCType=0xe, lpLCData=0x19fc5e, cchData=2 | out: lpLCData=".") returned 2 [0119.729] GetStockObject (i=13) returned 0x58a00b4 [0119.729] GetObjectA (in: h=0x58a00b4, c=60, pv=0x19fc24 | out: pv=0x19fc24) returned 60 [0119.729] GetLocaleInfoA (in: Locale=0x409, LCType=0x80000003, lpLCData=0x19fc20, cchData=4 | out: lpLCData="ENU") returned 4 [0119.729] lstrcpyA (in: lpString1=0x19fc50, lpString2="EN" | out: lpString1="EN") returned="EN" [0119.730] lstrlenA (lpString="{xx}") returned 4 [0119.730] lstrlenA (lpString="VB98.CHM") returned 8 [0119.730] lstrcpyA (in: lpString1=0x96eae8, lpString2="VB98.CHM" | out: lpString1="VB98.CHM") returned="VB98.CHM" [0119.730] GetLocaleInfoA (in: Locale=0x409, LCType=0x80000003, lpLCData=0x19fc20, cchData=4 | out: lpLCData="ENU") returned 4 [0119.730] lstrcpyA (in: lpString1=0x19fc50, lpString2="EN" | out: lpString1="EN") returned="EN" [0119.730] lstrlenA (lpString="{xx}") returned 4 [0119.730] lstrlenA (lpString="VBENLR98.CHM") returned 12 [0119.730] lstrcpyA (in: lpString1=0x96ebf0, lpString2="VBENLR98.CHM" | out: lpString1="VBENLR98.CHM") returned="VBENLR98.CHM" [0119.730] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19fd78, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-44780.exe")) returned 0x2c [0119.730] GetModuleFileNameA (in: hModule=0x860000, lpFilename=0x19fc74, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL" (normalized: "c:\\windows\\syswow64\\msvbvm60.dll")) returned 0x20 [0119.730] lstrcpynA (in: lpString1=0x19fb58, lpString2="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL", iMaxLength=260 | out: lpString1="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL") returned="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL" [0119.730] lstrlenA (lpString="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL") returned 32 [0119.730] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x21) returned 0x22e1598 [0119.730] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x21) returned 0x22e15c8 [0119.730] lstrcpyA (in: lpString1=0x22e1598, lpString2="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL" | out: lpString1="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL") returned="C:\\Windows\\SYSTEM32\\MSVBVM60.DLL" [0119.730] LCMapStringA (in: Locale=0x409, dwMapFlags=0x200, lpSrcStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", cchSrc=-1, lpDestStr=0x19fb38, cchDest=260 | out: lpDestStr="C:\\USERS\\OQXZRAYKM\\DESKTOP\\UNICORN-44780.EXE") returned 45 [0119.732] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x19fc3c, dwRevision=0x1 | out: pSecurityDescriptor=0x19fc3c) returned 1 [0119.732] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x19fc3c, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x19fc3c) returned 1 [0119.732] CreateSemaphoreA (lpSemaphoreAttributes=0x19fc50, lInitialCount=0, lMaximumCount=2147483647, lpName="C:?USERS?OQXZRAYKM?DESKTOP?UNICORN-44780.EXE") returned 0x17c [0119.733] GetLastError () returned 0x0 [0119.733] GetVersionExA (in: lpVersionInformation=0x19fbb4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x19fbb4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0119.733] OleInitialize (pvReserved=0x0) returned 0x0 [0120.429] OaBuildVersion () returned 0x321396 [0120.430] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x76890000 [0120.430] GetLastError () returned 0x0 [0120.430] GetProcAddress (hModule=0x76890000, lpProcName="OleLoadPictureEx") returned 0x76901420 [0120.430] RegisterClipboardFormatA (lpszFormat="Link") returned 0xc150 [0120.430] RegisterClipboardFormatA (lpszFormat="Rich Text Format") returned 0xc06e [0120.430] GetClassInfoA (in: hInstance=0x860000, lpClassName="VBFocusRT6", lpWndClass=0x19fc1c | out: lpWndClass=0x19fc1c) returned 0 [0120.431] RegisterClassA (lpWndClass=0x19fc1c) returned 0xc1cd [0120.431] GetClassInfoA (in: hInstance=0x860000, lpClassName="VBBubbleRT6", lpWndClass=0x19fc1c | out: lpWndClass=0x19fc1c) returned 0 [0120.431] RegisterClassA (lpWndClass=0x19fc1c) returned 0xc1cb [0120.431] HeapCreate (flOptions=0x0, dwInitialSize=0x400, dwMaximumSize=0x0) returned 0x22a0000 [0120.432] GetUserDefaultLCID () returned 0x409 [0120.432] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x3a4) returned 0x22e15f8 [0120.432] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x3a4) returned 0x22e19a8 [0120.432] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xd4) returned 0x22e1d58 [0120.432] GetSystemInfo (in: lpSystemInfo=0x19fbdc | out: lpSystemInfo=0x19fbdc*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5507)) [0120.433] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x2000, flProtect=0x4) returned 0x590000 [0120.433] VirtualAlloc (lpAddress=0x590000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x590000 [0120.433] VirtualAlloc (lpAddress=0x590000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x590000 [0120.433] VirtualAlloc (lpAddress=0x590000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x590000 [0120.434] VirtualAlloc (lpAddress=0x590000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x590000 [0120.434] VirtualAlloc (lpAddress=0x590000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x590000 [0120.434] VirtualAlloc (lpAddress=0x590000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x590000 [0120.435] VirtualProtect (in: lpAddress=0x590000, dwSize=0x6000, flNewProtect=0x20, lpflOldProtect=0x19fc38 | out: lpflOldProtect=0x19fc38*=0x4) returned 1 [0120.437] GetCurrentProcess () returned 0xffffffff [0120.437] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x590000, dwSize=0x6000) returned 1 [0120.437] GlobalAddAtomA (lpString="VBDisabled") returned 0xc0bf [0120.437] GetVersion () returned 0x23f00206 [0120.437] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x76890000 [0120.437] GetProcAddress (hModule=0x76890000, lpProcName="DispCallFunc") returned 0x768cc800 [0120.437] GetProcAddress (hModule=0x76890000, lpProcName="LoadTypeLibEx") returned 0x768b0c50 [0120.438] GetProcAddress (hModule=0x76890000, lpProcName="UnRegisterTypeLib") returned 0x768e5c70 [0120.438] GetProcAddress (hModule=0x76890000, lpProcName="CreateTypeLib2") returned 0x768c4e70 [0120.438] GetProcAddress (hModule=0x76890000, lpProcName="VarDateFromUdate") returned 0x768c07b0 [0120.438] GetProcAddress (hModule=0x76890000, lpProcName="VarUdateFromDate") returned 0x768a6e60 [0120.438] GetProcAddress (hModule=0x76890000, lpProcName="GetAltMonthNames") returned 0x768fc880 [0120.438] GetProcAddress (hModule=0x76890000, lpProcName="VarNumFromParseNum") returned 0x768a75e0 [0120.438] GetProcAddress (hModule=0x76890000, lpProcName="VarParseNumFromStr") returned 0x768aed30 [0120.438] GetProcAddress (hModule=0x76890000, lpProcName="VarDecFromR4") returned 0x76901ff0 [0120.439] GetProcAddress (hModule=0x76890000, lpProcName="VarDecFromR8") returned 0x76902250 [0120.439] GetProcAddress (hModule=0x76890000, lpProcName="VarDecFromDate") returned 0x76901e50 [0120.439] GetProcAddress (hModule=0x76890000, lpProcName="VarDecFromI4") returned 0x76901f40 [0120.439] GetProcAddress (hModule=0x76890000, lpProcName="VarDecFromCy") returned 0x76901e10 [0120.439] GetProcAddress (hModule=0x76890000, lpProcName="VarR4FromDec") returned 0x76902870 [0120.439] GetProcAddress (hModule=0x76890000, lpProcName="GetRecordInfoFromTypeInfo") returned 0x76900a10 [0120.439] GetProcAddress (hModule=0x76890000, lpProcName="GetRecordInfoFromGuids") returned 0x76900920 [0120.439] GetProcAddress (hModule=0x76890000, lpProcName="SafeArrayGetRecordInfo") returned 0x76901730 [0120.440] GetProcAddress (hModule=0x76890000, lpProcName="SafeArraySetRecordInfo") returned 0x76901780 [0120.440] GetProcAddress (hModule=0x76890000, lpProcName="SafeArrayGetIID") returned 0x769016f0 [0120.440] GetProcAddress (hModule=0x76890000, lpProcName="SafeArraySetIID") returned 0x768c0e80 [0120.440] GetProcAddress (hModule=0x76890000, lpProcName="SafeArrayCopyData") returned 0x768aa340 [0120.440] GetProcAddress (hModule=0x76890000, lpProcName="SafeArrayAllocDescriptorEx") returned 0x768aa5b0 [0120.440] GetProcAddress (hModule=0x76890000, lpProcName="SafeArrayCreateEx") returned 0x769015d0 [0120.441] GetProcAddress (hModule=0x76890000, lpProcName="VarFormat") returned 0x76904d40 [0120.441] GetProcAddress (hModule=0x76890000, lpProcName="VarFormatDateTime") returned 0x76904eb0 [0120.441] GetProcAddress (hModule=0x76890000, lpProcName="VarFormatNumber") returned 0x76906cd0 [0120.442] GetProcAddress (hModule=0x76890000, lpProcName="VarFormatPercent") returned 0x76906d80 [0120.442] GetProcAddress (hModule=0x76890000, lpProcName="VarFormatCurrency") returned 0x76904e00 [0120.442] GetProcAddress (hModule=0x76890000, lpProcName="VarWeekdayName") returned 0x769070d0 [0120.442] GetProcAddress (hModule=0x76890000, lpProcName="VarMonthName") returned 0x76906e20 [0120.442] GetProcAddress (hModule=0x76890000, lpProcName="VarAdd") returned 0x768ce420 [0120.442] GetProcAddress (hModule=0x76890000, lpProcName="VarAnd") returned 0x768c0a60 [0120.442] GetProcAddress (hModule=0x76890000, lpProcName="VarCat") returned 0x768c0460 [0120.443] GetProcAddress (hModule=0x76890000, lpProcName="VarDiv") returned 0x768f7350 [0120.443] GetProcAddress (hModule=0x76890000, lpProcName="VarEqv") returned 0x768f7cb0 [0120.443] GetProcAddress (hModule=0x76890000, lpProcName="VarIdiv") returned 0x768f7cf0 [0120.443] GetProcAddress (hModule=0x76890000, lpProcName="VarImp") returned 0x768f7e70 [0120.443] GetProcAddress (hModule=0x76890000, lpProcName="VarMod") returned 0x768f7f50 [0120.443] GetProcAddress (hModule=0x76890000, lpProcName="VarMul") returned 0x768cece0 [0120.443] GetProcAddress (hModule=0x76890000, lpProcName="VarOr") returned 0x768f8160 [0120.443] GetProcAddress (hModule=0x76890000, lpProcName="VarPow") returned 0x768f7990 [0120.444] GetProcAddress (hModule=0x76890000, lpProcName="VarSub") returned 0x768cf5b0 [0120.444] GetProcAddress (hModule=0x76890000, lpProcName="VarXor") returned 0x768f8300 [0120.444] GetProcAddress (hModule=0x76890000, lpProcName="VarAbs") returned 0x768f67f0 [0120.444] GetProcAddress (hModule=0x76890000, lpProcName="VarFix") returned 0x768f6aa0 [0120.444] GetProcAddress (hModule=0x76890000, lpProcName="VarInt") returned 0x768f6c50 [0120.444] GetProcAddress (hModule=0x76890000, lpProcName="VarNeg") returned 0x768f6e10 [0120.444] GetProcAddress (hModule=0x76890000, lpProcName="VarNot") returned 0x768f80b0 [0120.444] GetProcAddress (hModule=0x76890000, lpProcName="VarRound") returned 0x768f7040 [0120.445] GetProcAddress (hModule=0x76890000, lpProcName="VarCmp") returned 0x768a4ae0 [0120.445] GetProcAddress (hModule=0x76890000, lpProcName="VarDecAdd") returned 0x768cbfa0 [0120.445] GetProcAddress (hModule=0x76890000, lpProcName="VarDecCmp") returned 0x768cc780 [0120.445] GetProcAddress (hModule=0x76890000, lpProcName="VarBstrCat") returned 0x768a6870 [0120.445] GetProcAddress (hModule=0x76890000, lpProcName="VarCyMulI4") returned 0x768cb9d0 [0120.445] GetProcAddress (hModule=0x76890000, lpProcName="VarBstrCmp") returned 0x768a5040 [0120.445] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76340000 [0120.445] GetProcAddress (hModule=0x76340000, lpProcName="CoCreateInstanceEx") returned 0x761641d0 [0120.446] GetProcAddress (hModule=0x76340000, lpProcName="CLSIDFromProgIDEx") returned 0x761748e0 [0120.446] GetSystemMetrics (nIndex=42) returned 0 [0120.446] CoGetMalloc (in: dwMemContext=0x1, ppMalloc=0x96e688 | out: ppMalloc=0x96e688*=0x7627fec4) returned 0x0 [0120.446] IMalloc:Alloc (This=0x7627fec4, cb=0x4) returned 0x675a90 [0120.446] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x19f950, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-44780.exe")) returned 0x2c [0120.446] lstrcatA (in: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", lpString2=".cfg" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe.cfg") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe.cfg" [0120.446] SetLastError (dwErrCode=0x0) [0120.446] SearchPathA (in: lpPath=0x0, lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe.cfg", lpExtension=0x0, nBufferLength=0x103, lpBuffer=0x19f84c, lpFilePart=0x19f820 | out: lpBuffer="hù\x19", lpFilePart=0x19f820*="\x8bÿU\x8bì\x83ì\x18SVW\x8b}\x0cÆEÿ") returned 0x0 [0120.447] SetLastError (dwErrCode=0x2) [0120.447] GetLastError () returned 0x2 [0120.447] lstrcmpiA (lpString1="Unicorn-44780", lpString2="MTX") returned 1 [0120.447] lstrcmpiA (lpString1="Unicorn-44780", lpString2="DLLHOST") returned 1 [0120.447] lstrcmpiA (lpString1="Unicorn-44780", lpString2="INETINFO") returned 1 [0120.447] lstrcmpiA (lpString1="Unicorn-44780", lpString2="W3WP") returned -1 [0120.447] lstrcmpiA (lpString1="Unicorn-44780", lpString2="ASPNET_WP") returned 1 [0120.447] lstrcmpiA (lpString1="Unicorn-44780", lpString2="DLLHST3G") returned 1 [0120.447] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x19f944, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-44780.exe")) returned 0x2c [0120.447] lstrcmpiA (lpString1="Unicorn-44780", lpString2="IEXPLORE") returned 1 [0120.448] LoadLibraryA (lpLibFileName="SXS.DLL") returned 0x717c0000 [0120.870] GetLastError () returned 0x0 [0120.870] GetProcAddress (hModule=0x717c0000, lpProcName="SxsOleAut32MapIIDOrCLSIDToTypeLibrary") returned 0x7182a250 [0120.870] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="", cbMultiByte=-1, lpWideCharStr=0x19fe90, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0120.871] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x1c) returned 0x22e1e38 [0120.872] CoRegisterMessageFilter (in: lpMessageFilter=0x22e1e3c, lplpMessageFilter=0x22e1e44 | out: lplpMessageFilter=0x22e1e44*=0x0) returned 0x0 [0120.872] IUnknown:AddRef (This=0x22e1e3c) returned 0x2 [0120.873] GetClassInfoExA (in: hInstance=0x860000, lpszClass="ThunderRT6Main", lpwcx=0x19fe60 | out: lpwcx=0x19fe60) returned 0 [0120.873] LoadIconA (hInstance=0x400000, lpIconName=0x1) returned 0x4032b [0120.882] GetModuleHandleA (lpModuleName="USER32") returned 0x77be0000 [0120.882] GetProcAddress (hModule=0x77be0000, lpProcName="GetSystemMetrics") returned 0x77c11aa0 [0120.882] GetProcAddress (hModule=0x77be0000, lpProcName="MonitorFromWindow") returned 0x77c15fb0 [0120.882] GetProcAddress (hModule=0x77be0000, lpProcName="MonitorFromRect") returned 0x77c06270 [0120.882] GetProcAddress (hModule=0x77be0000, lpProcName="MonitorFromPoint") returned 0x77c0db10 [0120.882] GetProcAddress (hModule=0x77be0000, lpProcName="EnumDisplayMonitors") returned 0x77c1e260 [0120.883] GetProcAddress (hModule=0x77be0000, lpProcName="GetMonitorInfoA") returned 0x77c016a0 [0120.883] GetSystemMetrics (nIndex=0) returned 1440 [0120.883] GetSystemMetrics (nIndex=78) returned 1440 [0120.883] GetSystemMetrics (nIndex=1) returned 900 [0120.883] GetSystemMetrics (nIndex=79) returned 900 [0120.883] GetSystemMetrics (nIndex=50) returned 16 [0120.883] GetSystemMetrics (nIndex=49) returned 16 [0120.883] LoadImageA (hInst=0x400000, name=0x1, type=0x1, cx=16, cy=16, fuLoad=0x0) returned 0x11016b [0120.884] RegisterClassExA (param_1=0x19fe60) returned 0xc1dc [0120.885] CreateWindowExA (dwExStyle=0x80, lpClassName="ThunderRT6Main", lpWindowName=0x0, dwStyle=0x80090000, X=-2147483648, Y=-2147483648, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x860000, lpParam=0x0) returned 0x20344 [0121.190] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x81, wParam=0x0, lParam=0x19f9d8) returned 0x1 [0121.207] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x83, wParam=0x0, lParam=0x19f9c4) returned 0x0 [0121.208] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x1, wParam=0x0, lParam=0x19f9d8) returned 0x0 [0121.208] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0121.209] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0121.209] MonitorFromWindow (hwnd=0x20344, dwFlags=0x2) returned 0x10001 [0121.209] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x19fe68 | out: lpmi=0x19fe68) returned 1 [0121.209] SetWindowPos (hWnd=0x20344, hWndInsertAfter=0x0, X=720, Y=450, cx=0, cy=0, uFlags=0x1d) returned 1 [0121.211] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x46, wParam=0x0, lParam=0x19fe0c) returned 0x0 [0121.212] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x47, wParam=0x0, lParam=0x19fe0c) returned 0x0 [0121.212] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x3, wParam=0x0, lParam=0x1c202d0) returned 0x0 [0121.212] ShowWindow (hWnd=0x20344, nCmdShow=4) returned 0 [0121.212] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0121.213] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x46, wParam=0x0, lParam=0x19fe1c) returned 0x0 [0121.227] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x47, wParam=0x0, lParam=0x19fe1c) returned 0x0 [0121.227] GetWindowThreadProcessId (in: hWnd=0x20344, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x15c8 [0121.227] VirtualQuery (in: lpAddress=0x19fe90, lpBuffer=0x19fe74, dwLength=0x1c | out: lpBuffer=0x19fe74*(BaseAddress=0x19f000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0121.228] GetUserDefaultLCID () returned 0x409 [0121.228] IsValidCodePage (CodePage=0x3a4) returned 1 [0121.228] IsValidCodePage (CodePage=0x3b5) returned 1 [0121.228] IsValidCodePage (CodePage=0x3b6) returned 1 [0121.229] IsValidCodePage (CodePage=0x3a8) returned 1 [0121.234] GetUserDefaultLangID () returned 0x409 [0121.234] GetSystemDefaultLangID () returned 0x670409 [0121.234] GetSystemMetrics (nIndex=42) returned 0 [0121.235] IMalloc:Alloc (This=0x7627fec4, cb=0xa8) returned 0x670e88 [0121.235] IMalloc:GetSize (This=0x7627fec4, pv=0x670e88) returned 0xa8 [0121.235] IMalloc:Alloc (This=0x7627fec4, cb=0xc) returned 0x684da8 [0121.235] GetCurrentThreadId () returned 0x15c8 [0121.235] IMalloc:Alloc (This=0x7627fec4, cb=0x3c) returned 0x676bb8 [0121.235] IMalloc:Alloc (This=0x7627fec4, cb=0x1c) returned 0x679eb8 [0121.235] RegOpenKeyA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\VBA\\Monitors", phkResult=0x19fe5c | out: phkResult=0x19fe5c*=0x0) returned 0x2 [0121.236] IMalloc:Alloc (This=0x7627fec4, cb=0x1c) returned 0x679ee0 [0121.236] GetCurrentThreadId () returned 0x15c8 [0121.236] SetWindowsHookExA (idHook=-1, lpfn=0x8c1e09, hmod=0x0, dwThreadId=0x15c8) returned 0x6015d [0121.236] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x14) returned 0x22e1e60 [0121.236] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x80) returned 0x22e1e80 [0121.236] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x10) returned 0x22e1f08 [0121.236] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x2c) returned 0x22e1f20 [0121.236] GetClassInfoA (in: hInstance=0x860000, lpClassName="VBMsoStdCompMgr", lpWndClass=0x19fdb4 | out: lpWndClass=0x19fdb4) returned 0 [0121.237] RegisterClassA (lpWndClass=0x19fdb4) returned 0xc1de [0121.237] CreateWindowExA (dwExStyle=0x0, lpClassName="VBMsoStdCompMgr", lpWindowName=0x0, dwStyle=0x80000000, X=-2147483648, Y=-2147483648, nWidth=-2147483648, nHeight=-2147483648, hWndParent=0x0, hMenu=0x0, hInstance=0x860000, lpParam=0x0) returned 0x20366 [0121.237] NtdllDefWindowProc_A (hWnd=0x20366, Msg=0x81, wParam=0x0, lParam=0x19f988) returned 0x1 [0121.238] NtdllDefWindowProc_A (hWnd=0x20366, Msg=0x83, wParam=0x0, lParam=0x19f974) returned 0x0 [0121.239] NtdllDefWindowProc_A (hWnd=0x20366, Msg=0x1, wParam=0x0, lParam=0x19f988) returned 0x0 [0121.239] NtdllDefWindowProc_A (hWnd=0x20366, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0121.240] NtdllDefWindowProc_A (hWnd=0x20366, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0121.247] SetWindowLongA (hWnd=0x20366, nIndex=0, dwNewLong=36576900) returned 0 [0121.247] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x38) returned 0x22e1f58 [0121.247] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x18) returned 0x22e1f98 [0121.247] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x10) returned 0x22e1fb8 [0121.247] RegisterClipboardFormatA (lpszFormat="Object Descriptor") returned 0xc00e [0121.247] RegisterClipboardFormatA (lpszFormat="Link Source Descriptor") returned 0xc00f [0121.248] RegisterClipboardFormatA (lpszFormat="Embed Source") returned 0xc00b [0121.248] RegisterClipboardFormatA (lpszFormat="Embedded Object") returned 0xc00a [0121.248] RegisterClipboardFormatA (lpszFormat="Link Source") returned 0xc00d [0121.248] RegisterClipboardFormatA (lpszFormat="OwnerLink") returned 0xc003 [0121.248] RegisterClipboardFormatA (lpszFormat="FileName") returned 0xc006 [0121.248] CreateCompatibleDC (hdc=0x0) returned 0x2b0108dc [0121.248] GetCurrentObject (hdc=0x2b0108dc, type=0x7) returned 0x85000f [0121.248] CreateWindowExA (dwExStyle=0x0, lpClassName="VBFocusRT6", lpWindowName=0x0, dwStyle=0x40000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x20344, hMenu=0x0, hInstance=0x860000, lpParam=0x0) returned 0x20342 [0121.250] NtdllDefWindowProc_A (hWnd=0x20342, Msg=0x81, wParam=0x0, lParam=0x19fa18) returned 0x1 [0121.250] NtdllDefWindowProc_A (hWnd=0x20342, Msg=0x83, wParam=0x0, lParam=0x19fa04) returned 0x0 [0121.251] NtdllDefWindowProc_A (hWnd=0x20342, Msg=0x1, wParam=0x0, lParam=0x19fa18) returned 0x0 [0121.251] NtdllDefWindowProc_A (hWnd=0x20342, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0121.251] NtdllDefWindowProc_A (hWnd=0x20342, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0121.251] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x210, wParam=0x1, lParam=0x20342) returned 0x0 [0121.252] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x18) returned 0x22e1fd0 [0121.252] RtlAllocateHeap (HeapHandle=0x22a0000, Flags=0x8, Size=0x114) returned 0x22a05b8 [0121.252] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x5c) returned 0x22e1ff0 [0121.252] GetCurrentThreadId () returned 0x15c8 [0121.252] GetCurrentThreadId () returned 0x15c8 [0121.252] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x10) returned 0x22e2058 [0121.252] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x30) returned 0x22e2070 [0121.252] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x434) returned 0x22e20a8 [0121.252] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x434) returned 0x22e24e8 [0121.253] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x3c) returned 0x22e2928 [0121.253] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22e2970 [0121.253] lstrlenA (lpString="VB") returned 2 [0121.253] lstrlenA (lpString="Label") returned 5 [0121.253] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x9) returned 0x22e2a90 [0121.253] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x34) returned 0x22e2aa8 [0121.253] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xf0) returned 0x22e2ae8 [0121.253] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x48) returned 0x22e2be0 [0121.253] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x1f4) returned 0x22e2c30 [0121.253] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x28) returned 0x22e2e30 [0121.253] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e2e60 [0121.253] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x28) returned 0x22e2e80 [0121.253] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22e2eb0 [0121.253] lstrlenA (lpString="VB") returned 2 [0121.253] lstrlenA (lpString="TextBox") returned 7 [0121.253] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xb) returned 0x22e2fd0 [0121.253] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x38) returned 0x22e2fe8 [0121.254] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x120) returned 0x22e3028 [0121.254] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x60) returned 0x22e3150 [0121.254] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x250) returned 0x22e31b8 [0121.254] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e3410 [0121.254] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22e3430 [0121.254] lstrlenA (lpString="VB") returned 2 [0121.254] lstrlenA (lpString="Timer") returned 5 [0121.254] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x9) returned 0x22e3550 [0121.254] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xc) returned 0x22e3568 [0121.254] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x30) returned 0x22e3580 [0121.254] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x4) returned 0x22e35b8 [0121.254] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x9c) returned 0x22e35c8 [0121.254] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e3670 [0121.254] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22e3690 [0121.255] lstrlenA (lpString="VB") returned 2 [0121.255] lstrlenA (lpString="Printer") returned 7 [0121.255] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xb) returned 0x22e37b0 [0121.255] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xdc) returned 0x22e37c8 [0121.255] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e38b0 [0121.255] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22e38d0 [0121.255] lstrlenA (lpString="VB") returned 2 [0121.255] lstrlenA (lpString="Form") returned 4 [0121.255] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x8) returned 0x22e39f0 [0121.255] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x184) returned 0x22e3a00 [0121.255] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x7c) returned 0x22e3b90 [0121.255] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2f8) returned 0x22e3c18 [0121.255] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e3f18 [0121.255] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22e3f38 [0121.256] lstrlenA (lpString="VB") returned 2 [0121.256] lstrlenA (lpString="Screen") returned 6 [0121.256] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xa) returned 0x22e4058 [0121.256] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x2c) returned 0x22e4070 [0121.256] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xa0) returned 0x22e40a8 [0121.256] RtlReAllocateHeap (Heap=0x22e0000, Flags=0x0, Ptr=0x22e2e30, Size=0x50) returned 0x22e4150 [0121.256] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e2e30 [0121.256] RtlReAllocateHeap (Heap=0x22e0000, Flags=0x0, Ptr=0x22e2e80, Size=0x50) returned 0x22e41a8 [0121.256] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22e4200 [0121.256] lstrlenA (lpString="VB") returned 2 [0121.256] lstrlenA (lpString="Clipboard") returned 9 [0121.256] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xd) returned 0x22e2e80 [0121.256] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x1c) returned 0x22e4320 [0121.256] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x68) returned 0x22e4348 [0121.256] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e43b8 [0121.256] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22e43d8 [0121.257] lstrlenA (lpString="VB") returned 2 [0121.257] lstrlenA (lpString="MDIForm") returned 7 [0121.257] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xb) returned 0x22e2e98 [0121.257] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x184) returned 0x22e44f8 [0121.257] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x7c) returned 0x22e4688 [0121.257] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2f8) returned 0x22e4710 [0121.257] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e4a10 [0121.257] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22e4a30 [0121.257] lstrlenA (lpString="VB") returned 2 [0121.257] lstrlenA (lpString="App") returned 3 [0121.257] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x7) returned 0x22e2e50 [0121.257] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x84) returned 0x22e4b50 [0121.257] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x148) returned 0x22e4be0 [0121.257] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e4d30 [0121.257] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22e4d50 [0121.257] lstrlenA (lpString="VB") returned 2 [0121.257] lstrlenA (lpString="UserControl") returned 11 [0121.257] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xf) returned 0x22e4e70 [0121.257] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x1e4) returned 0x22e4e88 [0121.258] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xb0) returned 0x22e5078 [0121.258] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x3a4) returned 0x22e5130 [0121.258] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e54e0 [0121.258] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22e5500 [0121.258] lstrlenA (lpString="VB") returned 2 [0121.258] lstrlenA (lpString="PropertyPage") returned 12 [0121.258] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x10) returned 0x22e5620 [0121.258] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x190) returned 0x22e5638 [0121.258] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x88) returned 0x22e57d0 [0121.258] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x310) returned 0x22e5860 [0121.258] RtlReAllocateHeap (Heap=0x22e0000, Flags=0x0, Ptr=0x22e4150, Size=0x78) returned 0x22e5b78 [0121.258] lstrcmpiA (lpString1="VB.MDIForm", lpString2="VB.PropertyPage") returned -1 [0121.259] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e4150 [0121.259] RtlReAllocateHeap (Heap=0x22e0000, Flags=0x0, Ptr=0x22e41a8, Size=0x78) returned 0x22e5bf8 [0121.259] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22e5c78 [0121.259] lstrlenA (lpString="VB") returned 2 [0121.259] lstrlenA (lpString="UserDocument") returned 12 [0121.259] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x10) returned 0x22e4170 [0121.259] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x1c8) returned 0x22e5d98 [0121.259] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xa8) returned 0x22e5f68 [0121.259] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x370) returned 0x22e6018 [0121.259] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e4188 [0121.260] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x20) returned 0x22e41a8 [0121.260] RtlAllocateHeap (HeapHandle=0x22a0000, Flags=0x8, Size=0x30) returned 0x22a06d8 [0121.260] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xa0) returned 0x22e6390 [0121.260] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x28) returned 0x22e41d0 [0121.260] GetCurrentThreadId () returned 0x15c8 [0121.260] GetCurrentThreadId () returned 0x15c8 [0121.260] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x10) returned 0x22e6438 [0121.260] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22e6450 [0121.260] lstrlenA (lpString="VB") returned 2 [0121.260] lstrlenA (lpString="PictureBox") returned 10 [0121.260] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xe) returned 0x22e6570 [0121.260] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x16c) returned 0x22e6588 [0121.260] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x68) returned 0x22e6700 [0121.260] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2c8) returned 0x22e6770 [0121.261] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e6a40 [0121.261] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22e6a60 [0121.261] lstrlenA (lpString="VB") returned 2 [0121.261] lstrlenA (lpString="Frame") returned 5 [0121.261] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x9) returned 0x22e6b80 [0121.261] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x24) returned 0x22e04b0 [0121.264] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xb0) returned 0x22e04e0 [0121.264] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x34) returned 0x22e9ac8 [0121.264] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x184) returned 0x22e9b08 [0121.264] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e0598 [0121.265] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22e9c98 [0121.265] lstrlenA (lpString="VB") returned 2 [0121.265] lstrlenA (lpString="CommandButton") returned 13 [0121.265] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x11) returned 0x22ea060 [0121.265] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x28) returned 0x22ea5c0 [0121.265] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xd4) returned 0x22ea5f0 [0121.265] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x44) returned 0x22ea6d0 [0121.265] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x1c8) returned 0x22ea720 [0121.265] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e9f20 [0121.265] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22ea8f0 [0121.265] lstrlenA (lpString="VB") returned 2 [0121.265] lstrlenA (lpString="CheckBox") returned 8 [0121.265] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xc) returned 0x22eaa10 [0121.265] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x28) returned 0x22eaa28 [0121.265] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xec) returned 0x22eaa58 [0121.265] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x48) returned 0x22eab50 [0121.265] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x1f8) returned 0x22eaba0 [0121.265] RtlReAllocateHeap (Heap=0x22e0000, Flags=0x0, Ptr=0x22e5b78, Size=0xa0) returned 0x22eada0 [0121.266] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e9f80 [0121.266] RtlReAllocateHeap (Heap=0x22e0000, Flags=0x0, Ptr=0x22e5bf8, Size=0xa0) returned 0x22eae48 [0121.266] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22eaef0 [0121.266] lstrlenA (lpString="VB") returned 2 [0121.266] lstrlenA (lpString="OptionButton") returned 12 [0121.266] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x10) returned 0x22eb1e8 [0121.266] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x28) returned 0x22e5b78 [0121.266] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xd4) returned 0x22eb218 [0121.266] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x4c) returned 0x22e5ba8 [0121.266] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x1c8) returned 0x22eb2f8 [0121.266] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22ea140 [0121.266] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22eb868 [0121.266] lstrlenA (lpString="VB") returned 2 [0121.266] lstrlenA (lpString="ComboBox") returned 8 [0121.267] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xc) returned 0x22eb158 [0121.267] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x108) returned 0x22ec4d0 [0121.267] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x4c) returned 0x22ec710 [0121.267] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x230) returned 0x22ecde8 [0121.267] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e9ee0 [0121.267] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22eb4f0 [0121.267] lstrlenA (lpString="VB") returned 2 [0121.267] lstrlenA (lpString="ListBox") returned 7 [0121.267] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xb) returned 0x22eb098 [0121.267] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x108) returned 0x22ed020 [0121.267] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x54) returned 0x22e5c00 [0121.267] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x230) returned 0x22ed130 [0121.267] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22ea160 [0121.267] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22eb740 [0121.267] lstrlenA (lpString="VB") returned 2 [0121.267] lstrlenA (lpString="HScrollBar") returned 10 [0121.267] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xe) returned 0x22eb050 [0121.267] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x24) returned 0x22ed368 [0121.267] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x90) returned 0x22ed398 [0121.268] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x28) returned 0x22ed430 [0121.268] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x144) returned 0x22ed460 [0121.268] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e9e80 [0121.268] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22ebbe0 [0121.268] lstrlenA (lpString="VB") returned 2 [0121.268] lstrlenA (lpString="VScrollBar") returned 10 [0121.268] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xe) returned 0x22eb068 [0121.268] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x24) returned 0x22ed5b0 [0121.268] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x90) returned 0x22ed5e0 [0121.268] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x28) returned 0x22ed678 [0121.268] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x144) returned 0x22ed6a8 [0121.268] RtlReAllocateHeap (Heap=0x22e0000, Flags=0x0, Ptr=0x22eada0, Size=0xc8) returned 0x22ed7f8 [0121.268] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22ea100 [0121.268] RtlReAllocateHeap (Heap=0x22e0000, Flags=0x0, Ptr=0x22eae48, Size=0xc8) returned 0x22ed8c8 [0121.268] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22ebd08 [0121.268] lstrlenA (lpString="VB") returned 2 [0121.268] lstrlenA (lpString="DriveListBox") returned 12 [0121.268] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x10) returned 0x22eb0b0 [0121.268] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x28) returned 0x22eada0 [0121.268] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xc0) returned 0x22eadd0 [0121.269] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x40) returned 0x22eae98 [0121.269] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x1a0) returned 0x22ed998 [0121.269] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22ea040 [0121.269] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22ec080 [0121.269] lstrlenA (lpString="VB") returned 2 [0121.269] lstrlenA (lpString="DirListBox") returned 10 [0121.269] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xe) returned 0x22eb080 [0121.269] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x28) returned 0x22edb40 [0121.269] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xc8) returned 0x22edb70 [0121.269] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x50) returned 0x22eca28 [0121.269] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x1b0) returned 0x22edc40 [0121.269] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22ea000 [0121.269] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22ebe30 [0121.269] lstrlenA (lpString="VB") returned 2 [0121.269] lstrlenA (lpString="FileListBox") returned 11 [0121.269] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xf) returned 0x22eb128 [0121.269] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x28) returned 0x22eddf8 [0121.269] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xec) returned 0x22ede28 [0121.269] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x58) returned 0x22edf20 [0121.269] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x1f8) returned 0x22edf80 [0121.270] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e9e20 [0121.270] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22ebf58 [0121.270] lstrlenA (lpString="VB") returned 2 [0121.270] lstrlenA (lpString="Menu") returned 4 [0121.270] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x8) returned 0x22eaee0 [0121.270] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x38) returned 0x22ee180 [0121.270] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x4) returned 0x22e5c60 [0121.270] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xb8) returned 0x22ee1c0 [0121.270] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e9f60 [0121.270] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22ec1a8 [0121.270] lstrlenA (lpString="VB") returned 2 [0121.270] lstrlenA (lpString="Shape") returned 5 [0121.270] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x9) returned 0x22eb0c8 [0121.270] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x1c) returned 0x22ee280 [0121.270] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x68) returned 0x22ee2a8 [0121.270] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xfc) returned 0x22ee318 [0121.270] RtlReAllocateHeap (Heap=0x22e0000, Flags=0x0, Ptr=0x22ed7f8, Size=0xf0) returned 0x22ee420 [0121.271] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e9e60 [0121.271] RtlReAllocateHeap (Heap=0x22e0000, Flags=0x0, Ptr=0x22ed8c8, Size=0xf0) returned 0x22ee518 [0121.271] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22eb618 [0121.271] lstrlenA (lpString="VB") returned 2 [0121.271] lstrlenA (lpString="Line") returned 4 [0121.271] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x8) returned 0x22ed7f8 [0121.271] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x18) returned 0x22ea120 [0121.271] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x50) returned 0x22ec768 [0121.271] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xd0) returned 0x22ed808 [0121.271] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22ea180 [0121.271] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22eb990 [0121.271] lstrlenA (lpString="VB") returned 2 [0121.271] lstrlenA (lpString="Image") returned 5 [0121.271] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x9) returned 0x22eb170 [0121.271] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x24) returned 0x22ed8e0 [0121.271] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x98) returned 0x22ee610 [0121.271] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x34) returned 0x22ed910 [0121.271] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x154) returned 0x22ee6b0 [0121.271] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e9f40 [0121.272] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22ebab8 [0121.272] lstrlenA (lpString="VB") returned 2 [0121.272] lstrlenA (lpString="Data") returned 4 [0121.272] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x8) returned 0x22ed950 [0121.272] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xd8) returned 0x22ee810 [0121.272] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x3c) returned 0x22ee8f0 [0121.272] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x1d8) returned 0x22ee938 [0121.272] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22ea0c0 [0121.272] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x114) returned 0x22ec2d0 [0121.272] lstrlenA (lpString="VB") returned 2 [0121.272] lstrlenA (lpString="OLE") returned 3 [0121.272] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x7) returned 0x22ed960 [0121.272] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x17c) returned 0x22eeb18 [0121.272] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x40) returned 0x22eeca0 [0121.272] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2f0) returned 0x22eece8 [0121.272] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e9e00 [0121.273] IMalloc:Alloc (This=0x7627fec4, cb=0x64) returned 0x670830 [0121.273] IMalloc:Alloc (This=0x7627fec4, cb=0xc) returned 0x684dc0 [0121.273] IMalloc:Alloc (This=0x7627fec4, cb=0x2c) returned 0x679110 [0121.273] IMalloc:GetSize (This=0x7627fec4, pv=0x679110) returned 0x2c [0121.273] IMalloc:Alloc (This=0x7627fec4, cb=0x20) returned 0x679f08 [0121.273] GetCurrentThreadId () returned 0x15c8 [0121.273] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x54) returned 0x2a60048 [0121.274] GetCurrentThreadId () returned 0x15c8 [0121.274] IMalloc:Alloc (This=0x7627fec4, cb=0x1c) returned 0x679ff8 [0121.274] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x104) returned 0x2a600a8 [0121.274] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x6f8) returned 0x2a601b8 [0121.274] VirtualProtect (in: lpAddress=0x590000, dwSize=0x6000, flNewProtect=0x4, lpflOldProtect=0x19fde0 | out: lpflOldProtect=0x19fde0*=0x20) returned 1 [0121.275] GetCurrentProcess () returned 0xffffffff [0121.275] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x590000, dwSize=0x6000) returned 1 [0121.275] VirtualAlloc (lpAddress=0x590000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x590000 [0121.275] VirtualAlloc (lpAddress=0x590000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x590000 [0121.276] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xd4) returned 0x2a608b8 [0121.276] VirtualAlloc (lpAddress=0x590000, dwSize=0x9000, flAllocationType=0x1000, flProtect=0x4) returned 0x590000 [0121.276] VirtualAlloc (lpAddress=0x590000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0x590000 [0121.276] VirtualProtect (in: lpAddress=0x590000, dwSize=0xa000, flNewProtect=0x20, lpflOldProtect=0x19fde0 | out: lpflOldProtect=0x19fde0*=0x4) returned 1 [0121.473] GetCurrentProcess () returned 0xffffffff [0121.473] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x590000, dwSize=0xa000) returned 1 [0121.473] GetCurrentThreadId () returned 0x15c8 [0121.473] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x23ec) returned 0x2a60998 [0121.487] GetCurrentThreadId () returned 0x15c8 [0121.488] SetWindowTextA (hWnd=0x20344, lpString="Kawaii-Unicorn") returned 1 [0121.488] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0xc, wParam=0x0, lParam=0x19fd54) returned 0x1 [0121.488] RegOpenKeyA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\VBA\\Monitors", phkResult=0x19fd3c | out: phkResult=0x19fd3c*=0x0) returned 0x2 [0121.489] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0121.489] VirtualQuery (in: lpAddress=0x19f768, lpBuffer=0x19f74c, dwLength=0x1c | out: lpBuffer=0x19f74c*(BaseAddress=0x19f000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0121.489] IMalloc:Alloc (This=0x7627fec4, cb=0x50) returned 0x670d20 [0121.489] IMalloc:GetSize (This=0x7627fec4, pv=0x670d20) returned 0x50 [0121.489] GetCurrentThreadId () returned 0x15c8 [0121.489] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x104) returned 0x2a62d90 [0121.489] GetCurrentThreadId () returned 0x15c8 [0121.490] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xc4) returned 0x2a62ea0 [0121.490] GetCurrentThreadId () returned 0x15c8 [0121.490] GetCurrentThreadId () returned 0x15c8 [0121.490] GetCurrentThreadId () returned 0x15c8 [0121.490] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x140) returned 0x2a62f70 [0121.490] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x10) returned 0x22eb140 [0121.490] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x434) returned 0x2a630b8 [0121.490] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1ac [0121.491] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x198) returned 0x2a634f8 [0121.491] GetVersionExA (in: lpVersionInformation=0x19fa64*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x19fabc, dwMinorVersion=0x2a62eb0, dwBuildNumber=0x22e0000, dwPlatformId=0x3e6, szCSDVersion="^\x03") | out: lpVersionInformation=0x19fa64*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0121.491] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0121.491] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e9ea0 [0121.491] lstrlenA (lpString="vb6chs.dll") returned 10 [0121.491] lstrlenA (lpString="C:\\Windows\\SYSTEM32\\") returned 20 [0121.491] lstrcpyA (in: lpString1=0x19f9c8, lpString2="C:\\Windows\\SYSTEM32\\" | out: lpString1="C:\\Windows\\SYSTEM32\\") returned="C:\\Windows\\SYSTEM32\\" [0121.491] lstrcatA (in: lpString1="C:\\Windows\\SYSTEM32\\", lpString2="vb6chs.dll" | out: lpString1="C:\\Windows\\SYSTEM32\\vb6chs.dll") returned="C:\\Windows\\SYSTEM32\\vb6chs.dll" [0121.491] LoadLibraryA (lpLibFileName="C:\\Windows\\SYSTEM32\\vb6chs.dll") returned 0x0 [0121.492] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x14) returned 0x22ea080 [0121.492] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x80) returned 0x2a63698 [0121.492] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63698 | out: hHeap=0x22e0000) returned 1 [0121.492] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="MS Sans Serif", cbMultiByte=-1, lpWideCharStr=0x19fa8c, cchWideChar=14 | out: lpWideCharStr="MS Sans Serif") returned 14 [0121.492] OleCreateFontIndirect () returned 0x0 [0121.493] CFont::SetRatio () returned 0x0 [0121.493] CFont::get_hFont () returned 0x0 [0121.495] CFont::Clone () returned 0x0 [0121.495] CFont::SetRatio () returned 0x0 [0121.496] lstrlenA (lpString="I'm Unicorn") returned 11 [0121.496] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xc) returned 0x22eb200 [0121.496] OleTranslateColor () returned 0x0 [0121.496] OleLoadPictureEx () returned 0x0 [0122.747] CPicture::get_Type () returned 0x0 [0122.748] CPicture::QueryInterface () returned 0x0 [0122.748] CPicture::AddRef () returned 0x3 [0122.748] CPicture::Release () returned 0x2 [0122.748] CPicture::Release () returned 0x1 [0122.748] lstrlenA (lpString="Form1") returned 5 [0122.748] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x6) returned 0x22ed970 [0122.748] lstrlenA (lpString="ThunderRT6") returned 10 [0122.748] lstrcpyA (in: lpString1=0x19faa0, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0122.748] lstrlenA (lpString="ThunderRT6Form") returned 14 [0122.748] lstrcpynA (in: lpString1=0x19faae, lpString2="DC", iMaxLength=116 | out: lpString1="DC") returned="DC" [0122.748] lstrlenA (lpString="ThunderRT6") returned 10 [0122.748] lstrcpyA (in: lpString1=0x19fa34, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0122.748] GetClassInfoA (in: hInstance=0x860000, lpClassName="ThunderRT6Form", lpWndClass=0x19fa60 | out: lpWndClass=0x19fa60) returned 0 [0122.749] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0122.749] RegisterClassA (lpWndClass=0x19fa60) returned 0xc1cf [0122.749] lstrlenA (lpString="ThunderRT6") returned 10 [0122.749] lstrcpyA (in: lpString1=0x19fa34, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0122.749] lstrlenA (lpString="ThunderRT6Form") returned 14 [0122.749] lstrcpynA (in: lpString1=0x19fa42, lpString2="DC", iMaxLength=29 | out: lpString1="DC") returned="DC" [0122.749] RegisterClassA (lpWndClass=0x19fa60) returned 0xc1ec [0122.749] AdjustWindowRectEx (in: lpRect=0x19fb60, dwStyle=0x2000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19fb60) returned 1 [0122.750] CreateWindowExA (dwExStyle=0x0, lpClassName=0xc1ec, lpWindowName="I'm Unicorn", dwStyle=0x2000000, X=0, Y=0, nWidth=748, nHeight=681, hWndParent=0x20344, hMenu=0x0, hInstance=0x860000, lpParam=0x0) returned 0x2035a [0122.830] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x81, wParam=0x0, lParam=0x19f618) returned 0x1 [0122.831] SetWindowLongA (hWnd=0x2035a, nIndex=-16, dwNewLong=33554432) returned 113246208 [0122.839] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x7c, wParam=0xfffffff0, lParam=0x19f1ec) returned 0x0 [0122.879] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x7d, wParam=0xfffffff0, lParam=0x19f1ec) returned 0x0 [0122.884] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x83, wParam=0x0, lParam=0x19f604) returned 0x0 [0122.885] GetSystemMenu (hWnd=0x2035a, bRevert=0) returned 0x0 [0122.885] SetWindowContextHelpId (param_1=0x2035a, param_2=0xffffffff) returned 1 [0122.885] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x1, wParam=0x0, lParam=0x19f618) returned 0x0 [0122.889] GetDC (hWnd=0x2035a) returned 0x72010942 [0122.891] GetTextMetricsA (in: hdc=0x72010942, lptm=0x19fa4c | out: lptm=0x19fa4c) returned 1 [0122.891] SetBkMode (hdc=0x72010942, mode=1) returned 2 [0122.891] OleTranslateColor () returned 0x0 [0122.892] SetBkColor (hdc=0x72010942, color=0x0) returned 0xffffff [0122.892] OleTranslateColor () returned 0x0 [0122.892] SetTextColor (hdc=0x72010942, color=0x0) returned 0x0 [0122.892] OleTranslateColor () returned 0x0 [0122.892] CreatePen (iStyle=0, cWidth=1, color=0x0) returned 0x42300941 [0122.892] SelectObject (hdc=0x72010942, h=0x42300941) returned 0xb00017 [0122.892] SelectObject (hdc=0x72010942, h=0x900011) returned 0x900010 [0122.892] ClientToScreen (in: hWnd=0x2035a, lpPoint=0x19fa2c | out: lpPoint=0x19fa2c) returned 1 [0122.892] SetBrushOrgEx (in: hdc=0x72010942, x=0, y=0, lppt=0x0 | out: lppt=0x0) returned 1 [0122.892] UnrealizeObject (h=0x900015) returned 1 [0122.892] SelectObject (hdc=0x72010942, h=0x900015) returned 0x900011 [0122.892] CFont::QueryInterface () returned 0x0 [0122.892] CFont::FindConnectionPoint () returned 0x0 [0122.892] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x14) returned 0x22e9ec0 [0122.892] CNotifyCP::Advise () returned 0x0 [0122.892] CFont::get_hFont () returned 0x0 [0122.892] CFont::AddRefHfont () returned 0x0 [0122.892] SelectObject (hdc=0x72010942, h=0x40a0934) returned 0x58a00b4 [0122.892] GetTextMetricsA (in: hdc=0x72010942, lptm=0x19f840 | out: lptm=0x19f840) returned 1 [0122.892] CFontEventsCP::Release () returned 0x0 [0122.892] Release () returned 0x1 [0122.893] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xdc) returned 0x2a63698 [0122.893] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e9de0 [0122.893] lstrlenA (lpString="ThunderRT6") returned 10 [0122.893] lstrcpyA (in: lpString1=0x19fa70, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0122.893] lstrlenA (lpString="ThunderRT6") returned 10 [0122.893] lstrcpyA (in: lpString1=0x19fa04, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0122.893] GetClassInfoA (in: hInstance=0x860000, lpClassName="ThunderRT6Timer", lpWndClass=0x19fa30 | out: lpWndClass=0x19fa30) returned 0 [0122.893] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0122.894] RegisterClassA (lpWndClass=0x19fa30) returned 0xc1ed [0122.894] CreateWindowExA (dwExStyle=0x4, lpClassName=0xc1ed, lpWindowName=0x0, dwStyle=0x44010000, X=656, Y=368, nWidth=0, nHeight=0, hWndParent=0x2035a, hMenu=0x1, hInstance=0x860000, lpParam=0x0) returned 0x50370 [0122.894] SetTimer (hWnd=0x50370, nIDEvent=0x50370, uElapse=0x2328, lpTimerFunc=0x0) returned 0x50370 [0122.895] NtdllDefWindowProc_A (hWnd=0x50370, Msg=0x81, wParam=0x0, lParam=0x19f5e8) returned 0x1 [0122.895] NtdllDefWindowProc_A (hWnd=0x50370, Msg=0x83, wParam=0x0, lParam=0x19f5d4) returned 0x0 [0122.896] NtdllDefWindowProc_A (hWnd=0x50370, Msg=0x1, wParam=0x0, lParam=0x19f5e8) returned 0x0 [0122.896] NtdllDefWindowProc_A (hWnd=0x50370, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0122.896] NtdllDefWindowProc_A (hWnd=0x50370, Msg=0x3, wParam=0x0, lParam=0x1700290) returned 0x0 [0122.897] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xf4) returned 0x2a63780 [0122.897] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22ea1a0 [0122.897] CFont::Clone () returned 0x0 [0122.897] CFont::SetRatio () returned 0x0 [0122.897] lstrlenA (lpString="0") returned 1 [0122.897] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2) returned 0x22ed980 [0122.897] lstrlenA (lpString="ThunderRT6") returned 10 [0122.897] lstrcpyA (in: lpString1=0x19fa70, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0122.897] lstrlenA (lpString="ThunderRT6") returned 10 [0122.897] lstrcpyA (in: lpString1=0x19fa04, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0122.897] GetClassInfoA (in: hInstance=0x0, lpClassName="Edit", lpWndClass=0x19fa30 | out: lpWndClass=0x19fa30) returned 1 [0122.898] GetClassInfoA (in: hInstance=0x860000, lpClassName="ThunderRT6TextBox", lpWndClass=0x19fa30 | out: lpWndClass=0x19fa30) returned 0 [0122.898] RegisterClassA (lpWndClass=0x19fa30) returned 0xc1ee [0122.898] CreateWindowExA (dwExStyle=0x204, lpClassName=0xc1ee, lpWindowName="0", dwStyle=0x440100e0, X=64, Y=48, nWidth=41, nHeight=19, hWndParent=0x2035a, hMenu=0x2, hInstance=0x860000, lpParam=0x0) returned 0x70368 [0122.899] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0x81, wParam=0x0, lParam=0x19f5e8) returned 0x1 [0122.901] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0x83, wParam=0x0, lParam=0x19f5d4) returned 0x0 [0122.901] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0x1, wParam=0x0, lParam=0x19f5e8) returned 0x1 [0122.921] IsWindow (hWnd=0x70368) returned 1 [0122.921] IsWindow (hWnd=0x70368) returned 1 [0122.924] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0xcc, wParam=0x0, lParam=0x0) returned 0x1 [0123.297] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0x5, wParam=0x0, lParam=0xf0025) returned 0x0 [0123.298] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0x3, wParam=0x0, lParam=0x320042) returned 0x0 [0123.298] CFont::QueryInterface () returned 0x0 [0123.298] CFont::FindConnectionPoint () returned 0x0 [0123.298] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x14) returned 0x22e9fa0 [0123.298] CNotifyCP::Advise () returned 0x0 [0123.298] CFont::get_hFont () returned 0x0 [0123.298] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0x30, wParam=0x40a0934, lParam=0x0) returned 0x1 [0123.300] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0xd3, wParam=0xffff, lParam=0x0) returned 0x0 [0123.300] CFontEventsCP::Release () returned 0x0 [0123.300] Release () returned 0x1 [0123.300] ShowWindow (hWnd=0x70368, nCmdShow=5) returned 0 [0123.300] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0123.301] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xdc) returned 0x2a63880 [0123.301] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e9e40 [0123.301] lstrlenA (lpString="ThunderRT6") returned 10 [0123.301] lstrcpyA (in: lpString1=0x19fa70, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0123.301] CreateWindowExA (dwExStyle=0x4, lpClassName=0xc1ed, lpWindowName=0x0, dwStyle=0x44010000, X=576, Y=136, nWidth=0, nHeight=0, hWndParent=0x2035a, hMenu=0x3, hInstance=0x860000, lpParam=0x0) returned 0x10382 [0123.302] SetTimer (hWnd=0x10382, nIDEvent=0x10382, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x10382 [0123.302] NtdllDefWindowProc_A (hWnd=0x10382, Msg=0x81, wParam=0x0, lParam=0x19f5e8) returned 0x1 [0123.303] NtdllDefWindowProc_A (hWnd=0x10382, Msg=0x83, wParam=0x0, lParam=0x19f5d4) returned 0x0 [0123.303] NtdllDefWindowProc_A (hWnd=0x10382, Msg=0x1, wParam=0x0, lParam=0x19f5e8) returned 0x0 [0123.304] NtdllDefWindowProc_A (hWnd=0x10382, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0123.304] NtdllDefWindowProc_A (hWnd=0x10382, Msg=0x3, wParam=0x0, lParam=0x880240) returned 0x0 [0123.304] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xdc) returned 0x2a63968 [0123.304] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22e9f00 [0123.304] CFont::Clone () returned 0x0 [0123.304] CFont::SetRatio () returned 0x0 [0123.304] lstrlenA (lpString="Unicorn") returned 7 [0123.305] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x8) returned 0x2a63a50 [0123.305] CFont::QueryInterface () returned 0x0 [0123.305] CFont::Load () returned 0x0 [0123.305] Release () returned 0x1 [0123.305] CFont::QueryInterface () returned 0x0 [0123.305] CFont::FindConnectionPoint () returned 0x0 [0123.305] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x14) returned 0x22e9fc0 [0123.305] CNotifyCP::Advise () returned 0x0 [0123.305] CFont::get_hFont () returned 0x0 [0123.305] CFontEventsCP::Release () returned 0x0 [0123.305] Release () returned 0x1 [0123.305] GetClientRect (in: hWnd=0x2035a, lpRect=0x19fbe0 | out: lpRect=0x19fbe0) returned 1 [0123.305] MapWindowPoints (in: hWndFrom=0x2035a, hWndTo=0x0, lpPoints=0x19fbe0, cPoints=0x2 | out: lpPoints=0x19fbe0) returned 0 [0123.305] EqualRect (lprc1=0x19fbe0, lprc2=0x19fbc0) returned 1 [0123.305] SetEvent (hEvent=0x1ac) returned 1 [0123.305] CPicture::get_hPal () returned 0x0 [0123.305] CPicture::AddRef () returned 0x2 [0123.305] CPicture::get_Type () returned 0x0 [0123.306] CPicture::get_CurDC () returned 0x0 [0123.306] CPicture::AddRef () returned 0x3 [0123.306] CPicture::Release () returned 0x2 [0123.306] CPicture::get_Type () returned 0x0 [0123.306] CPicture::QueryInterface () returned 0x0 [0123.306] CPicture::FindConnectionPoint () returned 0x0 [0123.306] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x10) returned 0x22eb188 [0123.306] CNotifyCP::Advise () returned 0x0 [0123.306] Release () returned 0x2 [0123.306] InvalidateRect (hWnd=0x2035a, lpRect=0x0, bErase=1) returned 1 [0123.306] UpdateWindow (hWnd=0x2035a) returned 1 [0123.306] CPicture::Release () returned 0x1 [0123.306] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0xc5, wParam=0x0, lParam=0x0) returned 0x1 [0123.306] GetFocus () returned 0x0 [0123.306] IsIconic (hWnd=0x2035a) returned 0 [0123.306] IsZoomed (hWnd=0x2035a) returned 0 [0123.306] GetClientRect (in: hWnd=0x2035a, lpRect=0x19fbd4 | out: lpRect=0x19fbd4) returned 1 [0123.306] GetWindow (hWnd=0x2035a, uCmd=0x5) returned 0x50370 [0123.306] GetWindow (hWnd=0x50370, uCmd=0x2) returned 0x70368 [0123.306] GetParent (hWnd=0x50370) returned 0x2035a [0123.306] GetWindow (hWnd=0x70368, uCmd=0x2) returned 0x10382 [0123.306] GetParent (hWnd=0x70368) returned 0x2035a [0123.306] GetWindow (hWnd=0x10382, uCmd=0x2) returned 0x0 [0123.307] GetParent (hWnd=0x10382) returned 0x2035a [0123.307] GetClientRect (in: hWnd=0x2035a, lpRect=0x19f930 | out: lpRect=0x19f930) returned 1 [0123.307] OleTranslateColor () returned 0x0 [0123.307] OleTranslateColor () returned 0x0 [0123.307] OleTranslateColor () returned 0x0 [0123.307] OleTranslateColor () returned 0x0 [0123.307] SetTextColor (hdc=0x72010942, color=0x0) returned 0x0 [0123.307] SetBkColor (hdc=0x72010942, color=0x0) returned 0x0 [0123.308] CPicture::get_Type () returned 0x0 [0123.308] CPicture::get_Type () returned 0x0 [0123.308] CPicture::get_Width () returned 0x0 [0123.308] CPicture::get_Height () returned 0x0 [0123.308] CPicture::get_Attributes () returned 0x0 [0123.308] CPicture::Render () returned 0x0 [0123.310] SetTextColor (hdc=0x72010942, color=0x0) returned 0x0 [0123.310] SetBkColor (hdc=0x72010942, color=0x0) returned 0x0 [0123.310] GetClipBox (in: hdc=0x72010942, lprect=0x19f950 | out: lprect=0x19f950) returned 1 [0123.310] OleTranslateColor () returned 0x0 [0123.310] SetBkColor (hdc=0x72010942, color=0x0) returned 0x0 [0123.311] SetErrorMode (uMode=0x8001) returned 0x8001 [0123.311] LoadLibraryA (lpLibFileName="user32") returned 0x77be0000 [0123.311] SetErrorMode (uMode=0x8001) returned 0x8001 [0123.311] GetProcAddress (hModule=0x77be0000, lpProcName="GetWindowLongA") returned 0x77c11db0 [0123.311] GetWindowLongA (hWnd=0x2035a, nIndex=-20) returned 0 [0123.311] GetLastError () returned 0x0 [0123.311] SetErrorMode (uMode=0x8001) returned 0x8001 [0123.311] LoadLibraryA (lpLibFileName="user32") returned 0x77be0000 [0123.312] SetErrorMode (uMode=0x8001) returned 0x8001 [0123.312] GetProcAddress (hModule=0x77be0000, lpProcName="SetWindowLongA") returned 0x77c051b0 [0123.312] SetWindowLongA (hWnd=0x2035a, nIndex=-20, dwNewLong=524288) returned 0 [0123.312] GetCapture () returned 0x0 [0123.312] GetCapture () returned 0x0 [0123.312] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x7c, wParam=0xffffffec, lParam=0x19f9fc) returned 0x0 [0123.314] GetCapture () returned 0x0 [0123.314] GetCapture () returned 0x0 [0123.314] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x7d, wParam=0xffffffec, lParam=0x19f9fc) returned 0x0 [0123.314] GetLastError () returned 0x0 [0123.314] SetErrorMode (uMode=0x8001) returned 0x8001 [0123.314] LoadLibraryA (lpLibFileName="user32") returned 0x77be0000 [0123.314] SetErrorMode (uMode=0x8001) returned 0x8001 [0123.315] GetProcAddress (hModule=0x77be0000, lpProcName="SetLayeredWindowAttributes") returned 0x77c1f010 [0123.315] SetLayeredWindowAttributes (hwnd=0x2035a, crKey=0xff78ff, bAlpha=0x32, dwFlags=0x2) returned 1 [0123.317] GetLastError () returned 0x0 [0123.317] GetCurrentThreadId () returned 0x15c8 [0123.317] GetWindow (hWnd=0x2035a, uCmd=0x4) returned 0x20344 [0123.317] IsIconic (hWnd=0x20344) returned 0 [0123.317] MonitorFromWindow (hwnd=0x2035a, dwFlags=0x2) returned 0x10001 [0123.317] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x19fb28 | out: lpmi=0x19fb28) returned 1 [0123.317] GetWindowRect (in: hWnd=0x20344, lpRect=0x19fb50 | out: lpRect=0x19fb50) returned 1 [0123.317] SetWindowPos (hWnd=0x2035a, hWndInsertAfter=0x0, X=346, Y=110, cx=0, cy=0, uFlags=0x15) returned 1 [0123.317] GetCapture () returned 0x0 [0123.317] GetCapture () returned 0x0 [0123.317] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x46, wParam=0x0, lParam=0x19fad4) returned 0x0 [0123.319] GetCapture () returned 0x0 [0123.319] GetCapture () returned 0x0 [0123.319] GetParent (hWnd=0x2035a) returned 0x0 [0123.319] GetWindowRect (in: hWnd=0x2035a, lpRect=0x19f680 | out: lpRect=0x19f680) returned 1 [0123.319] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x47, wParam=0x0, lParam=0x19fad4) returned 0x0 [0123.319] GetCapture () returned 0x0 [0123.319] GetCapture () returned 0x0 [0123.319] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x3, wParam=0x0, lParam=0x6e015a) returned 0x0 [0123.319] GetWindowLongA (hWnd=0x2035a, nIndex=-16) returned 100663296 [0123.319] GetClientRect (in: hWnd=0x2035a, lpRect=0x19f6f0 | out: lpRect=0x19f6f0) returned 1 [0123.319] MapWindowPoints (in: hWndFrom=0x2035a, hWndTo=0x0, lpPoints=0x19f6f0, cPoints=0x2 | out: lpPoints=0x19f6f0) returned 7209306 [0123.319] ShowWindow (hWnd=0x2035a, nCmdShow=1) returned 0 [0123.319] GetCapture () returned 0x0 [0123.319] GetCapture () returned 0x0 [0123.319] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0123.319] GetCapture () returned 0x0 [0123.319] GetCapture () returned 0x0 [0123.320] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x46, wParam=0x0, lParam=0x19fb24) returned 0x0 [0123.320] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x46, wParam=0x0, lParam=0x19fb24) returned 0x0 [0123.324] GetCapture () returned 0x0 [0123.324] GetCapture () returned 0x0 [0123.324] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x46, wParam=0x0, lParam=0x19fb24) returned 0x0 [0123.325] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x46, wParam=0x0, lParam=0x19fb24) returned 0x0 [0123.325] GetWindowLongA (hWnd=0x20366, nIndex=0) returned 36576900 [0123.325] GetCapture () returned 0x0 [0123.325] GetCapture () returned 0x0 [0123.325] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0123.325] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0123.325] GetCapture () returned 0x0 [0123.325] GetCapture () returned 0x0 [0123.326] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1 [0123.329] GetCapture () returned 0x0 [0123.329] GetCapture () returned 0x0 [0123.329] IsIconic (hWnd=0x2035a) returned 0 [0123.329] GetFocus () returned 0x0 [0123.330] GetWindowLongA (hWnd=0x50370, nIndex=-16) returned 1140916224 [0123.330] GetWindowLongA (hWnd=0x70368, nIndex=-16) returned 1409351872 [0123.330] IsWindowVisible (hWnd=0x70368) returned 1 [0123.330] IsWindowEnabled (hWnd=0x70368) returned 1 [0123.330] GetParent (hWnd=0x70368) returned 0x2035a [0123.330] IsWindowEnabled (hWnd=0x2035a) returned 1 [0123.330] GetParent (hWnd=0x2035a) returned 0x0 [0123.330] GetWindowLongA (hWnd=0x10382, nIndex=-16) returned 1140916224 [0123.330] GetFocus () returned 0x0 [0123.330] IsWindowEnabled (hWnd=0x70368) returned 1 [0123.330] GetWindowThreadProcessId (in: hWnd=0x70368, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x15c8 [0123.330] GetCurrentThreadId () returned 0x15c8 [0123.330] SetFocus (hWnd=0x70368) returned 0x0 [0123.748] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0123.755] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0123.755] GetFocus () returned 0x70368 [0123.755] GetCaretPos (in: lpPoint=0x19e7d8 | out: lpPoint=0x19e7d8) returned 1 [0123.756] GetFocus () returned 0x70368 [0123.756] GetCaretPos (in: lpPoint=0x19f018 | out: lpPoint=0x19f018) returned 1 [0123.756] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x1 [0123.756] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0x282, wParam=0xa, lParam=0x0) returned 0x0 [0123.757] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0x282, wParam=0xf, lParam=0x60375) returned 0x0 [0123.757] GetFocus () returned 0x70368 [0123.757] GetCaretPos (in: lpPoint=0x19e318 | out: lpPoint=0x19e318) returned 1 [0123.757] GetFocus () returned 0x70368 [0123.757] GetCaretPos (in: lpPoint=0x19eeb8 | out: lpPoint=0x19eeb8) returned 1 [0123.757] GetCapture () returned 0x0 [0123.757] GetCapture () returned 0x0 [0123.758] IsWindow (hWnd=0x70368) returned 1 [0123.758] OleTranslateColor () returned 0x0 [0123.758] OleTranslateColor () returned 0x0 [0123.758] SetTextColor (hdc=0x400108d1, color=0x0) returned 0x0 [0123.758] SetBkColor (hdc=0x400108d1, color=0xffffff) returned 0xffffff [0123.758] OleTranslateColor () returned 0x0 [0123.776] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0x282, wParam=0xb, lParam=0x0) returned 0x0 [0123.776] GetFocus () returned 0x70368 [0123.776] GetCaretPos (in: lpPoint=0x19ee00 | out: lpPoint=0x19ee00) returned 1 [0123.780] GetCapture () returned 0x0 [0123.780] GetCapture () returned 0x0 [0123.780] IsWindow (hWnd=0x70368) returned 1 [0123.780] IsWindow (hWnd=0x70368) returned 1 [0123.781] IsWindowEnabled (hWnd=0x2035a) returned 1 [0123.781] PostMessageA (hWnd=0x2035a, Msg=0x100e, wParam=0xa, lParam=0x0) returned 1 [0123.781] IsIconic (hWnd=0x2035a) returned 0 [0123.781] PostMessageA (hWnd=0x70368, Msg=0x100e, wParam=0x3, lParam=0x0) returned 1 [0123.781] GetFocus () returned 0x70368 [0123.781] GetCaretPos (in: lpPoint=0x19f4ac | out: lpPoint=0x19f4ac) returned 1 [0123.781] PostMessageA (hWnd=0x2035a, Msg=0x105a, wParam=0x0, lParam=0x0) returned 1 [0123.781] GetCapture () returned 0x0 [0123.781] GetCapture () returned 0x0 [0123.782] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0123.782] GetCapture () returned 0x0 [0123.782] GetCapture () returned 0x0 [0123.782] IsIconic (hWnd=0x2035a) returned 0 [0123.782] IsIconic (hWnd=0x2035a) returned 0 [0123.782] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0123.783] GetFocus () returned 0x70368 [0123.783] GetCaretPos (in: lpPoint=0x19f8d4 | out: lpPoint=0x19f8d4) returned 1 [0123.783] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0x14, wParam=0x400108d1, lParam=0x0) returned 0x1 [0123.783] GetFocus () returned 0x70368 [0123.783] GetCaretPos (in: lpPoint=0x19f8d4 | out: lpPoint=0x19f8d4) returned 1 [0123.783] GetCapture () returned 0x0 [0123.783] GetCapture () returned 0x0 [0123.784] GetParent (hWnd=0x2035a) returned 0x0 [0123.784] GetWindowRect (in: hWnd=0x2035a, lpRect=0x19f6d0 | out: lpRect=0x19f6d0) returned 1 [0123.784] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x47, wParam=0x0, lParam=0x19fb24) returned 0x0 [0123.784] GetWindowLongA (hWnd=0x2035a, nIndex=-16) returned 369098752 [0123.784] GetClientRect (in: hWnd=0x2035a, lpRect=0x19f740 | out: lpRect=0x19f740) returned 1 [0123.784] MapWindowPoints (in: hWndFrom=0x2035a, hWndTo=0x0, lpPoints=0x19f740, cPoints=0x2 | out: lpPoints=0x19f740) returned 7209306 [0123.784] GetCapture () returned 0x0 [0123.784] GetCapture () returned 0x0 [0123.784] CPicture::get_Attributes () returned 0x0 [0123.784] IsWindowVisible (hWnd=0x2035a) returned 1 [0123.784] IsIconic (hWnd=0x2035a) returned 0 [0123.784] IsZoomed (hWnd=0x2035a) returned 0 [0123.784] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x5, wParam=0x0, lParam=0x2a902ec) returned 0x0 [0123.784] GetClientRect (in: hWnd=0x2035a, lpRect=0x19f71c | out: lpRect=0x19f71c) returned 1 [0123.784] GetWindow (hWnd=0x2035a, uCmd=0x5) returned 0x50370 [0123.784] GetWindow (hWnd=0x50370, uCmd=0x2) returned 0x70368 [0123.784] GetParent (hWnd=0x50370) returned 0x2035a [0123.784] GetWindow (hWnd=0x70368, uCmd=0x2) returned 0x10382 [0123.784] GetParent (hWnd=0x70368) returned 0x2035a [0123.784] GetWindow (hWnd=0x10382, uCmd=0x2) returned 0x0 [0123.785] GetParent (hWnd=0x10382) returned 0x2035a [0123.785] GetCapture () returned 0x0 [0123.785] GetCapture () returned 0x0 [0123.785] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x3, wParam=0x0, lParam=0x6e015a) returned 0x0 [0123.785] GetCurrentThreadId () returned 0x15c8 [0123.785] PostThreadMessageA (idThread=0x15c8, Msg=0x1069, wParam=0x0, lParam=0x0) returned 1 [0123.785] GetCurrentProcessId () returned 0x1524 [0123.785] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x18) returned 0x22e9fe0 [0123.785] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xc) returned 0x22eb1b8 [0123.785] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0123.786] GetCapture () returned 0x0 [0123.786] GetCapture () returned 0x0 [0123.786] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x88, wParam=0x4, lParam=0x0) returned 0x0 [0123.786] IsWindow (hWnd=0x2035a) returned 1 [0123.786] GetWindowLongA (hWnd=0x2035a, nIndex=-16) returned 369098752 [0123.786] IsIconic (hWnd=0x2035a) returned 0 [0123.786] GetParent (hWnd=0x2035a) returned 0x0 [0123.786] TranslateMessage (lpMsg=0x19fe40) returned 0 [0123.786] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0123.786] GetCapture () returned 0x0 [0123.786] GetCapture () returned 0x0 [0123.786] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0123.790] IsWindow (hWnd=0x70368) returned 1 [0123.790] GetWindowLongA (hWnd=0x70368, nIndex=-16) returned 1409351872 [0123.790] IsIconic (hWnd=0x2035a) returned 0 [0123.790] GetParent (hWnd=0x70368) returned 0x2035a [0123.790] TranslateMessage (lpMsg=0x19fe40) returned 0 [0123.790] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0123.790] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0123.790] IsWindow (hWnd=0x2035a) returned 1 [0123.790] GetWindowLongA (hWnd=0x2035a, nIndex=-16) returned 369098752 [0123.790] IsIconic (hWnd=0x2035a) returned 0 [0123.790] GetParent (hWnd=0x2035a) returned 0x0 [0123.790] TranslateMessage (lpMsg=0x19fe40) returned 0 [0123.790] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0123.790] GetCapture () returned 0x0 [0123.790] GetCapture () returned 0x0 [0123.790] GetActiveWindow () returned 0x2035a [0123.791] GetWindowThreadProcessId (in: hWnd=0x2035a, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x15c8 [0123.791] GetFocus () returned 0x70368 [0123.791] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0123.791] TranslateMessage (lpMsg=0x19fe40) returned 0 [0123.791] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0123.791] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0123.791] IsWindow (hWnd=0x2035a) returned 1 [0123.791] GetWindowLongA (hWnd=0x2035a, nIndex=-16) returned 369098752 [0123.791] IsIconic (hWnd=0x2035a) returned 0 [0123.791] GetParent (hWnd=0x2035a) returned 0x0 [0123.791] TranslateMessage (lpMsg=0x19fe40) returned 0 [0123.791] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0123.792] GetCapture () returned 0x0 [0123.792] GetCapture () returned 0x0 [0123.792] IsIconic (hWnd=0x2035a) returned 0 [0123.792] GetUpdateRect (in: hWnd=0x2035a, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0123.792] BeginPaint (in: hWnd=0x2035a, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0x72010942 [0123.792] IsIconic (hWnd=0x2035a) returned 0 [0123.792] IsIconic (hWnd=0x2035a) returned 0 [0123.792] GetClientRect (in: hWnd=0x2035a, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0123.792] OleTranslateColor () returned 0x0 [0123.792] OleTranslateColor () returned 0x0 [0123.792] OleTranslateColor () returned 0x0 [0123.792] OleTranslateColor () returned 0x0 [0123.792] SetTextColor (hdc=0x72010942, color=0x0) returned 0x0 [0123.792] SetBkColor (hdc=0x72010942, color=0x0) returned 0x0 [0123.792] CPicture::get_Type () returned 0x0 [0123.792] CPicture::get_Type () returned 0x0 [0123.792] CPicture::get_Width () returned 0x0 [0123.792] CPicture::get_Height () returned 0x0 [0123.792] CPicture::get_Attributes () returned 0x0 [0123.792] CPicture::Render () returned 0x0 [0124.291] SetTextColor (hdc=0x72010942, color=0x0) returned 0x0 [0124.291] SetBkColor (hdc=0x72010942, color=0x0) returned 0x0 [0124.291] GetClipBox (in: hdc=0x72010942, lprect=0x19fa20 | out: lprect=0x19fa20) returned 3 [0124.291] SaveDC (hdc=0x72010942) returned 1 [0124.291] SelectObject (hdc=0x72010942, h=0x900015) returned 0x900015 [0124.291] SelectObject (hdc=0x72010942, h=0xb00016) returned 0x42300941 [0124.291] SetROP2 (hdc=0x72010942, rop2=13) returned 13 [0124.291] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0124.292] OleTranslateColor () returned 0x0 [0124.292] OleTranslateColor () returned 0x0 [0124.292] SetTextColor (hdc=0x72010942, color=0xff00ff) returned 0x0 [0124.292] SetBkColor (hdc=0x72010942, color=0xf0f0f0) returned 0x0 [0124.292] SetBkMode (hdc=0x72010942, mode=1) returned 1 [0124.292] SelectObject (hdc=0x72010942, h=0x330a094a) returned 0x40a0934 [0124.292] GetViewportExtEx (in: hdc=0x72010942, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0124.292] GetWindowExtEx (in: hdc=0x72010942, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0124.292] SaveDC (hdc=0x72010942) returned 2 [0124.292] IntersectClipRect (hdc=0x72010942, left=72, top=296, right=769, bottom=385) returned 3 [0124.292] lstrlenA (lpString="Unicorn") returned 7 [0124.292] GetTextMetricsA (in: hdc=0x72010942, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0124.293] GetTextExtentPointA (in: hdc=0x72010942, lpString="Unicorn", c=7, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0124.508] TextOutA (hdc=0x72010942, x=72, y=296, lpString="Unicorn", c=7) returned 1 [0124.509] GetTextExtentPointA (in: hdc=0x72010942, lpString="Unicorn", c=7, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0124.509] RestoreDC (hdc=0x72010942, nSavedDC=-1) returned 1 [0124.509] SetTextColor (hdc=0x72010942, color=0x0) returned 0xff00ff [0124.509] SetBkColor (hdc=0x72010942, color=0x0) returned 0xf0f0f0 [0124.509] SelectObject (hdc=0x72010942, h=0x40a0934) returned 0x330a094a [0124.509] RestoreDC (hdc=0x72010942, nSavedDC=1) returned 1 [0124.509] EndPaint (hWnd=0x2035a, lpPaint=0x19fab0) returned 1 [0124.510] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0124.510] IsWindow (hWnd=0x70368) returned 1 [0124.510] GetWindowLongA (hWnd=0x70368, nIndex=-16) returned 1409351872 [0124.510] IsIconic (hWnd=0x2035a) returned 0 [0124.510] GetParent (hWnd=0x70368) returned 0x2035a [0124.510] TranslateMessage (lpMsg=0x19fe40) returned 0 [0124.510] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0124.510] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0124.511] GetCapture () returned 0x0 [0124.511] GetCapture () returned 0x0 [0124.511] IsWindow (hWnd=0x70368) returned 1 [0124.511] OleTranslateColor () returned 0x0 [0124.511] OleTranslateColor () returned 0x0 [0124.511] SetTextColor (hdc=0x400108d1, color=0x0) returned 0x0 [0124.511] SetBkColor (hdc=0x400108d1, color=0xffffff) returned 0xffffff [0124.511] OleTranslateColor () returned 0x0 [0124.512] GetCapture () returned 0x0 [0124.512] GetCapture () returned 0x0 [0124.512] IsWindow (hWnd=0x70368) returned 1 [0124.512] OleTranslateColor () returned 0x0 [0124.512] OleTranslateColor () returned 0x0 [0124.512] SetTextColor (hdc=0x400108d1, color=0x0) returned 0x0 [0124.512] SetBkColor (hdc=0x400108d1, color=0xffffff) returned 0xffffff [0124.512] OleTranslateColor () returned 0x0 [0124.513] GetFocus () returned 0x70368 [0124.513] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0124.513] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0124.514] IsWindow (hWnd=0x10392) returned 1 [0124.514] GetWindowLongA (hWnd=0x10392, nIndex=-16) returned -1946157056 [0124.514] GetParent (hWnd=0x10392) returned 0x2033a [0124.514] TranslateMessage (lpMsg=0x19fe40) returned 0 [0124.514] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0124.514] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0124.514] GetTickCount () returned 0x1cc76d8 [0124.514] GetTickCount () returned 0x1cc76d8 [0124.514] GetTickCount () returned 0x1cc76d8 [0124.514] CoFreeUnusedLibraries () [0124.514] GetTickCount () returned 0x1cc76d8 [0124.514] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0124.514] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0124.515] WaitMessage () returned 1 [0125.043] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0125.043] IsWindow (hWnd=0x70368) returned 1 [0125.043] GetWindowLongA (hWnd=0x70368, nIndex=-16) returned 1409351872 [0125.043] IsIconic (hWnd=0x2035a) returned 0 [0125.043] GetParent (hWnd=0x70368) returned 0x2035a [0125.043] TranslateMessage (lpMsg=0x19fe40) returned 0 [0125.043] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0125.044] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0125.044] GetTickCount () returned 0x1cc78eb [0125.044] GetTickCount () returned 0x1cc78eb [0125.044] GetTickCount () returned 0x1cc78eb [0125.044] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0125.044] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0125.044] WaitMessage () returned 1 [0125.574] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0125.575] IsWindow (hWnd=0x70368) returned 1 [0125.575] GetWindowLongA (hWnd=0x70368, nIndex=-16) returned 1409351872 [0125.575] IsIconic (hWnd=0x2035a) returned 0 [0125.575] GetParent (hWnd=0x70368) returned 0x2035a [0125.575] TranslateMessage (lpMsg=0x19fe40) returned 0 [0125.575] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0125.576] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0125.576] GetTickCount () returned 0x1cc7afe [0125.576] GetTickCount () returned 0x1cc7afe [0125.576] GetTickCount () returned 0x1cc7afe [0125.576] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0125.576] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0125.576] WaitMessage () returned 1 [0126.094] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0126.094] IsWindow (hWnd=0x70368) returned 1 [0126.094] GetWindowLongA (hWnd=0x70368, nIndex=-16) returned 1409351872 [0126.094] IsIconic (hWnd=0x2035a) returned 0 [0126.094] GetParent (hWnd=0x70368) returned 0x2035a [0126.094] TranslateMessage (lpMsg=0x19fe40) returned 0 [0126.094] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0126.096] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0126.096] GetTickCount () returned 0x1cc7d12 [0126.096] GetTickCount () returned 0x1cc7d12 [0126.096] GetTickCount () returned 0x1cc7d12 [0126.096] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0126.096] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0126.096] WaitMessage () returned 1 [0126.279] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0126.279] IsWindow (hWnd=0x10382) returned 1 [0126.279] GetWindowLongA (hWnd=0x10382, nIndex=-16) returned 1140916224 [0126.279] IsIconic (hWnd=0x2035a) returned 0 [0126.279] GetParent (hWnd=0x10382) returned 0x2035a [0126.279] TranslateMessage (lpMsg=0x19fe40) returned 0 [0126.279] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0126.279] KillTimer (hWnd=0x10382, uIDEvent=0x10382) returned 1 [0126.279] GetLocalTime (in: lpSystemTime=0x19f990 | out: lpSystemTime=0x19f990*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0x13, wMilliseconds=0x383)) [0126.280] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0xfc) returned 0x2a63a60 [0126.280] GetCurrentThreadId () returned 0x15c8 [0126.280] GetCurrentThreadId () returned 0x15c8 [0126.280] GetCurrentThreadId () returned 0x15c8 [0126.280] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xf) returned 0x22eb1d0 [0126.280] SetWindowTextA (hWnd=0x20344, lpString="Kawaii-Unicorn") returned 1 [0126.280] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0xc, wParam=0x0, lParam=0x22eb1d0) returned 0x1 [0126.281] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x1) returned 0x2a63b68 [0126.281] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xf) returned 0x22eb0e0 [0126.282] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xf) returned 0x22eb1a0 [0126.282] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x8, Size=0x15) returned 0x22ea020 [0126.282] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f81c, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-44780.exe")) returned 0x2c [0126.282] lstrcpynA (in: lpString1=0x19f708, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" [0126.282] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned 44 [0126.282] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2d) returned 0x2a63b78 [0126.282] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2d) returned 0x2a63bb0 [0126.282] lstrcpyA (in: lpString1=0x2a63b78, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" [0126.283] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x1b) returned 0x2a63be8 [0126.284] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63bb0 | out: hHeap=0x22e0000) returned 1 [0126.284] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63b78 | out: hHeap=0x22e0000) returned 1 [0126.284] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0126.284] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x695bbc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0126.284] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63be8 | out: hHeap=0x22e0000) returned 1 [0126.285] VarCat (in: pvarLeft=0x19fa50, pvarRight=0x19fa70, pvarResult=0x19fa40 | out: pvarResult=0x19fa40) returned 0x0 [0126.285] VarCat (in: pvarLeft=0x19fa40, pvarRight=0x19fa20, pvarResult=0x19fa30 | out: pvarResult=0x19fa30) returned 0x0 [0126.285] SysStringLen (param_1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe") returned 0x2c [0126.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe", cchWideChar=45, lpMultiByteStr=0x69c964, cbMultiByte=89, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe", lpUsedDefaultChar=0x0) returned 45 [0126.285] lstrcmpA (lpString1="Unicorn", lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe") returned 1 [0126.285] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe") returned 44 [0126.286] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2d) returned 0x2a63b78 [0126.286] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63a50 | out: hHeap=0x22e0000) returned 1 [0126.286] InflateRect (in: lprc=0x19f8e8, dx=0, dy=0 | out: lprc=0x19f8e8) returned 1 [0126.286] InvalidateRect (hWnd=0x2035a, lpRect=0x19f8e8, bErase=1) returned 1 [0126.286] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0126.286] GetFocus () returned 0x70368 [0126.286] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0126.286] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2) returned 0x2a63a50 [0126.286] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0xd, wParam=0x2, lParam=0x2a63a50) returned 0x1 [0126.287] GetFocus () returned 0x70368 [0126.287] GetCaretPos (in: lpPoint=0x19f8d8 | out: lpPoint=0x19f8d8) returned 1 [0126.287] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="0", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0126.287] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="0", cbMultiByte=-1, lpWideCharStr=0x679bc4, cchWideChar=2 | out: lpWideCharStr="0") returned 2 [0126.287] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63a50 | out: hHeap=0x22e0000) returned 1 [0126.287] GetUserDefaultLCID () returned 0x409 [0126.287] VarR8FromStr (in: strIn="0", lcid=0x409, dwFlags=0x0, pdblOut=0x19f9ac | out: pdblOut=0x19f9ac) returned 0x0 [0126.287] GetUserDefaultLCID () returned 0x409 [0126.287] VarBstrFromR8 (in: dblIn=0x0, lcid=0x3ff00000, dwFlags=0x409, pbstrOut=0x0 | out: pbstrOut=0x0) returned 0x0 [0126.287] SysStringLen (param_1="1") returned 0x1 [0126.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1", cchWideChar=2, lpMultiByteStr=0x698744, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="1", lpUsedDefaultChar=0x0) returned 2 [0126.287] SetWindowTextA (hWnd=0x70368, lpString="1") returned 1 [0126.287] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x1 [0126.287] GetFocus () returned 0x70368 [0126.288] GetCaretPos (in: lpPoint=0x19f678 | out: lpPoint=0x19f678) returned 1 [0126.288] lstrlenA (lpString="1") returned 1 [0126.288] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2) returned 0x2a63a50 [0126.288] GetWindowTextA (in: hWnd=0x70368, lpString=0x2a63a50, nMaxCount=2 | out: lpString="0") returned 1 [0126.288] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0xd, wParam=0x2, lParam=0x2a63a50) returned 0x1 [0126.288] GetFocus () returned 0x70368 [0126.288] GetCaretPos (in: lpPoint=0x19f440 | out: lpPoint=0x19f440) returned 1 [0126.288] lstrcmpA (lpString1="0", lpString2="1") returned -1 [0126.288] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63a50 | out: hHeap=0x22e0000) returned 1 [0126.288] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0xc, wParam=0x0, lParam=0x698744) returned 0x1 [0126.289] GetCapture () returned 0x0 [0126.289] GetCapture () returned 0x0 [0126.289] IsWindow (hWnd=0x70368) returned 1 [0126.289] IsWindow (hWnd=0x70368) returned 1 [0126.289] GetCapture () returned 0x0 [0126.289] GetCapture () returned 0x0 [0126.289] IsWindow (hWnd=0x70368) returned 1 [0126.289] IsWindow (hWnd=0x70368) returned 1 [0126.290] GetLocalTime (in: lpSystemTime=0x19ec34 | out: lpSystemTime=0x19ec34*(wYear=0x7e8, wMonth=0x8, wDayOfWeek=0x4, wDay=0x1, wHour=0x11, wMinute=0x20, wSecond=0x13, wMilliseconds=0x383)) [0126.290] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-44780.exe")) returned 0x2c [0126.290] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" [0126.290] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned 44 [0126.290] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2d) returned 0x2a63bb0 [0126.290] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2d) returned 0x2a63be8 [0126.290] lstrcpyA (in: lpString1=0x2a63bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" [0126.292] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x1b) returned 0x2a63c20 [0126.292] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63be8 | out: hHeap=0x22e0000) returned 1 [0126.293] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63bb0 | out: hHeap=0x22e0000) returned 1 [0126.293] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0126.293] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x695bbc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0126.293] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63c20 | out: hHeap=0x22e0000) returned 1 [0126.293] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19eac0, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-44780.exe")) returned 0x2c [0126.293] lstrcpynA (in: lpString1=0x19e9ac, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" [0126.293] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned 44 [0126.293] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2d) returned 0x2a63bb0 [0126.293] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2d) returned 0x2a63be8 [0126.293] lstrcpyA (in: lpString1=0x2a63bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" [0126.295] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xe) returned 0x22eb0f8 [0126.296] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63be8 | out: hHeap=0x22e0000) returned 1 [0126.296] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63bb0 | out: hHeap=0x22e0000) returned 1 [0126.296] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-44780", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0126.296] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-44780", cbMultiByte=-1, lpWideCharStr=0x679dcc, cchWideChar=14 | out: lpWideCharStr="Unicorn-44780") returned 14 [0126.296] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x22eb0f8 | out: hHeap=0x22e0000) returned 1 [0126.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", lpUsedDefaultChar=0x0) returned 45 [0126.296] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", lpFilePart=0x19e9fc*="Unicorn-44780.exe") returned 0x2c [0126.297] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-44780.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0126.297] GetLastError () returned 0x20 [0126.297] GetLastError () returned 0x20 [0126.298] SetLastError (dwErrCode=0x20) [0126.298] GetLastError () returned 0x20 [0126.298] SetLastError (dwErrCode=0x20) [0126.298] GetLastError () returned 0x20 [0126.298] SetLastError (dwErrCode=0x20) [0126.298] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-44780.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0126.298] GetLastError () returned 0x20 [0126.298] GetLastError () returned 0x20 [0126.298] SetLastError (dwErrCode=0x20) [0126.298] GetLastError () returned 0x20 [0126.298] SetLastError (dwErrCode=0x20) [0126.298] GetLastError () returned 0x20 [0126.298] SetLastError (dwErrCode=0x20) [0126.298] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-44780.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0126.298] GetFileType (hFile=0x254) returned 0x1 [0126.298] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x69c9c8 [0126.299] IMalloc:Realloc (This=0x7627fec4, pv=0x0, cb=0x60) returned 0x69ca40 [0126.299] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0126.299] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x75132 [0126.299] SetFilePointer (in: hFile=0x254, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0126.299] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x19ed48 | out: ppsaOut=0x19ed48) returned 0x0 [0126.307] ReadFile (in: hFile=0x254, lpBuffer=0x69caa8, nNumberOfBytesToRead=0x75133, lpNumberOfBytesRead=0x19eb68, lpOverlapped=0x0 | out: lpBuffer=0x69caa8*, lpNumberOfBytesRead=0x19eb68*=0x75132, lpOverlapped=0x0) returned 1 [0126.366] CloseHandle (hObject=0x254) returned 1 [0126.366] IMalloc:Free (This=0x7627fec4, pv=0x69c9c8) [0126.366] VarMod (in: pvarLeft=0x19ed38, pvarRight=0x19ecfc, pvarResult=0x19ed0c | out: pvarResult=0x19ed0c) returned 0x0 [0126.367] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe") returned 44 [0126.367] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2d) returned 0x2a63bb0 [0126.367] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe") returned 44 [0126.367] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0126.367] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe", cbMultiByte=-1, lpWideCharStr=0x69c964, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe") returned 45 [0126.367] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63bb0 | out: hHeap=0x22e0000) returned 1 [0126.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe", cchWideChar=-1, lpMultiByteStr=0x19ea04, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe", lpUsedDefaultChar=0x0) returned 45 [0126.368] GetFullPathNameA (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe", nBufferLength=0x104, lpBuffer=0x19eb34, lpFilePart=0x19e9fc | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe", lpFilePart=0x19e9fc*="Unicorn-21999.exe") returned 0x2c [0126.368] CreateFileA (lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-21999.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x19eaf4, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0126.370] GetFileType (hFile=0x254) returned 0x1 [0126.370] IMalloc:Alloc (This=0x7627fec4, cb=0x69) returned 0x69c9c8 [0126.370] WriteFile (in: hFile=0x254, lpBuffer=0x69caa8*, nNumberOfBytesToWrite=0x75133, lpNumberOfBytesWritten=0x19e760, lpOverlapped=0x0 | out: lpBuffer=0x69caa8*, lpNumberOfBytesWritten=0x19e760*=0x75133, lpOverlapped=0x0) returned 1 [0126.379] CloseHandle (hObject=0x254) returned 1 [0126.524] IMalloc:Free (This=0x7627fec4, pv=0x69c9c8) [0126.525] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe") returned 44 [0126.525] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2d) returned 0x2a63bb0 [0126.525] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe") returned 44 [0126.525] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 45 [0126.525] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe", cbMultiByte=-1, lpWideCharStr=0x69c964, cchWideChar=45 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe") returned 45 [0126.525] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63bb0 | out: hHeap=0x22e0000) returned 1 [0126.525] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec00*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec44 | out: lpCommandLine="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe", lpProcessInformation=0x19ec44*(hProcess=0x258, hThread=0x254, dwProcessId=0x147c, dwThreadId=0x1504)) returned 1 [0126.942] GetLastError () returned 0x715 [0126.943] WaitForInputIdle (hProcess=0x258, dwMilliseconds=0x2710) returned 0x0 [0134.965] CloseHandle (hObject=0x254) returned 1 [0134.965] CloseHandle (hObject=0x258) returned 1 [0134.966] SafeArrayDestroyDescriptor (psa=0x693f68) returned 0x0 [0134.967] GetFocus () returned 0x70368 [0134.967] GetCaretPos (in: lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1 [0134.968] SetTimer (hWnd=0x10382, nIDEvent=0x10382, uElapse=0xbb8, lpTimerFunc=0x0) returned 0x10382 [0134.968] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0135.018] GetCapture () returned 0x0 [0135.018] GetCapture () returned 0x0 [0135.018] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0135.019] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0135.019] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0135.021] GetCapture () returned 0x0 [0135.021] GetCapture () returned 0x0 [0135.021] GetParent (hWnd=0x2035a) returned 0x0 [0135.021] GetWindowRect (in: hWnd=0x2035a, lpRect=0x19f910 | out: lpRect=0x19f910) returned 1 [0135.021] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0135.022] GetWindowLongA (hWnd=0x2035a, nIndex=-16) returned 369098752 [0135.022] GetClientRect (in: hWnd=0x2035a, lpRect=0x19f980 | out: lpRect=0x19f980) returned 1 [0135.022] MapWindowPoints (in: hWndFrom=0x2035a, hWndTo=0x0, lpPoints=0x19f980, cPoints=0x2 | out: lpPoints=0x19f980) returned 7209306 [0135.022] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0135.022] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0135.029] GetCapture () returned 0x0 [0135.029] GetCapture () returned 0x0 [0135.029] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0135.029] GetCapture () returned 0x0 [0135.029] GetCapture () returned 0x0 [0135.029] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x83, wParam=0x1, lParam=0x19fd3c) returned 0x0 [0135.030] NtdllDefWindowProc_A (hWnd=0x20344, Msg=0x46, wParam=0x0, lParam=0x19fd64) returned 0x0 [0135.031] GetCapture () returned 0x0 [0135.031] GetCapture () returned 0x0 [0135.031] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x85, wParam=0x30409e5, lParam=0x0) returned 0x0 [0135.031] GetCapture () returned 0x0 [0135.031] GetCapture () returned 0x0 [0135.031] IsIconic (hWnd=0x2035a) returned 0 [0135.031] IsIconic (hWnd=0x2035a) returned 0 [0135.032] GetCapture () returned 0x0 [0135.032] GetCapture () returned 0x0 [0135.032] GetParent (hWnd=0x2035a) returned 0x0 [0135.032] GetWindowRect (in: hWnd=0x2035a, lpRect=0x19f910 | out: lpRect=0x19f910) returned 1 [0135.032] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x47, wParam=0x0, lParam=0x19fd64) returned 0x0 [0135.032] GetCapture () returned 0x0 [0135.032] GetCapture () returned 0x0 [0135.032] CPicture::get_Attributes () returned 0x0 [0135.032] IsWindowVisible (hWnd=0x2035a) returned 1 [0135.032] IsIconic (hWnd=0x2035a) returned 0 [0135.032] IsZoomed (hWnd=0x2035a) returned 0 [0135.032] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x5, wParam=0x0, lParam=0x2a902ec) returned 0x0 [0135.033] GetClientRect (in: hWnd=0x2035a, lpRect=0x19f3f0 | out: lpRect=0x19f3f0) returned 1 [0135.033] GetWindow (hWnd=0x2035a, uCmd=0x5) returned 0x50370 [0135.033] GetWindow (hWnd=0x50370, uCmd=0x2) returned 0x70368 [0135.033] GetParent (hWnd=0x50370) returned 0x2035a [0135.033] GetWindow (hWnd=0x70368, uCmd=0x2) returned 0x10382 [0135.033] GetParent (hWnd=0x70368) returned 0x2035a [0135.033] GetWindow (hWnd=0x10382, uCmd=0x2) returned 0x0 [0135.033] GetParent (hWnd=0x10382) returned 0x2035a [0135.033] GetWindowLongA (hWnd=0x2035a, nIndex=-16) returned 369098752 [0135.033] GetClientRect (in: hWnd=0x2035a, lpRect=0x19f980 | out: lpRect=0x19f980) returned 1 [0135.033] MapWindowPoints (in: hWndFrom=0x2035a, hWndTo=0x0, lpPoints=0x19f980, cPoints=0x2 | out: lpPoints=0x19f980) returned 7209306 [0135.071] IsWindow (hWnd=0x2035a) returned 1 [0135.071] GetWindowLongA (hWnd=0x2035a, nIndex=-16) returned 369098752 [0135.071] IsIconic (hWnd=0x2035a) returned 0 [0135.071] GetParent (hWnd=0x2035a) returned 0x0 [0135.071] TranslateMessage (lpMsg=0x19fe40) returned 0 [0135.071] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0135.071] GetCapture () returned 0x0 [0135.071] GetCapture () returned 0x0 [0135.071] IsIconic (hWnd=0x2035a) returned 0 [0135.071] GetUpdateRect (in: hWnd=0x2035a, lpRect=0x19fb0c, bErase=0 | out: lpRect=0x19fb0c) returned 1 [0135.071] BeginPaint (in: hWnd=0x2035a, lpPaint=0x19fab0 | out: lpPaint=0x19fab0) returned 0x72010942 [0135.072] GetCapture () returned 0x0 [0135.072] GetCapture () returned 0x0 [0135.072] NtdllDefWindowProc_A (hWnd=0x2035a, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0135.072] GetCapture () returned 0x0 [0135.072] GetCapture () returned 0x0 [0135.072] IsIconic (hWnd=0x2035a) returned 0 [0135.072] IsIconic (hWnd=0x2035a) returned 0 [0135.072] IsIconic (hWnd=0x2035a) returned 0 [0135.072] IsIconic (hWnd=0x2035a) returned 0 [0135.072] GetClientRect (in: hWnd=0x2035a, lpRect=0x19f8a8 | out: lpRect=0x19f8a8) returned 1 [0135.072] OleTranslateColor () returned 0x0 [0135.072] OleTranslateColor () returned 0x0 [0135.072] OleTranslateColor () returned 0x0 [0135.072] OleTranslateColor () returned 0x0 [0135.072] SetTextColor (hdc=0x72010942, color=0x0) returned 0x0 [0135.073] SetBkColor (hdc=0x72010942, color=0x0) returned 0x0 [0135.073] CPicture::get_Type () returned 0x0 [0135.073] CPicture::get_Type () returned 0x0 [0135.073] CPicture::get_Width () returned 0x0 [0135.073] CPicture::get_Height () returned 0x0 [0135.073] CPicture::get_Attributes () returned 0x0 [0135.073] CPicture::Render () returned 0x0 [0135.094] SetTextColor (hdc=0x72010942, color=0x0) returned 0x0 [0135.094] SetBkColor (hdc=0x72010942, color=0x0) returned 0x0 [0135.094] GetClipBox (in: hdc=0x72010942, lprect=0x19fa20 | out: lprect=0x19fa20) returned 3 [0135.094] SaveDC (hdc=0x72010942) returned 1 [0135.094] SelectObject (hdc=0x72010942, h=0x900015) returned 0x900015 [0135.094] SelectObject (hdc=0x72010942, h=0xb00016) returned 0x42300941 [0135.094] SetROP2 (hdc=0x72010942, rop2=13) returned 13 [0135.094] IntersectRect (in: lprcDst=0x19fa10, lprcSrc1=0x19fa30, lprcSrc2=0x19fa20 | out: lprcDst=0x19fa10) returned 1 [0135.094] OleTranslateColor () returned 0x0 [0135.094] OleTranslateColor () returned 0x0 [0135.094] SetTextColor (hdc=0x72010942, color=0xff00ff) returned 0x0 [0135.094] SetBkColor (hdc=0x72010942, color=0xf0f0f0) returned 0x0 [0135.094] SetBkMode (hdc=0x72010942, mode=1) returned 1 [0135.094] SelectObject (hdc=0x72010942, h=0x330a094a) returned 0x40a0934 [0135.094] GetViewportExtEx (in: hdc=0x72010942, lpsize=0x19f8e4 | out: lpsize=0x19f8e4) returned 1 [0135.094] GetWindowExtEx (in: hdc=0x72010942, lpsize=0x19f8ec | out: lpsize=0x19f8ec) returned 1 [0135.094] SaveDC (hdc=0x72010942) returned 2 [0135.094] IntersectClipRect (hdc=0x72010942, left=72, top=296, right=769, bottom=385) returned 3 [0135.094] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe") returned 44 [0135.094] GetTextMetricsA (in: hdc=0x72010942, lptm=0x19f89c | out: lptm=0x19f89c) returned 1 [0135.603] GetTextExtentPointA (in: hdc=0x72010942, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0135.604] TextOutA (hdc=0x72010942, x=72, y=296, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe", c=44) returned 1 [0135.604] GetTextExtentPointA (in: hdc=0x72010942, lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-21999.exe", c=44, lpsz=0x19f84c | out: lpsz=0x19f84c) returned 1 [0135.604] RestoreDC (hdc=0x72010942, nSavedDC=-1) returned 1 [0135.604] SetTextColor (hdc=0x72010942, color=0x0) returned 0xff00ff [0135.604] SetBkColor (hdc=0x72010942, color=0x0) returned 0xf0f0f0 [0135.604] SelectObject (hdc=0x72010942, h=0x40a0934) returned 0x330a094a [0135.604] RestoreDC (hdc=0x72010942, nSavedDC=1) returned 1 [0135.605] EndPaint (hWnd=0x2035a, lpPaint=0x19fab0) returned 1 [0135.619] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0135.619] IsWindow (hWnd=0x70368) returned 1 [0135.619] GetWindowLongA (hWnd=0x70368, nIndex=-16) returned 1409351872 [0135.619] IsIconic (hWnd=0x2035a) returned 0 [0135.619] GetParent (hWnd=0x70368) returned 0x2035a [0135.619] TranslateMessage (lpMsg=0x19fe40) returned 0 [0135.619] DispatchMessageA (lpMsg=0x19fe40) returned 0x1 [0135.620] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0xf, wParam=0x0, lParam=0x0) returned 0x1 [0135.620] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0135.620] GetFocus () returned 0x70368 [0135.620] GetCaretPos (in: lpPoint=0x19f58c | out: lpPoint=0x19f58c) returned 1 [0135.621] CallWindowProcA (lpPrevWndFunc=0x77e75680, hWnd=0x70368, Msg=0x14, wParam=0x3010a55, lParam=0x0) returned 0x1 [0135.621] GetFocus () returned 0x70368 [0135.621] GetCaretPos (in: lpPoint=0x19f58c | out: lpPoint=0x19f58c) returned 1 [0135.621] GetCapture () returned 0x0 [0135.621] GetCapture () returned 0x0 [0135.621] IsWindow (hWnd=0x70368) returned 1 [0135.621] OleTranslateColor () returned 0x0 [0135.621] OleTranslateColor () returned 0x0 [0135.621] SetTextColor (hdc=0x3010a55, color=0x0) returned 0x0 [0135.621] SetBkColor (hdc=0x3010a55, color=0xffffff) returned 0xffffff [0135.621] OleTranslateColor () returned 0x0 [0135.622] GetCapture () returned 0x0 [0135.622] GetCapture () returned 0x0 [0135.622] IsWindow (hWnd=0x70368) returned 1 [0135.622] OleTranslateColor () returned 0x0 [0135.622] OleTranslateColor () returned 0x0 [0135.622] SetTextColor (hdc=0x3010a55, color=0x0) returned 0x0 [0135.622] SetBkColor (hdc=0x3010a55, color=0xffffff) returned 0xffffff [0135.622] OleTranslateColor () returned 0x0 [0135.623] GetFocus () returned 0x70368 [0135.623] GetCaretPos (in: lpPoint=0x19fb4c | out: lpPoint=0x19fb4c) returned 1 [0135.623] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0135.623] IsWindow (hWnd=0x50370) returned 1 [0135.623] GetWindowLongA (hWnd=0x50370, nIndex=-16) returned 1140916224 [0135.623] IsIconic (hWnd=0x2035a) returned 0 [0135.623] GetParent (hWnd=0x50370) returned 0x2035a [0135.623] TranslateMessage (lpMsg=0x19fe40) returned 0 [0135.623] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0135.623] KillTimer (hWnd=0x50370, uIDEvent=0x50370) returned 1 [0135.624] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-44780.exe")) returned 0x2c [0135.624] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" [0135.624] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned 44 [0135.624] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2d) returned 0x2a63bb0 [0135.624] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2d) returned 0x2a63be8 [0135.624] lstrcpyA (in: lpString1=0x2a63bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" [0135.625] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x1b) returned 0x2a63c20 [0135.625] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63be8 | out: hHeap=0x22e0000) returned 1 [0135.626] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63bb0 | out: hHeap=0x22e0000) returned 1 [0135.626] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0135.626] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="C:\\Users\\OqXZRaykm\\Desktop", cbMultiByte=-1, lpWideCharStr=0x695bbc, cchWideChar=27 | out: lpWideCharStr="C:\\Users\\OqXZRaykm\\Desktop") returned 27 [0135.626] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63c20 | out: hHeap=0x22e0000) returned 1 [0135.626] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19f824, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\unicorn-44780.exe")) returned 0x2c [0135.626] lstrcpynA (in: lpString1=0x19f710, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe", iMaxLength=260 | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" [0135.626] lstrlenA (lpString="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned 44 [0135.626] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2d) returned 0x2a63bb0 [0135.626] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0x2d) returned 0x2a63be8 [0135.626] lstrcpyA (in: lpString1=0x2a63bb0, lpString2="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" | out: lpString1="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe") returned="C:\\Users\\OqXZRaykm\\Desktop\\Unicorn-44780.exe" [0135.626] RtlAllocateHeap (HeapHandle=0x22e0000, Flags=0x0, Size=0xe) returned 0x22eb110 [0135.627] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63be8 | out: hHeap=0x22e0000) returned 1 [0135.627] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x2a63bb0 | out: hHeap=0x22e0000) returned 1 [0135.627] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-44780", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 14 [0135.627] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Unicorn-44780", cbMultiByte=-1, lpWideCharStr=0x679dcc, cchWideChar=14 | out: lpWideCharStr="Unicorn-44780") returned 14 [0135.627] HeapFree (in: hHeap=0x22e0000, dwFlags=0x0, lpMem=0x22eb110 | out: hHeap=0x22e0000) returned 1 [0135.629] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0135.629] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x698744, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0135.629] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0135.630] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x963caf, ExceptionRecord=0x0, ReturnValue=0x0) [0135.630] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0135.630] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr="Vb1", cbMultiByte=-1, lpWideCharStr=0x679dcc, cchWideChar=4 | out: lpWideCharStr="Vb1") returned 4 [0135.630] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x19ed04) [0135.630] RtlUnwind (TargetFrame=0x19fa80, TargetIp=0x963caf, ExceptionRecord=0x0, ReturnValue=0x0) [0135.630] SetTimer (hWnd=0x50370, nIDEvent=0x50370, uElapse=0x2328, lpTimerFunc=0x0) returned 0x50370 [0135.631] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 0 [0135.631] GetTickCount () returned 0x1cca24d [0135.631] GetTickCount () returned 0x1cca24d [0135.631] GetTickCount () returned 0x1cca24d [0135.631] PeekMessageA (in: lpMsg=0x19fda4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fda4) returned 0 [0135.631] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19fe40) returned 0 [0135.631] WaitMessage () returned 1 [0136.142] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x19fe40) returned 1 [0136.142] IsWindow (hWnd=0x70368) returned 1 [0136.143] GetWindowLongA (hWnd=0x70368, nIndex=-16) returned 1409351872 [0136.143] IsIconic (hWnd=0x2035a) returned 0 [0136.143] GetParent (hWnd=0x70368) returned 0x2035a [0136.143] TranslateMessage (lpMsg=0x19fe40) returned 0 [0136.143] DispatchMessageA (lpMsg=0x19fe40) returned 0x0 [0136.143] PeekMessageA (in: lpMsg=0x19fe40, hWnd=0x0, wMsgFilterMin=0x0,